Cyber Security in Transport

Year
2016
Author(s)
Rakesh Burgul - International Nuclear Services Risley, Warrington Cheshire United Kingdom
File Attachment
F4033.pdf115.74 KB
Abstract
Cyber security is the body of technologies, processes and practices designed to protect networks, computers, programs and data from attack, damage or unauthorized access.Whilst the layman’s view of cyber security tends to involve purely technical disciplines, in actual fact, it is everything that contributes to the protection of systems and data. For example, security culture is a key security control in cyber security and relates to the proper behaviour of individuals in protecting systems and data.This paper will focus on the relatively new specialism of Maritime Cyber Security (MCS) and will discuss whether cyber security is an issue that nuclear transporters should be worried about. In doing so, it will be necessary to discuss potential consequences of successful or even unsuccessful cyber-attacks.It will also discuss the potential threats to the maritime industry and will opine on the probability of such threats manifesting.The paper will detail potential vulnerabilities for ships systems and illustrate these through the use of examples of maritime cyber-attacks that have already occurred. Research work that has already been carried out will be referred to which demonstrates clear vulnerabilities in various ships systems such as GPS, SatCom and AIS. In addition, novel and asymmetric attack possibilities such as the hacking of ships WiFi systems, USB malware attacks and Supply Chain attacks will be discussed. In principle, all these attack vectors are already known about within the context of conventional IT networks and Industrial Control Systems and there is nothing particularly different from a technical perspective where transports are concerned. However, cyber-attacks on transport mechanisms or mechanisms which support transport may require some lateral thinking on the part of the defender due to the changing nature of, for example, a ships surroundings.This paper will propose a four-phased approach to resolving such issues in non-conventional networks and industrial settings.Whilst this paper deals primarily with Maritime Cyber Security, it will finish by establishing that the attack vectors, security principles and mitigations discussed may be equally applicable to other modes of transport such as land and air.