The advancement of the maritime industry towards technologically integrated and automated systems has significantly increased the complexity of onboard Industrial Control Systems (ICS), raising concerns about cybersecurity risks. In this paper, we examine typical onboard ICS configurations through an adversarial lens. We introduce a threat model that leverages domain -specific peculiarities, e.g., maritime protocols, and targets vulnerability vectors to execute software attacks against the infrastructures of shipboard ICS. This includes a case study on a critical subsystem of ship machinery: the steering gear system. We have developed a novel attack methodology intended for use by targeted malware. A comprehensive experimental assessment confirms the feasibility of attacks devised according to our methodology.

Physics-aware targeted attacks against maritime industrial control systems / Longo, Giacomo; Lupia, Francesco; Pugliese, Andrea; Russo, Enrico. - In: JOURNAL OF INFORMATION SECURITY AND APPLICATIONS. - ISSN 2214-2126. - 82:(2024). [10.1016/j.jisa.2024.103724]

Physics-aware targeted attacks against maritime industrial control systems

Giacomo Longo;
2024

Abstract

The advancement of the maritime industry towards technologically integrated and automated systems has significantly increased the complexity of onboard Industrial Control Systems (ICS), raising concerns about cybersecurity risks. In this paper, we examine typical onboard ICS configurations through an adversarial lens. We introduce a threat model that leverages domain -specific peculiarities, e.g., maritime protocols, and targets vulnerability vectors to execute software attacks against the infrastructures of shipboard ICS. This includes a case study on a critical subsystem of ship machinery: the steering gear system. We have developed a novel attack methodology intended for use by targeted malware. A comprehensive experimental assessment confirms the feasibility of attacks devised according to our methodology.
2024
Physics-awareness; Targeted attacks; Process mining; Maritime industry; Industrial control systems
01 Pubblicazione su rivista::01a Articolo in rivista
Physics-aware targeted attacks against maritime industrial control systems / Longo, Giacomo; Lupia, Francesco; Pugliese, Andrea; Russo, Enrico. - In: JOURNAL OF INFORMATION SECURITY AND APPLICATIONS. - ISSN 2214-2126. - 82:(2024). [10.1016/j.jisa.2024.103724]
File allegati a questo prodotto
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11573/1709686
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 0
  • ???jsp.display-item.citation.isi??? 0
social impact