close
Skip to main page content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Access keys NCBI Homepage MyNCBI Homepage Main Content Main Navigation
. 2021 May 4;21(9):3195.
doi: 10.3390/s21093195.

A Triggering Mechanism for Cyber-Attacks in Naval Sensors and Systems

Walmor Cristino Leite Junior  1 Claudio Coreixas de Moraes  2   3 Carlos E P de Albuquerque  4 Raphael Carlos Santos Machado  4   5 Alan Oliveira de Sá  6
Affiliations

A Triggering Mechanism for Cyber-Attacks in Naval Sensors and Systems

Walmor Cristino Leite Junior et al. Sensors (Basel). .

Abstract

In the maritime sector, the integration of radar systems, Automatic Identification System (AIS) and Electronic Chart Display and Information System (ECDIS) through digital technologies enables several benefits to maritime operations, but also make ships prone to cyberattacks. In this context, this work investigates the feasibility of an attacker using a radar system or AIS as open door to remotely send commands to a cyber threat hosted on a ship, even if the ship's systems are air gapped-i.e., are not connected to other networks. The received commands are intended to trigger a cyber threat located in the ship. Although the literature covers several analyzes on cyber risks and vulnerabilities in naval systems, it lacks exploiting mechanisms capable of acknowledging attack commands received through radar and AIS. To this end, this work proposes a triggering mechanism that uses a template matching technique to detect specific patterns transmitted by the attacker to the ship's radar or AIS. The results show the effectiveness of the proposed technique as a tool to acknowledge the received attack commands and activate a malicious code previously installed on the ship. In the case of attacks on a radar system, the accuracy achieved by the proposed method is 0.90. In the case of attacks on an AIS/ECDIS setup it presents an accuracy of 0.93. In both cases the proposed mechanism maintains the due safety against accidental attack activations.

Keywords: automatic identification system; cybersecurity; electronic attack; electronic chart display and information system; radar; template matching.

PubMed Disclaimer

Conflict of interest statement

The authors declare no conflict of interest. The funders had no role in the design of the study; in the collection, analyses, or interpretation of data; in the writing of the manuscript, or in the decision to publish the results.

Figures

Figure 1
Figure 1
Attack model in: (a) a radar system; (b) an AIS/ECDIS setup.
Figure 2
Figure 2
Linking mechanism between EW and CW domains.
Figure 3
Figure 3
Representation of radar PPI screen with a triggering command (set of false echoes received due to an EA).
Figure 4
Figure 4
Example of a template matching.
Figure 5
Figure 5
Example of a typical ECDIS screen displaying received AIS data.
Figure 6
Figure 6
ECDIS screen displaying five false ships (green triangles with projected green lines) whose data was received through forged AIS messages.
Figure 7
Figure 7
Triggering mechanism implementation in Python.
Figure 8
Figure 8
Flowchart of the triggering mechanism.
Figure 9
Figure 9
Examples of real positive cases where the attack command is displayed in the radar PPI.
Figure 10
Figure 10
Examples of real negative cases where the attack command is not displayed in the PPI.
Figure 11
Figure 11
Performance of the triggering mechanism in attacks to a radar system.
Figure 12
Figure 12
ROC curve of the triggering mechanism in a radar system.
Figure 13
Figure 13
Template with five false AIS plots.
Figure 14
Figure 14
Performance of the triggering mechanism in attacks to an AIS/ECDIS system.
Figure 15
Figure 15
ROC curve of the triggering mechanism in an AIS/ECDIS setup.
Figure 16
Figure 16
Template with five false AIS plots randomly distributed.
Figure 17
Figure 17
Examples of scenarios where the attack command is the set of five false AIS plots shown in Figure 16 (randomly distributed).
See this image and copyright information in PMC

References

    1. Ruffle S., Coburn A., Skelton A., Evan T., Kesaite V., Coppack L., Maynard T. Steering the Course—A Different Approach to Modelling Marine Risk. Society & Security, Centre for Risk Studies (University of Cambridge); Cambridge, UK: Lloyd’s; London, UK: 2018. Emerging Risk Report.
    1. Daffron J., Ruffle S., Andrew C., Copic J., Quantrill K. Bashe Attack: Global Infection by Contagious Malware. Centre for Risk Studies (University of Cambridge); Cambridge, UK: Lloyd’s of London; London, UK: Nanyang Technological University; Singapore: 2019.
    1. Kavallieratos G., Diamantopoulou V., Katsikas S.K. Shipping 4.0: Security Requirements for the Cyber-Enabled Ship. IEEE Trans. Ind. Inform. 2020;16:6617–6625. doi: 10.1109/TII.2020.2976840. - DOI
    1. Lund M.S., Gulland J.E., Hareide O.S., Josok E., Weum K.O.C. Integrity of Integrated Navigation Systems; Proceedings of the 2018 IEEE Conference on Communications and Network Security (CNS); Beijing, China. 30 May–1 June 2018; pp. 1–5.
    1. International Maritime Organization (IMO) Facilitation Committee and Maritime Safety Committee. Guidelines on Mari-Time Cyber Risk Management (MSC-FAL.1/Circ.3, 5.7.2017) International Maritime Organization (IMO); London, UK: 2017.

LinkOut - more resources