Abstract
The increasing reliance on digital and automated systems in the maritime industry has introduced significant cybersecurity risks to ship operations. While prior research has examined cyber risk management, systematic modeling of attack scenarios remains limited. This study addresses this gap by employing attack trees to systematically analyze potential cyberattack pathways against modern ships. Drawing insights from the literature and interviews with 10 experts, this research identifies key vulnerabilities in navigation, operational, and communication systems. The study outlines 20 attack scenarios across three primary objectives: crashing, capsizing, and immobilizing a ship. Expert validation emphasizes the real-world feasibility of these threats, with cyberattack scenarios involving crashing and immobilization deemed the most plausible, while capsizing was considered unlikely due to robust ship designs. The findings highlight the importance of strengthening network security, implementing redundancy measures, and enhancing crew training to mitigate cyber risks.in Expert feedback helped validate these insights, underscoring their relevance to real-world maritime operations. This research presents a systematic threat modeling framework that supports effective risk assessment and cybersecurity strategy development, offering a valuable contribution to the advancement of maritime cybersecurity practices.
| Original language | English (US) |
|---|---|
| Article number | 645 |
| Journal | Journal of Marine Science and Engineering |
| Volume | 13 |
| Issue number | 4 |
| DOIs | |
| State | Published - Apr 2025 |
| Externally published | Yes |
Keywords
- attack trees
- cyber threats
- maritime cybersecurity
- operational technology (OT)
- ship systems
- threat modeling
ASJC Scopus subject areas
- Civil and Structural Engineering
- Water Science and Technology
- Ocean Engineering