Cyber risk assessment of cyber-enabled autonomous cargo vessel

The increasing interest in autonomous ships within the maritime industry is driven by the pursuit of revenue optimization, operational efficiency, safety improvement and going greener. However, the industry’s increasing reliance on emerging technologies for the development of autonomous ships extends the attack surface, leaving the underlying ship systems vulnerable to potential exploitation by malicious actors. In response to these emerging challenges, this research extends an existing cyber risk assessment approach called FMECA-ATT&CK based on failure modes, effects and criticality analysis (FMECA), and the MITRE ATT&CK framework. As a part of our work, we have expanded the FMECA-ATT&CK approach to assessing cyber risks related to systems with artificial intelligence components in cyber-enabled autonomous ships (e.g. autonomous engine monitoring and control). This new capability was developed using the information and semantics encoded in the MITRE ATLAS framework. FMECA-ATT&CK has been adopted due to its comprehensive and adaptable nature and its promising venue for supporting continuous cyber risk assessment. It helps evaluate the cyber risks associated with the complex and state-of-the-art operational technologies on board autonomous ships. The cyber risk assessment approach assists cybersecurity experts in aligning mitigation strategies for the cyber defence of autonomous ships. It also contributes towards advancing overall cybersecurity in the maritime industry and ensures the safe and secure sailing of autonomous ships. Our key findings after applying the proposed approach against a model of an autonomous cargo ship is the identification of the Navigation Situation Awareness System (NSAS) of the ship as being at the highest risk followed by the Autonomous Engine Monitoring and Control (AEMC) system. Additionally, we identified 3 high, 48 medium, and 5776 low risks across 29 components.