2017 International Conference on Computational Science and Computational Intelligence

A platform for raising awareness on cyber security

in a maritime context
Thomas Becmeur∗ , Xavier Boudvin∗ , David Brosset∗ Olivier Jacq∗ † , Yvon Kermarrec∗† ,
Gaël Héno∗ , Thibaud Merien ∗ Bastien Sultan ∗†
∗ Ecole Navale - French Naval Academy - 29460 Lanveoc, France IMT Atlantique - 29238 Brest, France
[email protected] [email protected]

Abstract—In this paper, we present a platform we have of wreckage on the fragile maritime environment. We all
designed and built in order to raise awareness on cyber security know the ecological disasters that have been triggered by
issues for stakeholders involved in a maritime context (e.g., ship oil spills from damaged tankers and the impact on human
officers, pilots, crew, harbor agents, officers in training), and
to support our research in the context of a strong partnership casualties and deaths when a ship sinks. The cost of a ship
with industry and academy. Maritime traffic contributes to a wreckage is, of course, proportional to its size ; regulators and
very large extent to the trade and exchange of goods between insurance companies have contributed to safer seas with new
countries and continents. For decades, security on the boat constraints on boat structure resistance and resilience, with
was restricted to fire prevention and the avoidance of pirates. maritime routes that are closely monitored and controlled or
Internet and computer-based systems inside the boats have
changed the relative quietness of a ship at sea to deal with new with high penalties when these rules are not observed. From
challenges and threats, viruses, cyber attacks, remote operation the early days, piracy has plagued ancient Egypt or Phoenicia
and control, etc. Even when in a harbor, a ship appears as and was initiated by individuals or supported by national
very vulnerable as it relies on information systems that can be agencies, to ensure control of the commercial traffic or to rob
corrupted. Ensuring security and protection of a ship when valuable cargoes. Piracy is still active in specific regions of
at sea or by the coastline raise numerous challenges, as the
ship design did not anticipate impacts of recent omnipresence the globe, where a crippled government/administration cannot
of information and communication technologies. In this paper, ensure navigation safety and geographical constraints (e.g., a
we present our current platform, its rationale and the initial strait or shallow water) require a ship to operate by the coast
feedback we have obtained when teaching cyber security and line. Ship piracy has also evolved with the information and
presenting cyber risks. We also detail how we used it to detect communication technologies and new forms of threats arise
potential attacks.
due to the ubiquitous internet on board the vessels: a ’remote’
Keywords: ICS, SCADA, raising awareness, education, pirate can gain control and operate a ship as what we have
detection of potential attacks seen with cars on highways ; a pirate can also forge and send
false signals (e.g.; GPS) or alter electronic navigation maps
so that a ship can be trapped [7] [6]. These new forms of
I. I NTRODUCTION piracy have raised concerned at the international level (e.g.;
Both civilian and military ships are present on the various IMO or International Maritime Organization and the insurance
seas and oceans and handle a large extent in the exchange companies).The IMO indicates in [3] ”Risks can result from
of goods in international trade. Ships also ensure to a large improper integration of cyber systems, the unexpected and
extent to travelers’ mobility with ferry boats and giant cruise unintended consequences of system updates, the interactions
vessels, which can navigate with more than 6,000 passengers between the cyber systems of ships and ports, or the malicious
and about 2,000 crew members. A ship can be considered as a attacks and threats from outside sources”.
’factory’ on its own. There is a huge diversity of both mission In this context, 2 academic institutions (the French Naval
and functionality provided by a ship which must assemble nu- Academy and IMT Atlantique) and 2 major industries (Thales
merous systems (mechanical, computer and electronic- based, and Naval Group) have joined their forces in order to investi-
engines and propulsion, etc.) to support them. These make it gate new approaches for detecting and preventing cyber attacks
possible to build larger, faster and more powerful ships that in the maritime context, to implement them as prototypes and
can carry thousands of containers (18,000 containers for the to evaluate them. The objectives of this venture are twofold:
largest ship) through continents or thousands of travelers for a research concern in order to enhance security for ships and
cruises on almost every sea of the world. About 90 per cent naval infrastructure, and an educational target in order to raise
of the volume of world trade (oil, cereals and other numerous awareness for the current and future maritime stakeholders
vital goods for industries and people) takes place by the sea. (e.g.; officers, crew, and students in training).
Ships provide reliable and on-time delivery of goods that can In this paper, we present a platform that we have designed
feed people and also ensure the functional supply chains of and built for these purposes, and the initial results and
factories. outcomes we have obtained. In the first section, we present
Security has always been a concern in the ship industry, the rationale and our motivation for building our platform
because of the values of the conveyed goods and the impact and proof of concept. In the second section, we describe its

978-1-5386-2652-8/17 $31.00 © 2017 IEEE 103

DOI 10.1109/CSCI.2017.17
components and how they fulfill our objectives and rationale. students and other interns can experiment and integrate
In the third section, we highlight a specific extension of our their proposals and evaluate them.
generic platform that has been performed to detect anomalies • Creation of data repositories: a ship contains vulnerable
and possible attacks. In the final section, we conclude with a pieces of equipment and their constituent parts or soft-
survey of our current activities and the future plans we have ware configuration present major risks if this information
as perspectives to enhance our current implemented platform. is made public. Obtaining data on ICS on a ship is
therefore difficult and almost impossible. Moreover, data
II. OUR DESIGN CRITERIA FOR A MARITIME are needed to compare and evaluate approaches and
PLATFORM algorithms that we design. Another side objective is to
collect data from the platform when running various
As indicated, our aim is dual when designing our platform scenarios and to be stored in repositories. This data will
: it should have an educational concern since it will be used then be used by our team members for evaluation and
to raise awareness on cyber security in the maritime context might be shared within the community.
and it should also allow us to implement and evaluate new • Usability in an education context. We intend to schedule
algorithms and approaches to detect anomalies and attacks that labs and involve students in projects, so that they can
can put a ship in jeopardy or destroy it. Our design criteria experiment and investigate security issues by using our
and requirements are as follows: platform. This requires debugging and visualization tools
• Similarity to existing ships and naval systems: this con- so that their software or hardware development can be
stitutes our major criterion as we need to raise attention successful: we need for example to dump and control
and awareness within the naval community. A ship is, of memory segments in the ICS controller, capture and an-
course, a large and complex system made of thousands alyze the network packets in transit, collect and establish
of hardware and software components that interact to a global view of the system through a control panel.
ensure the different missions of a ship. This complexity All these services constitute a large environment and we
prevents us from reproducing such a complete system as need to develop them with an incremental approach and
it would have been beyond the capacity of our team and capitalize on the existing tools and adapt them if needed.
would also impact the demonstrative objective we have
to present a small scale and explicit system to the sailors
and maritime stakeholders. This requires us to select III. OUR PLATFORM
adequate components and we chose industrial control
systems (ICS) and SCADA that are installed on board A. Our naval platform
a ship, so that actors can understand what is involved To meet these requirements we have selected 2 subsystems
and how to deal with a crisis. that we can find on any ship and which provide critical
• Integration of Industrial control systems and SCADA: on functions for sailors:
commercial ships and even the largest ones, crew reduc-
tion was motivated by costs and also by the availability of • The propulsion and the engine control. A propeller is
control systems that can replace some tasks performed by the key component of this sub-system inside a boat. In
humans traditionally. For example, the largest container our platform, we have duplicated the component so as to
carrier ’le Bougainville’ is operated by a crew of 26 simulate a large boat with two distinct and autonomous
members only. A ship integrates several ICS (to operate engines. Because of cost constraints, we have replaced
the anchor, to open valves in pipes, etc.) and appears in a the propeller with a computer fan (and even if their
way like a classic factory, except that it is located at sea destination is quite different, the similarities between
and moving. Vulnerabilities in ICS have been de facto both devices are numerous and explicit in the context of
imported to ships and we wanted to raise attention on demonstrations). The engine and the propeller are char-
them as they operate and control critical functions on a acterized by their status (on or off) and also their speed
ship. (expressed in rotations per minute) and we may include
• Modularity : the platform is to be used in a research
additional characteristics (e.g.; temperature, vibrations) if
context and therefore we expect it will evolve with the needed.
contributions of the PhD students. Modularity is a must • The navigation subsystem and the rudder in particular
so that new features can be integrated in the platform make it possible to change the direction of the ship. On
and also so that they can interact and be used in specific a traditional boat, the governor control lever consists of
scenarios. Our target audience is broad and we need to a helm and on recent ship it looks like a joystick. Here
prepare various scenarios that can be well understood and also we have duplicated the rudder and the lever so as
explicit for Navy officers in training, ship pilots and crew, to have a similarity with a large boat (e.g.; a tanker or a
and also operators on ground. container ship).
• Low costs and quick availability: we wanted to build a We have selected them because both subsystems are critical
proof of concept that could be used within an educational when at sea or in harbor. Every sailor knows the impact of the
context (for continuous education or for initial training of unavailability or alteration of one of these pieces of equipment
naval officers) and could be made available so as the PhD on the ship.

104
 a) : Moreover, these two subsystems constitute an in- similarity with a real ship, we have decided to simulate them.
teresting domain as we can build scenarios in which one For this purpose, we have configured and programed Arduinos
of the sub-systems is made unavailable or not responding to and they can provide (at low cost) input / output data to our
commands properly (e.g., at sea, when a ship navigates we can platform components. They can also be programed easily and
set the speed to a regime that goes beyond the engine limits or provide various schemes to manage and contribute to various
ignore warning on temperature elevation), and scenarios where scenarios.
an attack on both subsystem can impact the ship seriously (e.g.,
in a harbor, in the landing operation to reactivate the engines C. Software issues and components
to full speed and to set the rudder to the opposite angle with Both hardware elements (the central coordinator and the
respects to the docks). CPUs of the automata) are fully programmable. Software en-
Fig 1 gives an overview of the platform we have designed vironments and specific programming paradigms are provided
and built. In the next sections, we present and describe its by vendors ; they make it possible to implement various
components. controls, to collect data and process information, to ensure
Fig 1 gives an overview of the platform we have designed the communication flows between the components and to raise
and built. In the next sections, we present and describe its alarms if needed.
components, both for hardware and software. • The automata which control the engines and the trajectory
of the vessel simulators have been programed using the
toolkit made available by hardware providers. The pro-
B. Architecture and hardware issues
gram that will be executed by the automaton references
As indicated earlier, we have chosen to focus on ICS and data and function blocks and for example writing to a
SCADA. For our platform, we have installed two automata specific address of the automaton memory ensures the
and each of them is responsible for one of the subsystems: communication with a device which is connected to it.
one for controlling the the ship direction and the second Developing a program is low level and requires precise
one for controlling the engine and its speed in particular. knowledge of the memory organizations and instruction
Each automaton integrates a CPU (e.g.; in order to execute sets. It requires expertise and specific skills and appears
the application control code) and a communication processor as a daunting task.
which provides industrial protocol features (e.g.; in order to • The interface to the SCADA. With our hardware ar-
exchange data between the automaton and its environment, chitecture, we can interact with the system through
with ModBus, DNP3, S7 or related protocols). We have also sensors which trigger specific operations and memory
configured and installed a central coordinator (a Raspberry operations in dedicated areas. We have also integrated
PI) which ensures the communication between the automata feedback to the end user though LEDs and other signals.
and also conveys commands and requests to/from the SCADA Nevertheless, this interface that is provided is rather
system. The central controller appears as an intermediate limited and requires knowledge that would make it unfit
between the SCADA and the automata and therefore plays in our educational context. We have therefore designed
a central role in the overall architecture. The Raspberry PI and implemented a man-machine interface which presents
provides a low-cost processor and a data flow orientation that in a synthetic way the information that is stored in
fits our needs and requirements. Even though, we are in a the automata, the status of the various components of
prototype context, the communication bandwidth and speed our platform (e.g.; percentage of the engine capacity,
make it possible to address various kinds of data flow density rotation speed of the fans). The interface also provides
and to perform various controls and actions on the messages services and functions which set and activate the various
that are received or sent. Both hardware elements (the central components.
coordinator and the CPUs of the automata) are fully pro- • In the initial version of the platform, we have also in-
grammable. Both are equipped with software environments cluded checks of constraints and properties. These appear
and specific programming paradigms that make it possible as Boolean conditions and may implement reliability
to implement various controls, to execute code and to raise and safety properties, which are expressed as values and
alarms if needed. In this paper, we present in the next section states of a specific sub-system (e.g., propulsion control or
one example of such a control which can ensure consistency direction). Such properties are set to prevent an operator
between both subsystems and a global property for our ship from taking inappropriate or incorrect action (e.g.; setting
demonstrator. the back clutch while in forward motion, or increasing
a) : A ship operates in a complex environment that is the speed of an engine too quickly). For this purpose,
composed of numerous sensors and effectors: a sensor can we have extended our platform to include probes and an
measure the temperature of the engine parts that is then fed IDS (Intrusion Detection System) : the probes are there to
into a controller to ensure the safe operation of the engine, a monitor and capture network packets and the IDS ensures
GPS chip can also acquire the ship position and can relate it that the constraints and properties are satisfied.
on the electronic maps,... All of these sensors and effectors are
complex by themselves and we chose to exclude them from D. Overall architecture of our platform
our platform, as their integration would go beyond the scope Our platform architecture is presented in figure 1 and
of our project and its time line. Nevertheless, to have a higher gives an overview of the interactions between the various

105
Fig. 1. Schema of the platform.

components, the protocols that are used to convey information present 3 situations for which the constraints are not verified
flows and the operations that can be performed by an end user. and which correspond to threats that can be identified and we
The proposed architecture fulfills our initial requirements present the detection approach we have selected:
and criteria, that were presented in section 2. In particular,
our solution exhibits the following features: • The first scenario relates a simple attack. The ICS and
• it is realistic and quite similar (though simpler and less the automata we have integrated in our platform are well
complete than) to what is available in today’s vessels. known to a wide variety of attacks that can be triggered
The fans correspond to the engines that can be turned by one single network packet [13] [9]. For example, by
on or off, and their speed can be increased or decreased. sending specially crafted packets on the network, one can
Their behavior relate to real engines and ship axes. An stop the automaton, reconfigure it or even reprogram it
attack with a control of the engine control can be made to a completely new behavior, or reset it, or block it and
explicit and understandable to a wide audience: sending not responsive to following commands. In our scenario,
network messages to set the speed of the engines while we forge a TCP packet with a specific payload to stop
disabling the man-machine interface and the control of the program loop of the automaton, the observer would
the push buttons. then try to operate the interface as usual but will not see
• Integration of Industrial control systems and SCADA: our any reaction, even direct access to the hardware buttons.
platform includes similar systems that are used on ships This scenario emphasizes that a short message may place
but also in numerous industrial contexts. It simulates two the system in a stopped mode without any warning from
subsystems that are available on a ship but with minimal the SCADA on its status. The observer can then figure
effort the platform can be adapted to additional contexts, out the consequences of the situation when performing
where education and cyber security awareness are of complex maneuvers in a harbor for example : it takes time
concerns. to realize that the interface is not working any longer and
• it is modular and integrates low cost components and also to reach the automaton location, to discover that a
COTS which make it possible to clone it multiple times. specific led (’stopped mode’) is on, to reset the automaton
The initial setting and the software development required and to restart it. The solution to detect such an attack is to
the efforts of our team and they can be adapted if needed. detect and filter the forged message. In fact, most of the
We also intend to make the platform available during messages concerned are related to a maintenance mode
students’ activities (labs and projects). and should not be run when the system is operational.
• The platform is fully programmable and extensible (for Our approach is to filter (e.g.; to discard) any message
its services and components) which makes it possible to sent with what we considered as an inappropriate mode
be used in an r&d context so as to experiment, investigate and to send a warning to the end user that someone tries
and evaluate various configurations / propositions, from to step into the system.
the PhD students in particular. • A second scenario with a more advanced attack and how
a pilot can be lured and confused by wrong data. In this
IV. D ETECTION OF THREATS AND POTENTIAL ATTACKS scenario we use specific command messages to write data
The architecture of the platform makes it possible to check to the memory of the automaton directly. By performing
rules and properties, as indicated earlier. In this section, we these operations, we can take control of the automaton

106
 (by providing the equipment with wrong and incorrect hands. In the initial stage, he/she can manipulate and act on
data) and also confuse the observer with the use of the the interface and the sensors and discover the similarities to
interface. For example, if we ask the observer to increase the system he/she is used to: a ship’s pilot understands the
the speed of the engine, he/she triggers the speed stick to two subsystems we simulate (propulsion and direction) almost
reach the requested speed. Now, if we modify the speed immediately. This sequence is intended in a way to remove
that is read and collected for the man-machine interface, any objection the observer may have by using a ’mocked’
we can confuse and lure the observer who would then system of something he/she knows as complex and much more
keep increasing the speed (as what is displayed is an advanced in terms of features and functions. We then present
inaccurate information) and reach then a situation where the various components of the platform, describe their features
the engine is at serious risk of breaking. This scenario and services and also place them in the context of a boat.
highlights that when an observer keeps faith with the Once the observer is familiar with the use and operation of
data displayed, he/she ignores any warning that may be the platform, we can then trigger the aforementioned scenarios.
raised. In avionics, the pilots of Air France flight Rio to a) : After several demonstrations, and playing the sce-
Paris experienced a similar but fatal situation when the nario to various audiences, we have obtained interesting feed-
probes sent inaccurate information on the aircraft speed back from stakeholders at various levels of a ship’s hierarchy.
and vertical position. Our approach for detecting such a These scenarios raise attention and awareness of the cyber
situation is similar to the first situation; we prevent such risks: for the top level, integrating cyber security as a re-
direct memory access operations and they are discarded. quirement appears quite natural when anticipating ships of the
The end user is warned on the situation and the existence future or to upgrade the existing fleet ; for operation officers,
of tentative direct access to the control data. they discover that a system they trust can be corrupted and
• A third scenario with a complex attack. This scenario uses they discover how a control system can be reset, reprogramed
the full features of our platform, the central coordinator or deactivated with a single network packet ; for the crew, the
(as a centralized point of control for the entire system) protection and security measures that can appear as superficial
and the IDS in particular. Our purpose with this scenario and obstructive (e.g.; use of USB devices, controls of network
is to combine 2 situations that each controller considers as access) were placed in a context where their security can be
valid but where their conjunction leads to an unfortunate placed at risk because of the non-observation of the policies.
situation. In our context, when combining the angle of We plan to develop more of these scenarios and to address
the helm with an inappropriate speed, one can destroy a other professionals in the marine environment: e.g.;for the
transmission axis in the boat and compromise the overall container carriers stabilization is very critical to ensure that
mission of the ship by killing the ship engine directly. In the containers do not displace the gravity center; for a ferry
our approach to detect such a threat, we aggregate inputs boat, it is very important that the major bow visor door does
from both automata and detects the danger by evaluating not open when the ship is at sea (and this door is controlled
a global property (based on Boolean algebra) and then, with an automaton).
of course, to report it to the end user so that he/she can
take adequate actions.
B. Use of the platform in an educational context
V. U SAGE OF THE PLATFORM AND EARLY FEEDBACK In our universities, we have played the same scenarios and
The platform has been made operational from September followed the same process for the audience to get familiar
’16 and we have been able to demonstrate and use it in various with the platform. Of course, the public is not the same and
contexts. In the next subsections, we present the outcomes and the students are not expert in controlling a boat. Nevertheless,
user reactions we have been able to collect. To enhance the and this is certainly linked to a long practice of video games,
experience, we have set 2 demonstration modes: they get used to the interface and know how to ’operate’ the
boat in a short time. We use the aforementioned scenarios in
• a no control mode. We deactivate all the controls we
order to raise their attention and get them into the context
have identified and mentioned in the previous section.
directly. After lectures and labs, we get back to the scenarios
The consequence of a forged message is therefore to let
and we assign them a specific task that is to understand and
the attack goes by sending the forged packet to the ICS
explain how these dangerous situations occur and how the
controller and automaton.
attacks were triggered. By providing them with the adequate
• a control mode where the properties and rules are checked
bibliography and technical documentation, they can determine
and when a potential threat is identified the message is
the sequence of forged messages that is involved in the attack
discarded and not forwarded to the ICS.
and even propose new attack scenarios by using other similar
commands and sending them to the automaton. We believe
A. Use of the platform as a demonstrator that these direct interactions with our platform enhance their
The objective of a demonstrator is to set a pertinent con- understanding of cyber security in ICS, and provide them with
figuration and scenario so that the observer can understand a an experimental platform that they configure on their own.
situation and above all project himself /herself in a condition We plan in the near future to finalize the labs from the initial
where he/she can become aware of the impacts and outcomes. experiments with the students and to involve them in projects
For this, we proceed by placing the platform in the observer’s where the current platform can be used or extended.

107
C. Use of the platform in research to upgrade our platform and to adjust it so it bears a
Research activities started as soon as the platform was stronger resemblance to a real ship.
mature and stable enough to be used by PhD students and • Data generation. In our team, PhD students investigate
researchers. We have so far integrated 2 activities and extended new algorithms and innovative approaches for detecting
the platform accordingly: cyber attacks more precisely. Data are highly critical
when comparing and evaluating new methods and pro-
• A first subject explores general and automatic methodolo-
cesses but we have a severe shortage of data sets (linked
gies to detect cyber-attacks on SCADA systems applying to proprietary data or to security concerns from the
quality measures. Our research goes beyond what we industrialists). We plan to extend our platform so that we
performed on the evaluation of quality to cyber-physical can collect data messages, commands and other related
systems [7] creating promising research lines in decision- outputs through probes. These data sets could then be
making and anomaly detection. indexed with the scenario and constitute a rich data
• A second subject integrates trust management in the
reference.
IDS. The perimeter of this research is to investigate how • Advanced detection. The architecture we propose can
sensors data can be altered so that the boat control is constitute the initial stage of a more complex system
impacted. Trust in an important quality when data are with security properties being expressed in a high-level
used to take decisions and piracy can take new forms of language (e.g.; Boolean or temporal logic) and then a
attacks by altering data. pre-processor would translate the property into direct
For these 2 PhD topics, the platform provides a valuable operations to collect the required data and to evaluate
environment where the contributions can be tested and evalu- the rule (e.g., reading information from specific memory
ated. zones or from sensors and then evaluating an expression
generated by the pre-processor).
VI. CONCLUSIONS AND PERSPECTIVES
R EFERENCES
In this paper, we have presented the platform we have
[1] 2015 IEEE Conference on Communications and Network Security, CNS
designed and developed with emphasis on cyber security 2015, Florence, Italy, September 28-30, 2015. IEEE, 2015.
awareness in the context of a maritime environment. The [2] D. Beresford. Exploiting Siemens Simatic S7 PLCs. Black Hat USA,
SCADA systems are numerous on board and ensure critical 2011.
[3] IMO. Guidelines on the facilitation aspects of protecting the maritime
functions when a ship is at sea or landing in a harbor. Our ma- transport network from cyber threats, 2016.
jor achievement is to have designed a realistic and small scale [4] J. Klick, S. Lau, D. Marzin, J. Malchow, and V. Roth. Internet-
industrial control system (ICS) with high similarities to what facing plcs as a network backdoor. In 2015 IEEE Conference on
Communications and Network Security, CNS 2015, Florence, Italy,
is available on ships. The two subsystems we have simulated September 28-30, 2015 [1], pages 524–532.
(propulsion and direction) can be involved to highlight the [5] J. Malchow, D. Marzin, J. Klick, R. Kovacs, and V. Roth. PLC guard:
consequences of a cyber attack on the operational conditions A practical defense against attacks on cyber-physical systems. In 2015
IEEE Conference on Communications and Network Security, CNS 2015,
or a ship. With this platform, we have enhanced our expertise Florence, Italy, September 28-30, 2015 [1], pages 326–334.
and knowledge of ICS and we believe it makes explicit the [6] P. Merino Laso, D. Brosset, and J. Puentes. Monitoring approach of
behavior and operations of a system which appeared complex cyber-physical systems by quality measures. In International Conference
on Sensor Systems and Software. Springer, 2016.
and obscure. The platform has been produced and released [7] P. Merino Laso, D. Brosset, and J. Puentes. Analysis of quality
in an R&D context and as such has been developed so measurements to categorize anomalies in sensor systems. In SAI
that extra services, functions, applications can be plugged Computing Conference (SAI), 2017. IEEE, 2017.
[8] NCCIC/ICS-CERT. Industrial Control Systems Assessment Summary
into the architecture so as to support innovative actions and Report, 2016.
investigations. Based on the early feedback we have received [9] S. C. Patel, G. D. Bhatt, and J. H. Graham. Improving the cyber security
during demonstrations of the scenarios we presented, we of SCADA communication networks. Commun. ACM, 52(7):139–142,
July 2009.
believe that we have been able to raise attention and awareness [10] H. S. Ralf Spenneberg, Maik Brggemann. PLC-blaster: A worm living
to cyber security issues in a maritime context. This is a strong solely in the PLC. Blackhat, 2016.
outcome of this project as the international community needs [11] R. J. Robles and M. kyu Choi. Assessment of the vulnerabilities of
SCADA, control systems and critical infrastructure systems. Depart-
to anticipate serious threats and cyber attacks, against vessels, ment of Multimedia Engineering, Hannam University 133 Ojeong-dong,
cruise ships and also harbor infrastructure. Their impact can Daeduk-gu, Daejeon, Korea, 2(2):30, 2009.
be severe and affect lives and finances. [12] K. Stouffer, V. Pillitteri, S. Lightman, M. Abrams, and A. Hahn. Guide
to industrial control systems (ICS) security. NIST special publication,
a) : In the near future, we plan to extend this early 800(82), 2015.
prototype and to improve it. We have identified so far 3 main [13] B. Zhu, A. Joseph, and S. Sastry. A taxonomy of cyber attacks on
directions for future r&d investigation: SCADA systems. In Proceedings of the 2011 International Conference
on Internet of Things and 4th International Conference on Cyber,
• Fine tuning of our prototype. We have implemented our Physical and Social Computing, ITHINGSCPSCOM ’11, pages 380–
architecture based upon what we observed and also from 388, Washington, DC, USA, 2011. IEEE Computer Society.
experts’ inputs. We plan to collect data and network
messages from a real and operational vessel in various
configurations and contexts. Our aim is to analyze these
traces and extract more precise patterns that we shall use

108