Detecting and Hunting Cyberthreats in a Maritime Environment: Specification and Experimentation of a Maritime Cybersecurity Operations Centre

Olivier Jacq 1, 2 Xavier Boudvin 1, 3 David Brosset 1 Yvon Kermarrec 4, 2, 1 Jacques Simonin 5, 2, 1
4 Lab-STICC_IMTA_CID_IRIS
Lab-STICC - Laboratoire des sciences et techniques de l'information, de la communication et de la connaissance
5 Lab-STICC_IMTA_CID_DECIDE
Lab-STICC - Laboratoire des sciences et techniques de l'information, de la communication et de la connaissance
Abstract : The vast majority of worldwide goods exchanges are made by sea. In some parts of the world, the concurrence for dominance at sea is very high and definitely seen as a main military goal. Meanwhile, new generation ships highly rely on information systems for communication, navigation and platform management. This ever-spreading attack surface and permanent satellite links have grown a concern about the potential impact of cyberattacks on a ship at sea or on naval shore infrastructures. Therefore, on top of the usual cyberprotection measures taken for safety reasons, it is essential to implement an ongoing cyber monitoring of ships in order to detect, react accordingly, and stop any incoming threat. In this paper, we explain the specific constraints when trying to assess the cyber situation awareness of maritime information systems. As we will demonstrate, those systems combine physical and logical constraints which complexify their cyber monitoring process and architecture. Gathering valuable data while having a limited and controlled impact on the satellite bandwidth, maintaining a high level of integrity on remote systems in production are, for instance, thriving challenges for both civilian and military ships. We have designed and set up a research platform which fulfils those specifications to streamline the cyber monitoring process.We will then describe the architecture used to detect cyber-threats and collect potential Indices of Compromise from naval systems, as well as the results we have currently achieved.
Type de document :
Communication dans un congrès
Cyber Security In Networking Conference, Oct 2018, Paris, France. Proceedings Cyber Security In Networking Conference, 2018
Liste complète des métadonnées

https://hal.archives-ouvertes.fr/hal-01911640
Contributeur : Bibliothèque Télécom Bretagne <>
Soumis le : samedi 3 novembre 2018 - 00:30:04
Dernière modification le : mercredi 19 décembre 2018 - 15:26:07

Identifiants

  • HAL Id : hal-01911640, version 1

Citation

Olivier Jacq, Xavier Boudvin, David Brosset, Yvon Kermarrec, Jacques Simonin. Detecting and Hunting Cyberthreats in a Maritime Environment: Specification and Experimentation of a Maritime Cybersecurity Operations Centre. Cyber Security In Networking Conference, Oct 2018, Paris, France. Proceedings Cyber Security In Networking Conference, 2018. 〈hal-01911640〉

Partager

Métriques

Consultations de la notice

166