An In-Depth Security Assessment of Maritime Container Terminal Software Systems

by   Joseph O. Eichenhofer, et al.

Attacks on software systems occur world-wide on a daily basis targeting individuals, corporations, and governments alike. The systems that facilitate maritime shipping are at risk of serious disruptions, and these disruptions can stem from vulnerabilities in the software and processes used in these systems. These vulnerabilities leave such systems open to cyber-attack. Assessments of the security of maritime shipping systems have focused on identifying risks but have not taken the critical (and expensive) next step of actually identifying vulnerabilities present in these systems. While such risk assessments are important, they have not provided the detailed identification of security issues in the systems that control these ports and their terminals. In response, we formed a key collaboration between an experienced academic cybersecurity team and a well-known commercial software provider that manages maritime shipping. We performed an analysis of the information flow involved in the maritime shipping process, and then executed an in-depth vulnerability assessment of the software that manages freight systems. In this paper, we show the flow of information involved in the freight shipping process and explain how we performed the in-depth assessment, summarizing our findings. Like every large software system, maritime shipping systems have vulnerabilities.


page 1

page 2

page 5

page 10

page 13

page 14

page 16

page 18


Towards an Improved Understanding of Software Vulnerability Assessment Using Data-Driven Approaches

The thesis advances the field of software security by providing knowledg...

Cyber-Physical Energy Systems Security: Threat Modeling, Risk Assessment, Resources, Metrics, and Case Studies

Cyber-physical systems (CPS) are interconnected architectures that emplo...

Development of a Multi-purpose Fuzzer to Perform Assessment as Input to a Cybersecurity Risk Assessment and Analysis System

Fuzzing is utilized for testing software and systems for cybersecurity r...

State Compression and Quantitative Assessment Model for Assessing Security Risks in the Oil and Gas Transmission Systems

The SCADA system is the foundation of the large-scale industrial control...

Systems-theoretic Hazard Analysis of Digital Human-System Interface Relevant to Reactor Trip

Human-system interface is one of the key advanced design features applie...

Snakes and Ladder Logic: PLC-VBS, a PLC Control Logic Vulnerability Discovery Tool

Cyber security risk assessments provide a pivotal starting point towards...

Security Rating Metrics for Distributed Wireless Systems

The paper examines quantitative assessment of wireless distribution syst...

Please sign up or login with your details

Forgot password? Click here to reset