Guiding Ship Navigators through the Heavy Seas of Cyberattacks

The entire maritime sector, encompassing not only on-shore systems but especially systems onboard vessels, is increasingly endangered by threats from cyberspace. Implementing preventive security like cryptography into existing systems can be costly. Thus, network-based Intrusion Detection Systems (NIDSs) promise to be a retrofittable security solution that alerts suspicious network behavior. Regarding vessels, however, there is still a lack of NIDSs detecting sophisticated cyberattacks manipulating nautical data, e.g., by spoofing a vessel’s course and position. Moreover, the intended users of such NIDSs onboard vessels would be nautical operators rather than cybersecurity experts, although interpreting the alarms of a typical NIDS and understanding their consequences requires expert knowledge in cybersecurity. For this reason, we present a Cyber Incident Monitor (CIM), a security framework combining a specialized maritime NIDS to detect sophisticated attacks in maritime networks with a customized human machine interface (HMI) providing tailored guidance for nautical operators to respond adequately in the event of a cyberattack. Using simulations, we show that CIM detects attacks quickly and through usability tests involving nautical experts, we derive helpful advice for the HMI development. Overall, CIM enables the detection of maritime cyberattacks while providing alerts and recommendations to navigators to take appropriate measures in a timely manner.