Maritime Cyber Threats Detection Framework: Building Capabilities

In recent years, attackers have shifted their attention in the Maritime domain, exploiting vulnerabilities of Maritime IT/OT systems and human resources, and impacting the situational picture onboard the ships and/or at shore infrastructures. Therefore, developing human skills and systems� detection capabilities in the Maritime domain are a critical element to effectively manage the cyber risks related to different types of ships and/or Maritime infrastructures. Such capabilities can greatly contribute to developing a Maritime Cyber Situational Awareness, which can promote the Maritime domain key mission objectives, such as maintaining preparedness, safety, and security. The complexity of the Maritime environment poses a great challenge in detecting cyber threats and/or anomalies in the behavior of systems, due to the different ship-to-shore systems that form this environment. Not being able to detect cyber threats or detect them early enough can affect the effectiveness of decision-making and impact the mission objectives of the Maritime domain. This work investigates detection aspects in the Maritime domain and contributes towards a novel Maritime cyber threat detection framework, to guide the development of relevant human skills and systems� cyber threat detection capabilities. A highlight of this work is the development of a Maritime attack matrix based on MITRE ATT&CK matrices, to clearly specify the cyber threats related to the Maritime surveillance and navigation systems. � 2022, IFIP International Federation for Information Processing.