Cyber Defence Trainer for Marine Integrated Platform Management Systems

Abstract

Modern civilian and military marine vessels employ integrated platform management systems to monitor and control various different operational ship systems such has engine control, navigation and potentially weapon systems. These platform management systems consist of information and operational technology (IT/OT) environments that integrate commercial operating systems, TCP/IP based protocols and supervisory control and data acquisition (SCADA) systems in order to monitor and control marine cyber physical systems. This integration of technologies introduces threat vectors as well as unique operational, safety and potentially environmental impacts for marine vessels. Ships’ crews do not always have security monitoring capabilities and trained security staff who understand the various onboard systems to the extent they could detect a cyber attack. Furthermore, there is a lack of training environments that could be used to educate marine cyber operators. The aim of this research is to build an environment based on effective cyber training techniques to enable the education of marine cyber operators in defensive cyber operations. The environment in this context is a defensive cyber security trainer that enables students to analyse network traffic in order to detect attacks against any ship systems, including cyber physical systems. Effective training techniques refers to the pedagogical recommendations for successful cyber education and effective gamified design. Educating marine cyber operators how to detect attacks on marine IT/OT environments within an integrated platform management system will enable better protection from cyber attack against marine vessels. To accomplish this aim, defensive cyber trainer was developed that consisted of three key components. The first was a Capture the Flag (CTF) framework. The second was a server that included the emulation and simulation of key ship integrated platform management system components within a virtualized environment. Third, were open source and customized plugins used to analyse traffic in our virtualized ship and the inclusion of three different kill chains based on real attacker tactics, techniques and procedures (TTPs). This defensive cyber trainer was validated against research methodologies for effective gamified environment design.