A4 Refereed article in a conference publication

Security Challenges in Commercial off-the-shelf Equipment Integration for Small Autonomous Vessels: A Security-by-Design Approach



AuthorsKalliovaara, Juha; Hallio, Juhani; Väänänen, Jesse; Jokela, Tero

EditorsN/A

Conference nameInternational Conference on Maritime Autonomous Surface Ships

PublisherInstitute of Physics

Publication year2025

Journal: Journal of Physics: Conference Series

Book title 8th International Conference on Maritime Autonomous Surface Ships (ICMASS 2025) & Intelligent and Smart Shipping Symposium (ISSS)

Article number012036

Volume3123

ISSN1742-6588

eISSN1742-6596

DOIhttps://doi.org/10.1088/1742-6596/3123/1/012036

Publication's open availability at the time of reportingOpen Access

Publication channel's open availability Open Access publication channel

Web address https://doi.org/10.1088/1742-6596/3123/1/012036

Self-archived copy’s web addresshttps://research.utu.fi/converis/portal/detail/Publication/505583197


Abstract
This study examines the security implications of commercial off-the-shelf (COTS) equipment used in small vessels (<25m) transitioning to autonomous operations, emphasizing a comprehensive security-by-design approach. The eM/S Salama autonomous test vessel is introduced as a representative use case, which is used to identify critical vulnerabilities in maritime technologies designed primarily for consumer markets, where usability often compromises security considerations. Our research reveals multifaceted security challenges including communication system weaknesses, cyber-physical integration vulnerabilities, data integrity issues, inadequate cyber-attack response mechanisms, and regulatory compliance gaps. These challenges are compounded by integration difficulties in wireless technologies, cloud connectivity, and Controller Area Network (CAN) bus systems, where manufacturers' security features remain inconsistently implemented due to cost and complexity constraints typical of small vessel operations. We propose a systematic seven-step security assessment framework encompassing asset categorization and inventory, Information Technology (IT) / Operational Technology (OT) integration requirements, physical security controls, device-level security evaluation, communication system security, human-centric security and operational resilience, and continuous monitoring and assessment. The framework provides quantitative scoring methodologies and practical implementation guidance specifically adapted for resource-constrained maritime environments, enabling systematic evaluation of COTS equipment security posture. This security-by-design methodology addresses the fundamental challenge of maintaining robust security while enabling autonomous operations in cost-sensitive maritime environments. The framework offers assessment tools and evaluation matrices suitable for small vessel operations, bridging the gap between theoretical cybersecurity models and practical implementation in autonomous maritime systems.

Downloadable publication

This is an electronic reprint of the original article.
This reprint may differ from the original in pagination and typographic detail. Please cite the original version.

Funding information in the publication
None.


Last updated on 2025-26-11 at 09:27