Security Challenges in Commercial off-the-shelf Equipment Integration for Small Autonomous Vessels: A Security-by-Design Approach
: Kalliovaara, Juha; Hallio, Juhani; Väänänen, Jesse; Jokela, Tero
: N/A
: International Conference on Maritime Autonomous Surface Ships
Publisher: Institute of Physics
: 2025
Journal of Physics: Conference Series
: 8th International Conference on Maritime Autonomous Surface Ships (ICMASS 2025) & Intelligent and Smart Shipping Symposium (ISSS)
: 012036
: 3123
: 1742-6588
: 1742-6596
DOI: https://doi.org/10.1088/1742-6596/3123/1/012036
: https://doi.org/10.1088/1742-6596/3123/1/012036
: https://research.utu.fi/converis/portal/detail/Publication/505583197
This study examines the security implications of commercial off-the-shelf (COTS) equipment used in small vessels (<25m) transitioning to autonomous operations, emphasizing a comprehensive security-by-design approach. The eM/S Salama autonomous test vessel is introduced as a representative use case, which is used to identify critical vulnerabilities in maritime technologies designed primarily for consumer markets, where usability often compromises security considerations. Our research reveals multifaceted security challenges including communication system weaknesses, cyber-physical integration vulnerabilities, data integrity issues, inadequate cyber-attack response mechanisms, and regulatory compliance gaps. These challenges are compounded by integration difficulties in wireless technologies, cloud connectivity, and Controller Area Network (CAN) bus systems, where manufacturers' security features remain inconsistently implemented due to cost and complexity constraints typical of small vessel operations. We propose a systematic seven-step security assessment framework encompassing asset categorization and inventory, Information Technology (IT) / Operational Technology (OT) integration requirements, physical security controls, device-level security evaluation, communication system security, human-centric security and operational resilience, and continuous monitoring and assessment. The framework provides quantitative scoring methodologies and practical implementation guidance specifically adapted for resource-constrained maritime environments, enabling systematic evaluation of COTS equipment security posture. This security-by-design methodology addresses the fundamental challenge of maintaining robust security while enabling autonomous operations in cost-sensitive maritime environments. The framework offers assessment tools and evaluation matrices suitable for small vessel operations, bridging the gap between theoretical cybersecurity models and practical implementation in autonomous maritime systems.
:
None.
UTU Research Portal