Security Challenges in Commercial off-the-shelf Equipment Integration for Small Autonomous Vessels: A Security-by-Design Approach - UTU Tutkimustietojärjestelmä

A4 Vertaisarvioitu artikkeli konferenssijulkaisussa

Security Challenges in Commercial off-the-shelf Equipment Integration for Small Autonomous Vessels: A Security-by-Design Approach

Tekijät: Kalliovaara, Juha; Hallio, Juhani; Väänänen, Jesse; Jokela, Tero

Toimittaja: N/A

Konferenssin vakiintunut nimi: International Conference on Maritime Autonomous Surface Ships

Kustantaja: Institute of Physics

Julkaisuvuosi: 2025

Lehti: Journal of Physics: Conference Series

Kokoomateoksen nimi: 8th International Conference on Maritime Autonomous Surface Ships (ICMASS 2025) & Intelligent and Smart Shipping Symposium (ISSS)

Artikkelin numero: 012036

Vuosikerta: 3123

ISSN: 1742-6588

eISSN: 1742-6596

DOI: https://doi.org/10.1088/1742-6596/3123/1/012036

Julkaisun avoimuus kirjaamishetkellä: Avoimesti saatavilla

Julkaisukanavan avoimuus : Kokonaan avoin julkaisukanava

Verkko-osoite: https://doi.org/10.1088/1742-6596/3123/1/012036

Rinnakkaistallenteen osoite: https://research.utu.fi/converis/portal/detail/Publication/505583197

Tiivistelmä

This study examines the security implications of commercial off-the-shelf (COTS) equipment used in small vessels (<25m) transitioning to autonomous operations, emphasizing a comprehensive security-by-design approach. The eM/S Salama autonomous test vessel is introduced as a representative use case, which is used to identify critical vulnerabilities in maritime technologies designed primarily for consumer markets, where usability often compromises security considerations. Our research reveals multifaceted security challenges including communication system weaknesses, cyber-physical integration vulnerabilities, data integrity issues, inadequate cyber-attack response mechanisms, and regulatory compliance gaps. These challenges are compounded by integration difficulties in wireless technologies, cloud connectivity, and Controller Area Network (CAN) bus systems, where manufacturers' security features remain inconsistently implemented due to cost and complexity constraints typical of small vessel operations. We propose a systematic seven-step security assessment framework encompassing asset categorization and inventory, Information Technology (IT) / Operational Technology (OT) integration requirements, physical security controls, device-level security evaluation, communication system security, human-centric security and operational resilience, and continuous monitoring and assessment. The framework provides quantitative scoring methodologies and practical implementation guidance specifically adapted for resource-constrained maritime environments, enabling systematic evaluation of COTS equipment security posture. This security-by-design methodology addresses the fundamental challenge of maintaining robust security while enabling autonomous operations in cost-sensitive maritime environments. The framework offers assessment tools and evaluation matrices suitable for small vessel operations, bridging the gap between theoretical cybersecurity models and practical implementation in autonomous maritime systems.

Ladattava julkaisu

This is an electronic reprint of the original article.
This reprint may differ from the original in pagination and typographic detail. Please cite the original version.

Kalliovaara_2025_J._Phys.__Conf._Ser._3123_012036.pdf

Julkaisussa olevat rahoitustiedot:
None.