From sinking to saving: MITRE ATT &CK and D3FEND frameworks for maritime cybersecurity

Cybersecurity is a growing concern for maritime sector. Modern ships are practical realism of cyber physical systems that utilize both information technologies and operational technologies. Cybersecurity incidents on such systems require robust and explainable models that should provide deep insights about the nature of an attack. Many frameworks for modeling of cyber attacks exist, but they cover only the tiny part of modern multidimensional attack surfaces. MITRE ATT &CK is the most comprehensive cyber attack modeling framework that covers the multidimensional nature of modern cyber attacks. MITRE D3FEND is similar to ATT &CK knowledge base, but it represents cyber defense framework. In this paper, we aim to demonstrate the modeling with MITRE ATT &CK and MITRE D3FEND frameworks for maritime cybersecurity. An attack scenario against ballast water management system of the ship is considered and modeled with the help of ATT &CK. Moreover, two defensive mechanisms are suggested. First is created with the help of D3FEND framework and second leverages the strength offered by mitigation techniques of ATT &CK. We believe that the demonstration of MITRE ATT &CK and D3FEND frameworks for modeling of maritime cyber attacks and maritime defense, respectively, would pave the way for the development of future maritime cybersecurity solutions.