SIRENS: An Approach To Automated Cyber Security Testing and Audits of Maritime Systems

Cyber-physical sectors are increasingly facing cyber attacks, and cyber security testing-including penetration testing, vulnerability assessments, and security audits-can help organisations identify vulnerabilities, understand their cyber security posture, and implement mitigation mechanisms. This paper discusses cyber security testing and audits within the maritime shipping sector, which is currently underdeveloped. Given that the maritime sector is a critical cyber-physical sector essential to everyday life, the rising number of cyber attacks is a significant concern. However, there are limited studies examining technical penetration testing and vulnerability assessments of devices in this sector compared to others. This paper introduces SIRENS, an approach to automate cyber security testing and audits within the maritime sector. SIRENS takes sector-specific knowledge into account while reducing the time and effort required by testers and auditors conducting assessments on board ships. The method employs various components to facilitate automated testing and utilises custom libraries. The SIRENS method has been tested and validated in a real hardware cyber-physical maritime testbed, uncovering previously unknown vulnerabilities and attack paths, from a system-of-systems perspective on maritime vessel networks.