KR102578059B1 - Cyber risk quantitative evaluation system for autonomous ship and method performing thereof - Google Patents

Abstract

The method for quantitatively assessing cyber risk for autonomous ships implemented in the quantitative system for cyber risk for autonomous ships according to an embodiment of the present invention includes the steps of evaluating the possibility of a cyber threat of a system to be evaluated and calculating a probability grade, and specifying the system to be evaluated. Calculating an impact level using the impact index of a component affecting the operation of a ship, determining a risk level using the probability level and the impact level, and overcoming the risk according to the risk level. It includes providing a method for doing so. In addition, the present invention has the advantage of reducing cyber risks and operating safely throughout the entire life cycle of autonomous ships.

Description

Autonomous ship cyber risk quantitative assessment system and implementation method {CYBER RISK QUANTITATIVE EVALUATION SYSTEM FOR AUTONOMOUS SHIP AND METHOD PERFORMING THEREOF}

The present invention relates to a quantitative evaluation system for cyber risk of autonomous ships and a method of implementing the same. More specifically, a quantitative evaluation system for cyber risk of autonomous ships and its implementation method to reduce cyber risks and operate safely throughout the entire life cycle of autonomous ships. The purpose is to provide an implementation method.

The maritime business environment is undergoing a paradigm shift with the introduction of information and communication technology (ICT). This digitalization of the maritime industry is a factor that increases cyber threats and risks.

As shown in [Table 1], the cyber attack on the Maersk APM terminal automation system that occurred in June 2017 is a representative example of a delay in maritime transportation and logistics systems around the world. Cyber attacks on the ports of San Diego and Barcelona, which occurred in September 2018, suggest that ports, port operation infrastructure, and ships that make up the maritime logistics system are being targeted by cyber attacks.

[Table 1]

The maritime industry recognizes the need to respond to maritime cyber security and is gradually strengthening regulations to manage and respond to cyber risks. The International Maritime Organization (IMO) is demanding that cyber risks be integrated and managed in the Safety Management System (SMS) from 20221 in accordance with resolution MSC.428(98).

Shipowners' associations, including the Baltic International Maritime Council (BIMCO), have distributed the 'Application Guidelines for Ship Cybersecurity' (4th edition) to reduce cyber risks in preparation for the 2021 annual safety compliance review in accordance with the IMO MSC.428(98) resolution. We provide guidelines for integration and management in the management system.

In addition, the International Association of Classification Societies is developing URs for cybersecurity requirements for new ships and ship-mounted equipment and systems, and based on this, in 2014, each classification society made it mandatory for shipyards and equipment companies when building new ships. Compliance with cybersecurity-related requirements will be required.

Autonomous ships have the latest ICT-based condition-based fault diagnosis/prediction integrated system, condition-based maintenance (CBM) and failure recovery (Fail-Safety) system, and augmented reality-based intelligent ship remote maintenance support system (Fail-Safety). Since it is expected to be installed and linked to various application services, the cyber risk can be considered very high. In particular, in order to operate autonomous ships at IMO autonomy level 3 or higher, a method to accurately evaluate ship cyber risk is needed.

As information and communications technology (ICT) advances, ships are accelerating their use of systems that rely on digitalization, integration, and automation. However, due to the use of advanced technology, ship information technology (IT) and operational technology (OT) systems are more frequently exposed to cyber threats, and the possibility of cyber accidents such as unauthorized access and malware infection is increasing.

In accordance with resolution MSC.428(98), the International Maritime Organization (IMO) is requiring ship owners and operators to integrate and manage ship cyber risks in the Safety Management System (SMS) of the ISM Code from 2021.

However, existing ship cyber risk management mainly focuses on administrative security, making it difficult to present fundamental measures to resolve structural flaws in ship network configuration. In order to defend a ship's IT and OT systems from comprehensive cyber attacks, design security is necessary from the new ship construction stage.

Korean Patent No. 10-2433928 relates to a cyber security management system for autonomous ships, and more specifically, to monitor the integrated IT (Information Technology) and OT (Operational Technology) networks of autonomous ships when a cyber attack occurs. In this case, you can protect both IT and OT networks and streamline onboard operations while complying with maritime security regulations to prevent cyber attacks from spreading.

The above conventional patent is a qualitative methodology and varies depending on the risk assessment results and the subjective decision of the performer. The threat list considered is ISO 27001 items and is suitable for the land environment, but is not suitable for the ship environment, and is a risk assessment methodology based on the threat list. Since the threat list continues to increase/change, it cannot be an objective standard.

In addition, since it is difficult to change the network during the ship's operation stage, there are limits to security measures (administrative and physical) to reduce risks.

Korean Patent No. 10-21406756 relates to a cyber security rule authentication system for autonomous ships. More specifically, it includes a data collection unit that collects transmission and reception data for multiple networks within an autonomous ship and generates collected data; a cyber risk assessment unit that analyzes the collected data and generates cyber risk assessment information that evaluates the cyber risk of cyber threats for each of the plurality of networks; A security rule confirmation unit that checks security rule review items for each certification authority; a nonconformity confirmation unit that checks whether a nonconformity result exists for a specific certification authority among the plurality of certification authorities based on the cyber risk assessment information and the security rule review items; It includes a review data submission section that decides whether to submit review data based on the above nonconformity results.

Korean Patent Publication No. 10-2020-0029266 relates to a ship communication network hacking prevention security system, comprising: a micro-satellite transceiver station that communicates with satellites through a satellite antenna; a router/firewall device connected to the ultra-small satellite transceiver station; A switching hub connected to the ship's main system, which consists of the ship's essential navigation system, CCTV integrated control system, and automation system, and the corresponding network switch; a blocking switch that blocks the connection between the router/firewall device and the switching hub; And a network control computer that connects the ship main system with the router/firewall device and is connected to the switching hub through a server, wherein the Forms a first network of a first route that communicates with the ship's main system, and communicates with the network control computer and the ship's main system from the router/firewall device when a cyber attack or traffic increase by the network control computer is detected. By forming a second network of a second route, the first network and the second network can be physically separated to maintain navigation by the ship main system.

Korean Patent No. 10-2463051 relates to a ship network access control method and device. More specifically, it provides security functions through network separation and access control between the ship's internal networks to respond to cyber attacks due to the development of communication technology within the ship. There is information that can be improved.

Korean Patent No. 10-2433928 Korean Patent No. 10-21406756 Korean Patent Publication No. 10-2020-0029266 Korean Patent No. 10-2463051

The present invention relates to a quantitative autonomous ship cyber risk assessment system and method of implementing the same, which reduces cyber risks and allows safe operation of autonomous ships throughout their entire life cycle.

In addition, the present invention relates to a quantitative autonomous vessel cyber risk assessment system and method of implementing the same, which allows calculating/taking cyber risk assessment from the ship's construction stage.

In addition, the present invention relates to a quantitative autonomous ship cyber risk assessment system and method of implementing the same, which allows cyber risk assessment to be calculated and taken during the ship operation stage after delivery of the ship.

The objects of the present invention are not limited to the objects mentioned above, and other objects and advantages of the present invention that are not mentioned can be understood by the following description and will be more clearly understood by the examples of the present invention. Additionally, it will be readily apparent that the objects and advantages of the present invention can be realized by the means and combinations thereof indicated in the patent claims.

To achieve this purpose, the quantitative evaluation method of autonomous ship cyber risk, which is implemented in the autonomous ship cyber risk quantitative system, includes the steps of evaluating the cyber threat potential of the system to be evaluated and calculating a probability grade, and the specific components of the system to be evaluated. A step of calculating an impact level using the impact index that affects the operation of a ship, a step of determining a risk level using the probability level and the impact level, and steps to overcome the risk according to the risk level. It includes providing a method.

In one embodiment, the step of evaluating the possibility of a cyber threat of the evaluation target system and calculating the probability level may include calculating the probability level using an attack surface level and a vulnerability level.

In one embodiment, the step of calculating a probability grade using the attack surface grade and the vulnerability grade includes a complexity index indicating a maintenance state of the evaluation target system, a connectivity index indicating a state in which the evaluation target system is connected to an external device, It may include calculating the attack surface grade using an index.

In one embodiment, calculating a probability grade using the attack surface grade and vulnerability grade includes calculating a physical vulnerability index indicating whether the evaluation target system is connected to a physical access control device, the evaluation target Calculating a technical vulnerability index indicating the security setting state of the system, calculating an administrative vulnerability index indicating whether the evaluation target system satisfies the inspection items, and the physical vulnerability index, the technical vulnerability index, and the administrative vulnerability index. It includes calculating the vulnerability level using the vulnerability index.

In one embodiment, the step of calculating a technical vulnerability index indicating the security setting state of the evaluation target system includes a configuration vulnerability index indicating whether an exploitable vulnerability exists in the configuration of the evaluation target system and the configuration of the evaluation target system. It may include calculating a technical vulnerability index using a known vulnerability index indicating whether a known exploitable vulnerability exists.

In one embodiment, the step of calculating the impact rating using the impact index that the specific component of the evaluation target system affects the operation of the ship is the availability index that the evaluation target system affects the availability of the ship's operation. , It may include calculating the impact level using a confidentiality index that affects the security of the system to be evaluated and an integrity index that affects the integrity of data of the system to be evaluated.

In addition, the quantitative system for cyber risk of autonomous ships to achieve this purpose includes a possibility rating calculation unit that evaluates the possibility of cyber threats in the evaluation target system and calculates a possibility rating, and a possibility rating calculation unit that calculates a likelihood rating, and determines whether specific components of the evaluation target system affect the operation of the ship. Impact rating calculation unit that calculates the impact level using the impact index, ship cyber risk management evaluation unit that determines the risk level using the probability level and the impact level, and overcoming the risk according to the risk level. It includes a solution provision section that provides a method for doing so.

In one embodiment, the probability grade calculation unit may calculate the probability grade using the attack surface grade and the vulnerability grade.

In one embodiment, the probability rating calculation unit calculates the attack surface rating using a complexity index indicating a maintenance state of the evaluation target system and a connectivity index indicating a state in which the evaluation target system is connected to an external device. It may include a surface grade calculation unit.

In one embodiment, the probability rating calculation unit calculates a physical vulnerability index indicating whether the evaluation target system is connected to a physical access control device, and calculates a technical vulnerability index indicating the security setting status of the evaluation target system. and a vulnerability level calculation unit that calculates an administrative vulnerability index indicating whether the evaluation target system satisfies the inspection items, and calculates the vulnerability level using the physical vulnerability index, the technical vulnerability index, and the administrative vulnerability index. It can be included.

In one embodiment, the ship cyber risk management evaluation unit determines the availability index of the system to be evaluated, which affects the availability of the operation of the ship, the confidentiality index, which affects the security of the system to be evaluated, and the integrity of the data of the system to be evaluated. It may include an influence rating calculation unit that calculates the influence rating using an integrity index that influences.

In one embodiment, the impact rating calculation unit determines the availability index that affects the availability of the operation of the ship by the system to be evaluated, the confidentiality index that affects the security of the system to be evaluated, and the integrity of the data of the system to be evaluated. The influence level can be calculated using the influence integrity index.

According to the present invention as described above, there is an advantage in that cyber risks can be reduced and operated safely throughout the entire life cycle of an autonomous ship.

Additionally, according to the present invention, there is an advantage that cyber risk assessment can be calculated/measured from the ship construction stage.

Additionally, according to the present invention, there is an advantage that cyber risk assessment can be calculated and taken during the ship operation stage after delivery of the ship.

1 is a network configuration diagram illustrating a quantitative evaluation system for cyber risk of autonomous ships according to an embodiment of the present invention.
Figure 2 is a flowchart illustrating an embodiment of a method for quantitatively assessing cyber risk of autonomous ships according to the present invention.
Figures 3 and 4 are exemplary diagrams for explaining the execution process of Figure 2.

The above-mentioned objects, features, and advantages will be described in detail later with reference to the attached drawings, so that those skilled in the art will be able to easily implement the technical idea of the present invention. In describing the present invention, if it is determined that a detailed description of known technologies related to the present invention may unnecessarily obscure the gist of the present invention, the detailed description will be omitted. Hereinafter, preferred embodiments according to the present invention will be described in detail with reference to the attached drawings. In the drawings, identical reference numerals are used to indicate identical or similar components.

1 is a network configuration diagram illustrating a quantitative evaluation system for cyber risk of autonomous ships according to an embodiment of the present invention.

Referring to FIG. 1, the autonomous vessel cyber risk quantitative evaluation system includes a data input unit 110, a possibility rating calculation unit 120, an impact rating calculation unit 130, a ship cyber risk management evaluation unit 140, and a solution method. Includes a provision unit 150.

The data input unit 110 inputs relevant data to perform a ship cyber risk assessment. At this time, the data may include a ship cyber asset list, ship network configuration diagram, system cyber security function specification, system technology vulnerability diagnosis report, etc.

The probability rating calculation unit 120 includes an attack surface rating calculation unit 121 and a vulnerability rating calculation unit 122.

The attack surface grade calculation unit 121 calculates the attack surface grade using the complexity index (CX) and the connectivity index (CX). At this time, the attack surface is evaluated by the complexity level (CX) of the system configuration and the connectivity level (CY) of the system.

The above complexity index (CX) evaluates the level in terms of operation, management, and maintenance of the system. A lower complexity index (CX) means a system that requires relatively less maintenance and is more stable in terms of cybersecurity, while a higher complexity index means that it requires relatively more maintenance and is less stable in terms of cybersecurity. The complexity index (CX) can be expressed as in [Table 2] below.

[Table 2]

In [Table 2] above, if the complexity index (CX) is 1, it is a low maintenance system and corresponds to the index of all systems that require little or no changes to configuration files, software, operating system, etc. for operation. For example, a system with a complexity index of 1 could include all workstations, personal terminals running on standard operating systems, and all programmable devices.

A complexity index (CX) of 2 indicates that the system is in need of maintenance, meaning that the software, configuration files, or operating system needs to be modified or updated. For example, a system with a complexity index (CX) of 2 includes authentication servers, all database management systems, malware policies, vulnerability information, security equipment (firewall, IDS, IPS) that requires periodic updates, security policies, security configuration, etc. This may include network equipment that requires regular updates.

If the complexity index (CX) is 3, it is a cloud system in which software, configuration files, etc. are synchronized in real time with systems on land, and may include edge servers, cloud-based systems, etc.

A lower Connectivity Index (CX) means a system that requires relatively less maintenance and is more stable in terms of cybersecurity, while a higher Connectivity Index (CX) means a system that requires relatively more maintenance and is less stable in terms of cybersecurity. it means. The connectivity index (CX) can be expressed as in [Table 3] below.

The above connectivity index can be expressed as in [Table 3] below.

[Table 3]

In [Table 3] above, if the complexity index (CY) is 1, it is an isolated system and can include all systems that are not connected to other systems on board or on land.

A complexity factor (CY) of 2 is a closed-connected system: any system that shares one or more interconnects solely for data exchange. This interconnection takes place in a closed environment using protocols such as NMEA, Modbus, etc. on board the ship.

A complexity factor (CY) of 3 is a networked system, which may include all systems within the ship that share one or more Ethernet, optical, Wi-Fi interconnections, or external connections using proven management and authentication security protocols. .

A Complexity Factor (CY) of 4 is a DMZs network with off-ship links (e.g. gateways, remote management links, web services, etc.) that implement authenticated network links such as traditional VPNs (VPN PPTT, SSL and TLS). May include systems.

With a complexity index (CY) of 5, an open-connected system can include all systems that have external links to public network access or have no knowledge of special protection.

Afterwards, the attack surface rating calculation unit 121 calculates the attack surface rating by applying the complexity index (CX) and connectivity index (CY) to [Equation 3].

[Equation 3]

Attack Surface Number = W1 × Complexity Index (CXi) + W2 × Connectivity Index (CYi)

W1, W2: Weight factor, adjustable by user,

AS: attack surface number;

CXi: Complexity Index;

CYi: connectivity index;

[Table 4]

As shown in [Table 4] above, the attack surface grade calculation unit 121 calculates the attack surface grade (AS). If , the lowest first rank is determined, and the attack surface rank (AS) is If , it is decided to be the lower grade, the second grade, and the attack surface grade (AS) is If , it is decided to be level 3, which is the normal level, and the attack surface level (AS) is If , it is decided to be high grade 4, and the attack surface grade (AS) is In this case, it is decided to be grade 5, which is a very high grade.

The vulnerability rating calculation unit 122 calculates the vulnerability rating using the physical vulnerability (PV) index, technical vulnerability (TA) index, and managerial vulnerability (MV) index.

First, the vulnerability rating calculation unit 122 calculates a physical vulnerability (PV) index based on [Table 5].

[Table 5]

As shown in [Table 5], if the physical vulnerability (PV) index is 1, it is a system with low physical vulnerability. The system is locked on all physical ports, including H/W and HMI, to prevent unauthorized personnel from accessing the system. The location where the system is installed has a physical access control device, allowing only the minimum number of authorized personnel to access the device.

If the physical vulnerability (PV) index is 2, the system has moderate physical vulnerability. The system is equipped with a physical protection device such as a cabinet, and the location where the system is installed has a physical access control device, so only the minimum number of authorized personnel can access the device. Access is allowed.

If the physical vulnerability (PV) index is 3, the system has high physical vulnerability. The location where the system is installed has a physical access control device, and only the minimum number of authorized personnel is allowed to access the device.

If the physical vulnerability (PV) index is 4, the system has very high physical vulnerability and there are no physical protection measures.

Additionally, the vulnerability rating calculation unit 122 calculates a technical vulnerability (TA) index using the configured vulnerability (CCE) index and the known vulnerability (CVE) index. At this time, the vulnerability rating calculation unit 122 calculates the configured vulnerability (CCE) index based on [Table 6] and calculates the vulnerability (CVE) index based on [Table 7].

[Table 6]

Based on [Table 6], if the configuration vulnerability index is 1, it means the system is in a very low state with security settings over 90%, and if the configuration vulnerability index is 2, the security settings are low, meaning the security settings are between 80% and 90%. If the configuration vulnerability index is 3, it means a system in a normal state with security settings between 70% and 90%. If the configuration vulnerability index is 4, it means a system in a normal state with security settings between 60% and 70%. If the configuration vulnerability index is 5, it means that the system is in a very high state with security settings less than 60%.

[Table 7]

Based on [Table 7], if the known vulnerability index is 1, it means that the number of known vulnerabilities is judged to be very low, and if the known vulnerability index is 2, the number of known vulnerabilities is low, between 1 and 3. It means a system judged to be in a normal state. If the known vulnerability index is 3, it means a system judged to be in a normal state with the number of known vulnerabilities being 3 to 5. If the known vulnerability index is 4, the number of known vulnerabilities is 4. If the number is 5 or more but less than 7, it means that the system is judged to be in a high state. If the known vulnerability index is 5, it means that the number of known vulnerabilities is 7 or more, meaning that the system is in a very high state.

Then, the vulnerability rating calculation unit 122 calculates a technical vulnerability index by applying [Equation 4] using the configured vulnerability (CCE) index and the known vulnerability (CVE) index.

[Equation 4]

Vulnerability Level (TV) = Configured Vulnerability Index (CCEi) + Known Vulnerability Index (CVEi)

[Table 8]

As shown in [Table 8] above, the vulnerability level calculation unit 122 has a technical vulnerability level (TV). In this case, it is decided to be level 1, which is a very low level, and the technical vulnerability level (TV) is If so, it is decided to be the lower level, level 2, and the technical vulnerability level (TV) is In this case, it is decided to be level 3, which is the normal level, and the technical vulnerability level (TV) is In this case, it is decided to be a high level, level 4, and the technical vulnerability level (TV) is In this case, it is decided to be grade 5, which is a very high grade.

Additionally, the vulnerability rating calculation unit 122 calculates the management vulnerability (MV) index based on [Table 9].

[Table 9]

If the vulnerability rating calculation unit 122 determines that the system has a very low management vulnerability by complying with 90% or more of the inspection items, it determines the management vulnerability index as 1, and complies with 80% or more but less than 90% of the inspection items to determine that the management vulnerability is low. If it is judged to be a low system, the administrative vulnerability index is set to 2. If the management vulnerability is judged to be average by complying with the inspection item criteria of 70% to 90%, the administrative vulnerability index is set to 3, and the inspection item criteria is 60% to 70%. If the management vulnerability is judged to be high based on less than 60% of the inspection items, the management vulnerability index is set to 2. If the management vulnerability is judged to be very high if the check item standard is less than 60%, the management vulnerability index is set to 3.

Afterwards, the vulnerability level calculation unit 122 calculates the vulnerability index by applying the vulnerability index, management vulnerability index, and technical vulnerability index to [Equation 5], and then calculates the vulnerability level through [Table 10].

[Equation 5]

Vulnerability Index (VA) = W3*Physical Index (PAi) + W4*Technical Index (TAi) + W5*Administrative Index (MAi)

[Table 10]

The vulnerability rating calculation unit 122 has a vulnerability index (VA) calculated through [Equation 5]. In this case, it is decided to be grade 1, which is a very low grade, and the vulnerability index (VA) is In this case, it is decided to be the lower grade, the second grade, and the vulnerability index (VA) is In this case, it is decided to be grade 3, which is the normal grade, and the vulnerability index (VA) is If the Vulnerability Index (VA) is , it is determined as Grade 4, which is a high grade, and if the Vulnerability Index (VA) is, it is determined as Grade 5, which is a very high grade.

The impact rating calculation unit 130 evaluates the impact leading to the worst outcome when a cyber threat or cyber attack occurs on the evaluation target system. The impact rating calculation unit 130 performs an evaluation in terms of integrity (I), confidentiality (C), and availability (A) for the component that suffers the most serious consequences among the vulnerable or affected components in the evaluation target system. Conduct. In the impact assessment, the system being evaluated is evaluated in terms of availability, confidentiality, and integrity, and this is converted into an impact score.

The impact rating calculation unit 130 calculates the availability index by referring to [Table 11] below.

[Figure 11]

Based on [Table 11], if the known availability index is 1, it means a system judged to have no impact, and if the availability index is 2, it means limited use of the shipboard system or software (e.g., malware infection, etc.), no impact on maritime accidents, It refers to a system that has no impact on marine environmental pollution and does not require reporting to regulatory agencies. If the availability index is 3, it refers to a system with ship IT system interruption (e.g. email system, cargo management system, etc.), communication and network interruption, and failure. If the availability index is 4, there is some physical damage (e.g. HMI or component damage, etc.), minor marine accident (e.g. unavailability of control or monitoring system) (excluding propulsion control system), injury to people, minor environment. It refers to a system in cases that may lead to contamination (e.g. HMI, component damage, etc.) and cause for warning or caution from regulatory agencies. If the availability index is 5, it refers to a system that may lead to physical destruction (e.g. fire, explosion, etc.) ), serious marine accidents (e.g., stranding, capsize, collision, sinking, etc.), interruption of ship propulsion control or operation (e.g., power outage, etc.), cases where people (seafarers, passengers, etc.) die or are kidnapped, serious environmental pollution (e.g. This applies to a system in cases where an oil spill, air pollution, etc.) occurs, which may lead to the regulatory body not allowing departure.

The impact rating calculation unit 130 calculates the confidentiality index with reference to [Table 12] below.

[Figure 12]

Based on [Table 12], if the known confidentiality index is 1, it means a system in which some low-severity information is leaked, the financial impact is small, some personal information is leaked, and general user passwords and encryption keys are stolen, and the confidentiality index If is 2, it means loss of confidentiality (excluding ship propulsion system) such as control rights of some system, system change, deletion, etc., financial impact due to data leak, system in case of theft of middle and middle administrator password or encryption key, and confidentiality. If the index is 3, the loss of confidentiality such as control authority of the ship system, system change, deletion, etc., the financial impact due to data leakage is serious, and the theft of the system administrator's password or encryption key (e.g., theft of authority such as system SW change, update, etc.) ) means a system in which case.

The impact rating calculation unit 130 calculates the integrity index with reference to [Table 13] below.

[Figure 13]

Based on [Table 13], if the integrity index is 1, data modification is possible, but the control system cannot be modified or is limited, and data modification means a system with little direct impact on ship safety. If the integrity index is 2, some It refers to a system that has a moderate direct impact on ship safety due to control authority of the control system, loss of integrity such as system change or deletion (excluding the ship propulsion system), and data modification. If the integrity index is 3, the control authority of the propulsion system, system It refers to a system that has a direct impact on ship safety due to loss of integrity and data modification, such as changes and deletions.

The influence rating calculation unit 130 calculates the influence rating using the availability (A) index, confidentiality (C) index, and integrity (I) index as shown in [Equation 6].

[Equation 6]

Impact rating (P) = Availability (A) index + Confidentiality (C) index + Integrity (I) index

The ship cyber risk management evaluation unit 1140 evaluates the possibility of cyber threats or cyber attacks occurring in the evaluation target system. In other words, the ship cyber risk management evaluation unit 140 evaluates the attack surface and vulnerabilities inherent in the system for the components that suffer the most serious consequences among the vulnerable components or affected components in the evaluation target system.

The ship cyber risk management evaluation unit 140 evaluates risks using probability ratings and impact ratings as shown in [Equation 6] and [Table 14].

[Equation 7]

Risk_Level = Likeihood × Impact

Risk_Level: List level

Likeihood: likelihood rating

Impact: Impact rating

[Table 14]

[Table 15]

As shown in [Table 15], the ship cyber risk management evaluation unit 140 determines that risk mitigation measures are necessary when the list rating is 16 or less, and when the risk rating is 7 to 20, list mitigation measures are determined according to the user's selection. If the risk level is 7 or lower, risk mitigation measures are judged to be unnecessary.

[Table 16]

Figure 2 is a flowchart illustrating an embodiment of a method for quantitatively assessing cyber risk of autonomous ships according to the present invention. Figures 3 and 4 are exemplary diagrams for explaining the execution process of Figure 2.

Referring to Figure 2, the autonomous vessel cyber risk quantitative system evaluates the cyber threat possibility of the evaluation target system and calculates a probability grade (step S210).

In one embodiment for step S210, the autonomous vessel cyber risk quantitative system may calculate a likelihood rating using the attack surface rating and the connectivity rating.

In the above embodiment, the autonomous ship cyber risk quantitative system ranks the attack surface using a complexity index indicating the maintenance status of the evaluation target system and a connectivity index indicating a state in which the evaluation target system is connected to an external device. can be calculated.

In the above embodiment, the autonomous ship cyber risk quantitative system calculates a physical vulnerability index indicating whether the evaluation target system is connected to a physical access control device, and a technical vulnerability indicating the security setting status of the evaluation target system. Calculate an index, calculate an administrative vulnerability index that indicates whether the inspection items of the evaluation target system are satisfied, and calculate the vulnerability level using the physical vulnerability index, the technical vulnerability index, and the administrative vulnerability index. there is.

The autonomous ship cyber risk quantitative system calculates the impact rating using the impact index of how specific components of the evaluation target system affect the operation of the ship (step S220).

In one embodiment for step S220, the autonomous ship cyber risk quantitative system determines the evaluation target system to include an availability index that affects the availability of the vessel's operation, a confidentiality index that affects the security of the evaluation target system, and the evaluation target. It may include calculating the impact level using an integrity index that affects the integrity of data in the system.

The autonomous vessel cyber risk quantitative system determines the risk grade using the probability grade and the impact grade (step S230). For example, an autonomous ship cyber risk quantitative system can determine the risk level using the probability level and the impact level as shown in FIG. 3.

The autonomous vessel cyber risk quantitative system provides methods to overcome the risk according to the risk level (step S240). For example, an autonomous ship cyber risk quantitative system can provide solutions according to a list as shown in FIG. 4.

Although the present invention has been described with reference to limited embodiments and drawings, the present invention is not limited to the above embodiments, and various modifications and variations can be made by those skilled in the art from these descriptions. Accordingly, the spirit of the present invention should be understood only by the scope of the claims set forth below, and all equivalent or equivalent modifications thereof shall fall within the scope of the spirit of the present invention.

110: data input unit,
120: probability rating calculation unit,
130: Impact rating calculation unit,
140: Ship Cyber Risk Management Assessment Department,
150: Solution provision section

Claims (12)

In the quantitative assessment method of autonomous ship cyber risk implemented in the autonomous ship cyber risk quantitative system,
Evaluating the likelihood of a cyber threat of the system being evaluated and calculating a likelihood rating;
Calculating an impact level of a specific component of the evaluation target system using an impact index that affects the operation of a ship;
determining a risk level using the probability level and the impact level; and
Including providing a method to overcome the risk according to the risk level,
The step of evaluating the cyber threat possibility of the evaluation target system and calculating the likelihood level is
Calculating an attack surface level using a complexity index indicating a maintenance state of the evaluation target system and a connectivity index indicating a connection state of the evaluation target system to an external device;
calculating a physical vulnerability index indicating whether the evaluation target system is connected to a physical access control device;
Calculating a technical vulnerability index indicating the security setting status of the evaluation target system;
Calculating an administrative vulnerability index indicating whether the evaluation target system satisfies the inspection items;
calculating a vulnerability level using the physical vulnerability index, the technical vulnerability index, and the administrative vulnerability index; and
Comprising a step of calculating a probability grade using the attack surface grade and the vulnerability grade.
Quantitative assessment method for autonomous ship cyber risk.
delete delete delete According to paragraph 1,
The step of calculating the technical vulnerability index indicating the security setting status of the system being evaluated is
Calculating a technical vulnerability index using a configuration vulnerability index indicating whether an exploitable vulnerability exists in the configuration of the evaluation target system and a known vulnerability index indicating whether an exploitable vulnerability exists in the evaluation target system configuration. Characterized by including
Quantitative assessment method for autonomous ship cyber risk.
According to paragraph 1,
The step of calculating the impact rating using the impact index of the specific component of the evaluation target system affecting the operation of the ship is
The impact of the evaluation target system is calculated using the availability index that affects the availability of the ship's operation, the confidentiality index that affects the security of the evaluation target system, and the integrity index that affects the integrity of the data of the evaluation target system. Characterized by comprising the step of calculating a grade
Quantitative assessment method for autonomous ship cyber risk.
In the autonomous vessel cyber risk quantitative system,
A probability rating calculation unit that evaluates the cyber threat possibility of the system being evaluated and calculates a possibility rating;
an influence rating calculation unit that calculates an influence rating using an influence index of a specific component of the evaluation target system affecting the operation of a ship;
A ship cyber risk management evaluation unit that determines a risk level using the probability level and the impact level;
It includes a solution providing unit that provides a method to overcome the risk according to the risk level,
The probability level calculation unit
An attack surface grade calculation unit that calculates an attack surface grade using a complexity index indicating the maintenance status of the evaluation target system and a connectivity index indicating a state in which the evaluation target system is connected to an external device; and
Calculate a physical vulnerability index indicating whether the evaluation target system is connected to a physical access control device, calculate a technical vulnerability index indicating the security setting status of the evaluation target system, and check items for the evaluation target system. Comprising a vulnerability rating calculation unit that calculates an administrative vulnerability index indicating whether the device is satisfied or not, and calculates a vulnerability rating using the physical vulnerability index, the technical vulnerability index, and the administrative vulnerability index.
Autonomous ship cyber risk quantitative assessment system.
delete delete delete In clause 7,
The ship cyber risk management and evaluation department
The impact of the evaluation target system is calculated using the availability index that affects the availability of the ship's operation, the confidentiality index that affects the security of the evaluation target system, and the integrity index that affects the integrity of the data of the evaluation target system. Characterized by including an influence rating calculation unit for calculating the rating.
Autonomous ship cyber risk quantitative assessment system.
According to clause 11,
The influence rating calculation unit
The impact of the evaluation target system is determined using an availability index that affects the availability of the ship's operation, a confidentiality index that affects the security of the evaluation target system, and an integrity index that affects the integrity of data of the evaluation target system. Characterized by calculating a grade
Autonomous ship cyber risk quantitative assessment system.