Towards the Creation of a Threat Intelligence Framework for Maritime Infrastructures

The maritime ecosystem has undergone through changes due to the increasing use of information systems and smart devices. The newly introduced technologies give rise to new attack surface in maritime infrastructures. In this position paper, we propose the MAritime Threat INtelligence FRAMEwork (MAINFRAME), which is tailored towards collection and analysis of threat intelligence in maritime environments. MAINFRAME combines: (i) data collection from ship sensors; (ii) collection of publicly available data from social media; (iii) variety of honeypots emulating different hardware and software component; (iv) event detection assisted by deep learning; (v) blockchain implementation that maintains audit trail for activities and transactions, and electronic IDs; and (vi) visual threat analytics. To highlight the interdependencies between cyber and cyber-physical threats in autonomous ships, MAINFRAME's operation is evaluated through the liquefied natural gas (LNG) Carrier case study.