Project overview:

• Goal: Create a detailed Maritime Cybersecurity Threat Catalogue
• Location: Amsterdam / Eindhoven
• Timeframe: 3 / 4 months
• Team: Product Manufacturers
• Supervisor: Adelina-Elena Voicu

As a student, you have:

Education:

• Pursuing or having completed a Master's Degree in: cybersecurity, computer science, information technology, information systems.

Technical skills:

• Proficient with Microsoft office products including PowerPoint and Excell;
• Good understanding of cybersecurity concepts, attack vectors, and risk management;
• Familiarity with common cyber threats (e.g., malware, phishing, denial of service) and attack vectors;
• Proficient in researching cybersecurity threats and effectively documenting findings in a clear and structured manner;
• Strong skills in technical writing to create clear and concise reports and threat documentation.

Soft Skills:

• Ability to work well in an international team environment;
• Strong English speaking and writing capability;
• Strong organizational skills to prioritize tasks and meet deadlines throughout the internship;
• Good communication skills;
• Clear documentation skills.

The project you will be working on:

The maritime industry is increasingly reliant on digital and automated systems for navigation, communication, and operations. As these systems become more interconnected, they also become more vulnerable to cyber threats. The primary goal of this internship is to create a detailed maritime cybersecurity threat catalogues identifying and documenting various cyber threats unique to the maritime environment. The catalogue will serve as a foundational resource for conducting criticality and risk assessments.

1. Research and Analysis:
Conduct in-depth research on maritime cybersecurity threats, including historical data, current trends, and emerging risks. Analyze existing cybersecurity frameworks and threat catalogues in other industries to identify potential parallels.

2. Identification of maritime systems:
Create a comprehensive list of maritime systems to be included in the threat catalog, such as:

• Electronic Chart Display and Information System (ECDIS)
• Automatic Identification System (AIS)
• Global Maritime Distress and Safety System (GMDSS)
• Integrated Bridge Systems (IBS)
• Cargo Management Systems
• Shipboard Control Systems

Document the functionalities and technologies used in each system to understand their vulnerabilities.

3. Identification of Threats:
Identify and document specific cyber threats that target maritime systems such as navigation, communication, cargo management, and automation systems.

Investigate threats associated with shipboard and shore-based systems, satellite communications, and maritime IoT (Internet of Things).

4. Catalogue Development:
Develop a structured framework to categorize threats.

Include detailed descriptions of each threat, its potential impact on maritime operations, and recommended mitigation strategies.

Develop mitigation strategies for each identified threat, including (if applicable):

• technical measures: firewalls, encryption, intrusion detection systems, and software updates.
• organizational policies: employee training, incident response plans, and regular security audits.
• industry best practices: adherence to cybersecurity frameworks like NIST, ISO 27001, and IEC 62443.

5. Documentation and Presentation:
Compile the threat catalog into a structured document that is clear and user-friendly. This document may include:

• an introduction to the purpose and scope of the catalog.
• a detailed section for each maritime system, including identified threats and recommended mitigation strategies.
• appendices with additional resources, references, and tools.

Prepare a presentation summarizing the key findings and insights from the threat catalog for relevant stakeholders at the conclusion of the internship.