By John Costanzo

The Coastal Virginia Center for Cybersecurity Innovation (COVA CCI), southeastern Virginia’s node of the Commonwealth Cyber Initiative, awarded $581,000 for seven cybersecurity research projects focused on maritime industry needs. 

Teams from Old Dominion University, Christopher Newport University and the College of William & Mary submitted proposals in response to the COVA CCI request for proposals: “Addressing Cybersecurity Compliance Challenges to Technology Adoption for the Maritime Industry.” 

The request asked researchers to work with maritime industry partners to address the barriers to technology adoption due or related to cybersecurity compliance issues. The funded projects aim to overcome or mitigate cybersecurity impediments to the adoption of new technologies such as cloud computing, 5G connectivity and machine learning. 

The awarded projects are:

Applying Risk Assessment Methodology to Produce Cyber-Hardened 5G Communication Capabilities for Autonomous Maritime Platforms

This project links SimIS Inc., a Portsmouth-based company, with researchers from Old Dominion University’s Virginia Modeling, Analysis and Simulation Center (VMASC) and FairLead Boatworks to design and integrate an autonomous communications system for SimIS Inc.

Project Team: Yiannis Papelis, Old Dominion University/VMASC, Ahmet Saglam, ODU/VMASC, Casey Batten, SimIS Inc.

Automated Cybersecurity Maturity Model Certification (CMMC) compliance for shipbuilding

Chitra Productions, LLC, a woman-owned small business, is partnering with VMASC researchers and ManTech Advanced Systems International Inc.’s shipbuilding cybersecurity team to develop a CMMC compliance tool for the shipbuilding industry.  

Project Team: Safdar Bouk, Old Dominion University/VMASC, Andrew Mixon, Chitra

Maritime CMMC domain handbook

SimIS Inc., is working with researchers from VMASC and FairLead Boatworks to create a maritime CMMC domain handbook with implementation guidelines for 14 individual control domains. Each domain handbook will provide detailed analysis, planning and implementation roadmaps for each of the 14 domains and will be written in language suitable for maritime staff with technical-level implementation knowledge. 

Project Team: Sachin Shetty, ODU/VMASC, Warren Bizub, SimIS Inc., Michael Humphrey, SimIS Inc.

Machine Learning-Enabled Dependency Network Analysis for Quantifying Risks and Ripple Effects Stemming from Cybersecurity Non-Compliance Issues

Rafael Diaz, research associate professor, will lead a team of VMASC researchers and his industry partner, Fairlead Boatworks Inc., on a project that will build upon the work he previously completed under another COVA CCI-funded project – “A Real-Time Dependency Network Approach to Quantifying Risks and Ripple Effects from Cyberattacks in Shipbuilding and Repair Supply Networks.” The new project aims to develop a machine learning-enabled model and data collection tool that will allow stakeholders to investigate and assess risk trade-offs in their supply networks. To accomplish this, the team is working to move the project closer to commercialization. In addition, they are seeking to develop a case study to support new interdisciplinary classes that collectively leverage cybersecurity, data sciences and supply chains. 

Project Team: Rafael Diaz, ODU/VMASC, Katherine Smith, ODU/VMASC, and Maryam Salehi, ODU/VMASC.

Spotlighting and Mitigating Cyber Attacks in Artificial-Intelligence-of-Things (AIoT)-Enabled Maritime Transportation Systems 

Yi He, assistant professor of computer science, will lead a team of researchers from ODU’s School of Cybersecurity, Department of Computer Science and Department of Information Technology & Decision Sciences, who will partner with Peregrine Technical Solutions, a veteran-owned small business headquartered in Yorktown and a subsidiary of Goldbelt Inc., an Alaska Native Corporation, to spotlight specific cybersecurity challenges faced by AIoT-enabled maritime transportation systems and propose strategies for mitigating these challenges. This will be done through comprehensive tests that will simulate real-world cyberattacks on AIoT-enabled maritime transportation systems. Based on these test results, they will develop two defense models for improving the cybersecurity of the AIoT-enabled maritime transportation systems. One will defend against the neural backdoor attacks that target multi-modal data inputs; the other will detect malicious signals hidden behind the background traffic of a complex communication network. 

Project Team: Yi He, Old Dominion University, Rui Ning, ODU, Yuhong Li, ODU, Peng Jiang, ODU, and Leigh Armistead, Peregrine Technical Solutions

Navigating Cybersecurity Compliance Challenges for the Maritime Industry in Southeast Virginia

Researchers from Christopher Newport University, led by Mohammad Almalag, will team with Peregrine Technical Solutions to develop a screening process to help the maritime industry comply with a variety of cybersecurity requirements. The research team will conduct a series of surveys of the maritime industry to gather information on the cybersecurity regimes included in CMMC, National Institute of Standards and Technology controls, Maritime Cyber Risk Management in Safety Managements Systems, and other designated regimes. The results of these surveys will be used to make recommendations on actions that should be taken to be compliant across these regimes. 

Project Team: Mohammad Almalag, Christopher Newport University, Michael Lapke, CNU, Chris Kreider, CNU, Leigh Armistead, Peregrine Technical Solutions

Exploring Challenges and Adoption Enablers of Cybersecurity Maturity Model Certification in Maritime Industries

A research team led by William & Mary’s Chon Abraham will work with G2Ops Inc., a woman-owned small business based in Virginia Beach. Their work will build upon previous Commonwealth Cybersecurity Initiative-funded research that resulted in preliminary systems analysis and design of the Cybersecurity Maturity Model Certification Assessment Assistant (CyMMCAA) tool for meeting CMMC compliance requirements. The team will continue to develop and refine the CyMMCAA tool, consolidate insight for its use in CMMC compliance via a cyber roadmap, and provide guidance for cyber-risk valuation costs that the tool and roadmap can aid in avoiding. 

Project Team: Chon Abraham, William & Mary, Tracy Gregorio, G2Ops

To learn more about these projects and see previously funded projects visit the COVA CCI website’s research page.