Zero-Trust Security Model Applied to Smart Shipping: Towards a Feasible Architecture

Securing information systems and assets within smart shipping environments is of utmost importance. In practice, however, securing smart shipping is a difficult and tedious task because smart shipping environments are highly dynamic, distributed, and loosely coupled, which cause having large threat/attack vectors without having all security measures under own control. The Zero Trust Security Model (ZTSM) has been suggested by security experts and many national cybersecurity centers as a promising approach for addressing the shortcomings of the traditional perimeter-based security architecture. However, a scalable ZTSM architecture which is applicable to large networks, like those of smart shipping, is missing. In this contribution we aim at investigating how the ZTSM can be made suitable for securing smart shipping. We study smart shipping security requirements and describe three off-the-shelf security services that can contribute to the realization of the ZTSM in such environments. Investigating these example security services inspired us to propose a ZTSM architecture for smart shipping environments, which relies on metadata exchange for trust establishment at various levels among federations of organizations, human or business controlled context and content transfer, and monitoring and controlling data and service usage. The proposed architecture can embody the ZTSM deployment within large networks of cooperating organizations (like those within smart environments). Although this architecture is proposed for and based on the security requirements of smart shipping, we conjecture that it can be applicable to other forms of smart environments as well.