Matin Foomani shares Transport Canada's hybrid risk model pairing vulnerability inventories with MITRE ATT&CK frameworks for Maritime Autonomous Surface Ships.
Maritime automation addresses seafarer shortages but introduces complex cybersecurity challenges where historical incident data barely exists. Maritime Autonomous Surface Ships, or MASS, operate in environments spanning vessels, remote operation centers, communication networks and supporting infrastructure - each vulnerable to attacks that could disrupt Canadian supply chains. Traditional risk models fail when probability data is unavailable.
Transport Canada developed a hybrid risk model pairing comprehensive vulnerability inventories with MITRE ATT&CK frameworks for both enterprise and ICS environments. Rather than relying on unknown incident frequencies, the model maps 145 vulnerability vectors to adversarial tactics and techniques, estimating severity through attacker effort and plausibility of attack chains.
In this session, Matin Foomani of Transport Canada will share insights on:
- Why traditional probability-based models fail for emerging autonomous maritime systems;
- How MITRE ATT&CK mapping enables structured, evidence-based cyber-risk prioritization;
- Key lessons from Transport Canada's MASS risk-modeling initiative and its path toward a national standard.
Here is the course outline:
ATT&CK-Driven Cyber Risk Modeling for Maritime Autonomous Surface Ships |
Completion
The following certificates are awarded when the course is completed:
 |
CPE Credit Certificate |
