MARITIME CYBER SECURITY Archives - Page 15 of 41 - SHIP IP LTD

Security News Desk – UK looks at the biggest threats facing port security in today’s society and addresses why there is a vulnerability 

The maritime industry is the unquestionable driver of the global economy. Through a vast network of vessels, ports, logistical and administrative infrastructure – some 90% of the world’s goods are moved each year. Like most industries, maritime has become increasingly automated, connected and remotely monitored. 

Not surprisingly, maritime trade has also become a prime target for cyber-attackers. The sector is especially vulnerable owing to its dependence on technology for navigation, communication, and logistics. At the same time, both onboard and land-based systems are aging rapidly – a fact exacerbated by the average 25-30 year lifespan of many cargo vessels. 

This combination of vulnerability and economic centrality has led to an ever-increasing pace of cyberattacks on maritime vessels and infrastructure. The World Economic Forum cited cyberattacks on transportation infrastructure as the world’s fifth highest risk in 2020, and cyberattacks on the maritime sector increased by a staggering 900% over the last three years. Among the targets hit in 2020, the UN Maritime Agency, shipping giant MSC, and French container transport company CMA CGM. 

A high profile attack in May last year on Iran’s Shahid Rajaee port facility at Bandar Abbas illustrated the domino effect of disruption cyberattacks on port computer systems can have. This attack, considered relatively minor, nonetheless created long lines of vehicles outside the port, and led to numerous vessels being stuck in the harbour for hours. 

Source: securitynewsdesk

Fuel management technology company FUELTRAX has announced a new partnership with blockchain firm Topl to use its Blockchain-as-a-Service (BaaS) platform to support greater transparency in maritime energy trading operations. With blockchain integrated into EFMS products, each step in the energy trading process will have an equivalent digital step, including contract formation, asset tracking, and delivery of the product. As supply chain events occur in real time, each is added to the Topl Blockchain, where a tamperproof record will be maintained to provide documentation and traceability. The blockchain will link all steps for vessel fuel transfers, creating a complete verifiable digital record. Any changes made along the supply chain will be recorded immutably, and clients will be able to report on the progress of successful bunker and transfer operations. “The maritime industry knows how crucial it is to constantly improve security efforts in offshore operations. The Topl Blockchain will help us to add a layer of verification to assure vessels’ operations are performing to achieve company goals and help prove ethical practices while using FUELTRAX technology,” said Anthony George, Founder and CEO of FUELTRAX.

Source: smartmaritimenetwork

Maritime networks have become an attractive playground for hackers, with cyber-attacks on vessel OT networks and systems increasing by 900% over the past three years.  A ship’s onboard information technology and operational technology systems can be hacked just as easily as systems ashore. Such security breaches have the potential to do considerable harm to the safety and security of ships, ports, marine facilities and other elements of the maritime transportation system. Attacks on vessel OT networks can be catastrophic, leading to injury, loss of life, asset damage or environmental impact.

There has been some ongoing tension between Israel and Iran in the form of an alleged back and forth of attempted and successful cyberattacks against physical infrastructures. Geopolitical tensions are one of many maritime security challenges.

On May 9, 2020, all shipping traffic at the Shahid Rajaee port terminal in Iran came to an abrupt halt. According to The Washington Post, an unknown foreign hacker briefly knocked the port’s computers offline, which led to massive backups on waterways and roads leading to the terminal. The Shahid Rajaee port facility is the newest of two major shipping terminals in the Iranian coastal city of Bandar Abbas, on the Strait of Hormuz. Computers that regulate the flow of vessels, trucks and goods at the port were knocked offline simultaneously on May 9, 2020, disrupting operations and causing road and waterway congestion that lasted several days. The attack on the port’s computers was confirmed a day later by Mohammad Rastad, managing director of the Ports and Maritime Organization (PMO), who stated, “A recent cyberattack failed to penetrate the PMO’s systems and was only able to infiltrate and damage a number of private operating systems at the ports.”

A panel of technical experts debated the advantages of cyber security centres securing vulnerable maritime assets during Riviera’s Maritime’s zero-day exploit: port cyber security webinar. They explained how port facilities remain vulnerable to, and are unprepared for, cyber threats. They agreed port cyber security is maritime’s zero-day exploit, which is a secret vulnerability no one has generated protection for. Panellists on Riviera’s Maritime’s zero-day exploit: port cyber security webinar were : University of Plymouth research fellow for cyber security Dr Kemedi Moara-Nkwe, NORMA Cyber managing director Lars Benjamin Vold and McDermott Will & Emery partner Paul Ferrillo.

Cyber attacks on logistics hubs would devastate the supply chain network with tremendous financial damage, said Mr Moara-Nkwe. He said cyber threats could affect operational technology (OT) such as supervisory control and data acquisition (SCADA) systems and IT networks in ports. “Ports are unique in their interfaces between IT and OT, such as for cargo loading and unloading,” he said, adding a cyber attack initiated in IT could impact substations, electrical systems and automated cranes.

There are also consequences to cyber issues jumping between IT and OT on ships as more owners, operators and managers adopt digitalisation and internet of things (IoT). “This could potentially cause a vessel to lose access to onshore services, with no communications,” said Mr Moara-Nkwe. “There could be a loss of access to electronic devices used for navigation or for safety purposes on ships.”

“Ports depend on the technology and need to consider the risks as a cyber attack can affect availability of technology and assets,” said Mr Moara-Nkwe. “Potential consequences are disruptions to port operations and to supply chains.”

Source: idstch

Us-class and services organisation ABS Group of Companies, (ABS Group) has launched a new set of safety and risk-based services to support compliance to the 2021 Cyber Risk Management (CRM) guidelines recommended by the IMO. The IMO CRM guidelines encourage maritime organisations to address cyber risk management in a safety management system (SMS) no later than the first annual verification of the company’s Document of Compliance after 1 January 2021.

ABS Group’s says its new cyber security services will help clients understand how to align to the IMO guidelines and other accepted standards and build comprehensive cyber security capabilities that address enterprise and ship level cyber controls as identified in the IMO guidance. CRM capabilities will span both information technology (IT) and operational technology (OT) systems in accordance with IMO, BIMCO, National Institute of Standards and Technology Cyber Security Framework (NIST), ISO/IEC 27001 and other accepted standards.

“Using a ‘defence in depth and breadth’ approach, owners and operators must protect their critical assets with a comprehensive set of risk controls,” said Ian Bramson, Global Head of Cyber Security at ABS Group. “We are working closely with industry stakeholders and regulators to reduce cyber risk and lessen the impact of cyber incidents that can have serious financial, operational and environmental consequences. Looking beyond 2021 compliance, our Cyber Security consultants understand this is a long-term challenge that will continue to affect OT assets in an increasingly connected world. Building robust OT cyber security capabilities will provide better control, visibility and management of risk across maritime operations.”

ABS Group’s cyber security portfolio offers risk-based capabilities at every stage of cyber defence and includes the proprietary Cyber Risk Reduction and Cyber Risk Rating (CybeR2) program. CybeR2 builds on the award-winning ABS FCI Cyber Risk Model developed with the Maritime Security Center, a U.S. Department of Homeland Security Center of Excellence.

Source: shipinsight

Cyber defence expert Naval Dome and the offshore division of a supermajor have completed a joint project to identify and mitigate cyber risks common to offshore deepwater drilling rigs.

Findings from the two-year project, culminating in the installation and pilot testing of Naval Dome’s Endpoint cyber defence system aboard drilling rigs in the Gulf of Mexico, indicate that the minimum industry guidelines, regulations and security techniques are out of step with current platform technology, connectivity requirements and cyber-attack methodology.

In a joint research paper presented at an Offshore Technology conference in Houston last week, the authors state: “Activities over two years have demonstrated shortfalls and real challenges that need to be addressed if we are to create a more cyber-secure deepwater drilling rig environment.”

In presenting the Cyberdefence of Offshore Deepwater Drilling Rigs paper to conference delegates, Adam Rizika, Head of Strategy, Naval Dome, said: “Where systems installed on offshore platforms had traditionally been isolated and unconnected, limiting cyber hack success, the increase in remote monitoring and autonomous control, IOT and digitalisation has made rigs much more susceptible to attack.”

Going on to reveal how the test rigs’ OT (operation technology) networks were penetrated using a software installation file for dynamic positioning (DP) and workstation charts, Rizika, explained that Naval Dome simulated an OEM service technician unwittingly using a USB stick with malicious software containing three zero-day exploits.

“The modified file was packaged in a way that looked and acted like the original one and passed anti-virus scanning without being identified as a cyberattack or picked up by the installed cyber network traffic monitoring system,” he said.

Although the attack was carried out internally, Rizika noted remote execution was feasible using the rig’s externally facing network connections.

“Penetration testing confirmed how a targeted cyber attack on a deepwater drilling rig could result in a serious process safety incident, with associated financial and reputational impact,” he said.

In the paper, the authors state that pilot tests confirm traditional, “perimeter type” IT transplanted OT cyber security solutions, such as anti-virus, network monitoring and firewalls, are not enough to protect critical safety and processing equipment from attack, leaving rigs vulnerable.

“It is abundantly clear that more advanced purpose-built solutions are needed to better protect an offshore platform from exposure to external and internal cyber attacks, whether targeted or otherwise,” reported Rizika.

The paper goes on to highlight a shortage of OT cyber domain skilled staff, regulation and controls that are slow to evolve and be implemented, an IT-centric approached being applied to an OT environment, and a mismatch between drilling rig systems and equipment and their supporting software.

Rizika said: “Although industry guidelines and regulations offer minimum standard requirements, we found the advancement in rig technology, connectivity and cyber-attack methodology has outpaced the regulations, driving the need for a more comprehensive approach.”

Commenting on the project’s findings, Naval Dome Chief Executive Officer Itai Sela, said: “The project and successful pilot testing of a multi-layer cyber defence solution aboard these rigs has demonstrated that both new and legacy OEM systems can be better protected from internal and external cyberattack vectors, without the need for expensive equipment upgrades, or higher overheads that lead to an increase in total cost of ownership.

“Results to date demonstrate that the endpoint system is robust and can operate without interfering with ongoing rig operations. The cost of upgrading the obsolete systems is high, and even if upgrades are undertaken vulnerabilities can still remain.”

By approaching the problem differently, Naval Dome and the oil major  believe that the attainment of a cyber resilient environment can be accelerated onboard offshore installations at a critical time for the industry.

Source: maritime-executive

Piracy is no longer just a matter of gangs entering your yacht in the middle of the night. The threat of cyber space is building up rapidly, with the potential of posing even bigger risks, to the owners, their family and the crew. Good training can help.

This Cyber Security for Superyacht online course provides you with knowledge about common cyber attacks that the ship’s crew can face. Additionally, the course suggests best practices for the protection against cyber threats. As a result, all aboard are better protected.

This course aligns with:

The ISM Code (MSC.428 (98) Maritime Cyber Risk Management in Safety Management Systems)
MSC-FAL.1/Circ.3 Guidelines on maritime cyber risk management
ISO/IEC 27001 – Information Security Management, 2013
BIMCO Guidelines on Cybersecurity Onboard Ships(v4)

Source: stcw.online

In the last two decades, the cases of cyberattacks against Institutions have increased exponentially, so much so that they pose a real threat to the defense of the state and organizations.

As the global shipping and commerce industry becomes increasingly dependent on highly sophisticated technical equipment and software to keep it running efficiently, it also becomes more vulnerable to the risks that cyberattacks pose – herein lie the importance of maritime cyber security

SEAFUTURE is the convention on maritime and dual-use technologies, designed to provide civil or military Institutions and Organizations with the progress of science in the maritime industry and defense, also and above all about the theme of maritime cyber security.

From 29 September to 1 October 2021 Telsy will participate in the SEAFUTURE 2021 convention, at the naval arsenal of La Spezia, during which the major national and international defense and security players engaged in the maritime field will be present.

THE CYBER THREAT

Some of the major factors that make maritime cybersecurity such a topical topic are the proliferation of automated systems onboard ships, the integration of multiple systems, the growing ability to monitor systems remotely, and the fact that all of these systems rely on the Internet for their connectivity.

Ships and ports can be damaged by malware, system failures, and other harmful computer activities. That’s why maritime cybersecurity must be able to better protect and inform sea workers who rely on technology to assist them in everything from vessel navigation and control to cargo and shore management issues.

The Internet of Things (IoT) can make a home smart and more efficient, but at the same time make it vulnerable to hackers looking to disable its security system and steal the personal data of its occupants.

Ships that rely on advanced technologies can be equally vulnerable. For this reason, maritime cyber security is as much about the adoption of new technologies as it’s about the awareness of the susceptibilities that derive from that technology.

For further information, an article on the risks deriving from cyber threats is available on our blog.

MARITIME CYBER RISK

Maritime cyber risk aims to quantify how much a technological asset may be threatened by a potential circumstance or event, which could lead to operational, security, or compromise-related failures of information or systems. From these assumptions arises the need for effective maritime cyber risk management.

Cyber risk management refers to the process of identifying, analyzing, evaluating, and communicating an IT risk and accepting, preventing, transferring, or mitigating it at an acceptable level, considering the costs and benefits of the actions taken by the stakeholders.

In this sense, cybersecurity represents a conditio sine equa non to affirm substantial success for the marine industry.

THE MARITIME EMPOWERMENT

Italy – and the enlarged Mediterranean in general – is an essential crossroad for world trade and shipping. Located in the center of the Mediterranean basin and “closed” by the two most strategic “choke points” of the old continent (the Strait of Gibraltar and the Suez Canal), it has the potential to be the protagonist of the international maritime transformation.

With the growing need for greater quantities of traded goods and the newly formed Italian EEZ (Exclusive Economic Zone), the entire private and institutional maritime organization is in an epochal modernization and development process about its capabilities.

Among these, cyber security is an indispensable element for virtuous and far-sighted development.

TELSY AT SEAFUTURE 2021

During the SEAFUTURE 2021 convention, the hot topics in the fight against cybercrime and, in particular, maritime cyber security will be exposed. The event will be attended by the major exponents in the field of industry and maritime defense, both in the civil and military sides.

Competence Center of the TIM Group in the cyber and crypto sector, Telsy provides innovative security technologies to support strategic assets and critical infrastructures in the fight against maritime cybercrime.

On September 30 Telsy, in addition to exhibiting its technologies, will be the official sponsor of the main event dedicated to cybersecurity, during which Eugenio Santagata, CEO of the company, will speak.

Source: telsy

SeaCyber is a specialist Marine Cyber Security Consultancy. Our important work, aligned with industry guidelines, helping clients across the marine sector to not only identify and evaluate their most critical vulnerabilities but to establish the essential frameworks and solutions to mitigate or eliminate any potential threat and ensure regulatory compliance.

Source: seacyber

The primary mission for cyber security on a superyacht is ensuring that the guest experience is transparently fulfilled. Our experience in providing cyber security to superyachts has demonstarted to us that one size doesn’t fit all and we have had to learn through trial and error which cyber security technologies, which work well on a terrestrial deployment, don’t work for maritime.

CND also supply preformed packages of cyber security services, according to the size of ship, risk, or budget. (Bronze, Silver and Gold) each crafted to meet the IMO 5 elements of Cyber Risk Management for both Information Technology (IT) and Operational Technology (OT). Our Platinum package is designed for fleets of ships, where resources are shared across the fleet to save money and provide correlated cyber security situational awareness.

From the 1st of January 2021, cyber security will come under the remit of the International Safety Management System (ISM) Code, supported by the IMO Resolution MSC.428(98), requiring ship owners and managers to assess cyber risk and implement relevant measures.

Source: cndltd

Source: franman