MARITIME CYBER SECURITY Archives - Page 18 of 40 - SHIP IP LTD

Marco (Marc) Ayala is a process automation professional with more than 25 years of experience working in petrochemical facilities where he designed, implemented, and maintained their process instrumentation, automation systems, and process control networks. Currently the director and ICS cybersecurity section lead at 1898 & Co. (part of Burns & McDonnell), Marco has expertise with safety systems, advanced process control, enterprise historians, and industrial network security where he worked with enterprise IT to implement a corporate PCN security solution. He is active in cybersecurity efforts for the oil and gas, maritime port, offshore facilities, and chemical sectors, working alongside federal, local, and state entities for securing the private sector.

Marco is very active in ISA and has been a member for about 20 years. He is now a senior member and a certified cyber instructor for ISA. He sits on the Safety and Security Division (SAFESEC) committee and is their liaison to the ISA Global Cybersecurity Alliance. He is also the membership chair of the Smart Manufacturing and IIoT Division (SMIIoT).

“Safety, security, and digitalization are all so important,” Marco says. “There’s just so much to do.”

His activities outside of ISA also dovetail with his drive to contribute in these areas. Marco is the Sector Chief for the Maritime Domain Cross Sector Council (CSC) with InfraGard. He is a member contributor of the AMSC Gulf of Mexico (GOM) cyber panel, as well as the chair of the cybersecurity subcommittee of AMSC. Marco served on the working group that developed the “Roadmap to Secure Control Systems in the Chemical Sector” in 2009.

The study is global, yet split into 7 regions: Africa, Asia-Pacific, Central Asia, Europe, Latin America, the Middle East, and North America. It includes the top 100 ports based on twenty-foot equivalent units (TEUs) handled, corroborated for 196 countries.

The shipping industry is responsible for about 90% of global trade by volume. Governments prioritize the safe and secure transportation of goods, including from land to sea at port sites, to ensure economic stability and growth.

Ports are regarded as national infrastructure and are both a potential terrorist target and an entry point for terrorists; still, persistent threats (the illegal movement of individuals, weapons, drugs, or other illicit materials) are often higher on the risk register than terrorism-related threats because they are more common and cause greater losses or damage to port operations. Concerns about persistent threats are primarily behind the push to enhance security technology at ports, with the West taking tougher stances on border control to stem the tide of illegal immigration.

This research assesses the global maritime port security market through the identification of market trends, drivers and restraints, key technologies, and main developments by region. An examination of notable projects and investments will identify areas of considerable growth and opportunities for security providers. The focus is on the land-side security of a port; the study excludes ship onboard security technologies, automatic identification systems, and vessel traffic services and systems.

Technologies include access control and identity management, C2, communication equipment, cybersecurity, data analytics and storage, fire equipment, screening and detection, surveillance, vehicles and platforms, personal protection gear, and managed services.

Source: globenewswire

Take up of cyber insurance in the marine sector to date has been slow, but that’s bound to change.

One key reason is that the maritime industry is changing rapidly, said Dieter Berg, head of marine business development for Munich Re.

“Until recently, ships were isolated, and the logistics process was not technologically advanced. This market is changing very quickly to digital communications and connectivity.”

Those changes include more than just electronic navigation and communication, they extend to smart containers and real-time logistics routing and scheduling.

“This digitalization changes the risk profile for the marine industry,” said Andreas Schlayer, senior cyber underwriter for Munich Re. “The more an operation is electronic, the more the dependence on data changes the risk profile and the behavior.”

Source: riskandinsurance

After the Japanese attacked Pearl Harbor, the Goodyear blimp Resolute was put into service spotting enemy submarines. There’s a lesson for 21st-century cyberwarfare.

The Constitution gives Congress the power to issue “letters of marque and reprisal”—essentially licenses authorizing private parties to wage war on the government’s behalf. Congress issued letters of marque liberally until the end of the War of 1812, and they were particularly useful during the First Barbary War (1801-05). The fledgling U.S.’s fleet of six frigates couldn’t stem piracy alone. Letters of marque enlisted U.S. merchantman as far away as the Mediterranean, where Barbary states often provided pirate ships with safe harbor. In the typical 19th-century use, Congress issued letters of marque to schooners and sloops, giving their operators the authority to sink or capture pirate ships by force.

Source: wsj

Dryad and cyber partners RedSkyAlliance continue to monitor attempted attacks within the maritime sector. Here we continue to examine how email is used to deceive the recipient and potentially expose the target organisations.

“Fraudulent emails designed to make recipients hand over sensitive information, extort money or trigger malware installation on shore-based or vessel IT networks remains one of the biggest day-to-day cyber threats facing the maritime industry.”

Dryad Global’s cyber security partners, Red Sky Alliance, perform weekly queries of  backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails.  Email subject line Motor Vessel (MV) or Motor Tanker (MT) keyword usage is a common lure to entice users in the maritime industry to open emails containing malicious attachments.

With our cyber security partner we are providing a weekly list of Motor Vessels where it is observed that the vessel is being impersonated, with associated malicious emails.

The identified emails attempted to deliver malware or phishing links to compromise the vessels and/or parent companies.  Users should be aware of the subject lines used and the email addresses that are attempting to deliver the messages.

Those who work in the security industry can quickly identify the suspicious aspects of these emails, but the targets often cannot. Even if attackers can only get 10% of people to open their malicious email attachments, they can send thousands out in a day using similar templates resulting in hundreds of victims per day. They can also automate parts of this process for efficiency. It is critical to implement training for all employees to help identify malicious emails/attachments. This is still the major attack vector for attackers looking to attack a network. These analytical results illustrate how a recipient could be fooled into opening an infected email. They also demonstrate how common it is for attackers to specifically target pieces of a company’s supply chain to build up to cyber-attacks on the larger companies. Doing so could cause the recipient to become an infected member of the maritime supply chain and thus possibly infect victim vessels, port facilities and/or shore companies in the marine, agricultural, and other industries with additional malware.

Source: channel16.dryadglobal

Aong focused on mitigating physical risks such as piracy, the maritime shipping industry is currently grappling with a new challenge: how to respond to a dramatic spike in cybersecurity threats.

From February to June 2020, cybersecurity consulting firm Naval Dome documented a 400% growth in attempted hacks against maritime targets. Driven by increased numbers of remote access paths onboard vessels and the convergence of new information technology (IT) targets into traditionally operational technology (OT) environments — as well as the perceived value in targeting an industry that carries nearly 90% of the world’s trade — these attacks represent a serious new threat to the backbone of global commerce.

“This convergence is increasingly more pervasive because of the nature of digitalization trends, like using onboard sensors and tracking data off operational systems for predictive maintenance purposes, that open more attack surfaces on the IT side that can enter into the OT environments,” said Don Ward, senior vice president of Global Services at Mission Secure, a global provider of OT cyber-protection solutions. “We frequently see that clients think they have certain portions of their system on islands – inevitably, in every assessment we find a backdoor into these environments.”

It’s a balancing act that all digitally maturing industries face: deriving efficiency gains from integrating today’s latest technology while limiting the potential vulnerabilities from doing so. The maritime sector is still catching up to its aerospace and automotive counterparts in implementing modern cybersecurity best practices, but malicious actors will not be waiting idly for it to arrive there.

Source: tsi-mag

Riviera Media features a discussion on cyber threats and security for the tanker sector of the maritime industry by Julian Clark, Global Senior Partner at Ince. “The lack of adequate protection is particularly prevalent in relation to cyber-attacks on on-shore and on-vessel operations technology (OT) networks and control systems, as just 42% of organisations protect their vessels from OT cyber threats.”

Clark covers the current state of the industry, insurance considerations, potential consequences, including legal, and the ongoing efforts to achieve compliance and security.

“Tanker operators and managers are not sufficiently protected by being compliant with the new regulation – this is a ‘level-one solution to a level-four threat’ – accordingly, a tick box approach to compliance is far from sufficient.”

Julian Clark, Global Senior Partner at Ince

Source: missionsecure

The British Ports Association and the UK-based risk management firm Astaara have released a new study on the wave of cyberattacks seen by maritime stakeholders over the past four months.

In one high profile attack in May, computer systems at Iran’s Shahid Rajaee port facility at Bandar Abbas, creating traffic jams and serious operational disruption. Astaara believes that the attack came in direct response to a failed Iranian cyberattack on an Israeli water facility in April. (Iran has denied any involvement in the earlier incident.) U.S. officials told the Washington Post that Israeli forces orchestrated the retaliatory hack on Shahid Rajaee.

While attacks from criminal groups are far more common than suspected state-sponsored hacking, the overall upward trend is driving increased interest in security, according to Astaara. “Now, more than ever, the advantages of [digitalization] should be capable of being realized, but only if the corresponding management resilience and recovery plans are in place and practiced,” said Robert Dorey, CEO of  Astaara. “Processes need to be continually reviewed and updated as necessary, training provided, and new approaches to monitoring assessed and adopted.”

He noted that the new remote-work alternatives to standard operations like surveys and marine superintendent spot inspections have created new vulnerabilities for shipowners. Remote working has been identified as a major risk for security, as the attack surface is broadened.

Criminals realize this and do not care about the human cost of Covid-19, or their crimes. They are not interested in the morality of their action. Instead they are interested in disruption and making money; they see Covid-19 as an opportunity,” said Dorey.

According to Astaara, the way to fight back is to practice basic cyber hygiene and to invest an appropriate amount in security. Currently, cybercrime nets around $2 trillion per year for criminals worldwide – compared with the $150 billion a year spent by companies and individuals in protecting systems. “When you have ever more stringent regulations, a user population that is innovative in breaking the rules, and an external environment that is hostile to say the least, you cannot afford not to invest in your security, and to protect those aspects of business that depend on others for their delivery,” Astaara and BPA advised in the white paper.

Source: maritime-executive

Source: thedigitalship

When Maersk fell victim to the NotPetya ransomware cyber-attack in 2017 (resulting in a loss of over £300M³ ), it highlighted that no shipping company is immune to cyber-attack – even IMO has been hacked. Cyber risk has been on the IMO agenda for some time and on 1 January 2021, MSC 428(98) was finally adopted. Tanker operators and managers are not sufficiently protected by being compliant with the new regulation – this is a ‘level-one solution to a level-four threat’ – accordingly, a tick box approach to compliance is far from sufficient.

The lack of adequate protection is particularly prevalent in relation to cyber-attacks on on-shore and on-vessel operations technology (OT) networks and control systems, as just 42% of organisations protect their vessels from OT cyber threats⁴. Additionally, an alarming 92% of the estimated costs arising from a cyber-attack are uninsured⁵ and the access and limits of cover are often restricted, which has serious risk-management implications for tanker owners and operators.

The devastating effects of a cyber-attack are not only financial and reputational, but crucially also legal. Tanker owners could face real challenges in order to establish due diligence and protect themselves legally if an incident arose from their vessel being cyber-compromised. They can expect cargo interests and others to raise arguments that there was a failure to make use of available cyber-security protection systems to ensure they were adequately protected.

In relation to the concept of due diligence and the application of the Hague Visby Rule Article IV Rule (ii) defences, shipowners will need to show due diligence in relation to protecting their vessels against a cyber-attack. The duties of due diligence are generally not delegable, so while a contractual provision ensuring that the manufacturer takes responsibility for cyber-integrity creates a potential right of recourse, this does not itself provide a defence to a claim. Additionally, where there are systems available in the market that can provide protection against a cyber-attack, and an owner has failed to implement appropriate measures or is unable to show they have an effective system in place to address cyber-risk, such omissions could amount to recklessness, giving rise to a possibility to break limitation.

We can expect to see claimants raising issues of unseaworthiness where they suffer loss or damage as a result of a vessel being cyber-compromised.

It is critical for tanker owners and operators to take an integrated, comprehensive approach to protecting their organisations against cyber threats. Our recent venture with Mission Secure (leaders in providing military-grade cyber security for OT systems) to launch an industry-first, integrated legal advisory, consultancy and technology cyber-security solution, addresses this market need by providing both advisory and action to fully protect companies beyond the current regulatory guidelines.

Source: rivieramm