MARITIME CYBER SECURITY Archives - Page 2 of 17 - SHIP IP LTD

Cyber-Attack_1_1000x600-768x461.jpg

Namely, the top priority in the following year would be the implementation of cyber security measures as vessels are more and more connected and further integrated into corporate IT networks.

In addition, in the new year, shipping companies will assess their risk exposure and develop measures to include in their Safety Management Systems to mitigate cyber threats. The owners are called to not only to be in line with IMO’s regulations, -coming into force in January 2021- but to also ensure their assets, IT and operational technology is protected from rising cyber threats.

Year 2020 will bring many changes in the spotlight of the shipping industry, highlighted by IMO’s Sub-Committee on Navigation, Communications and Search and Rescue (NCSR) meetings on 13-24 January to discuss progress on modernising the Global Maritime Distress and Safety System (GMDSS) and performance standards for navigational and communication equipment.

The meeting will focus on improving Inmarsat’s GMDSS services and will continue with the implementation of IMO’s e-navigation strategy. The sub-committee will discuss the feedback from joint working groups on harmonising aeronautical and maritime search and rescue, and from International Telecommunications Union’s group on maritime radio-communications matters.

2020 will also focus on developing regulations about testing and operating maritime autonomous surface ships (MASS).

One of the first tests for MASS will come in September 2020 when Mayflower Autonomous Ship attempts the world’s first unmanned transatlantic crossing from the UK to Plymouth in the US.

Source: safety4sea


Threats_1000x600-768x461.jpg

Cyber security threats have grown in reach and complexity. As a consequence, cyber security has become a concern and should be considered as an integral part of the overall safety management in shipping and offshore operations. With multifaceted vulnerabilities and cyber-attack scenarios (intended or unintended), the answer to cyber security lies in a multifaceted approach to manage risks.

DNV GL uses a systematic approach to assess the cyber security of vessels and their interaction with onshore stakeholders. Best practices from risk management in oil & gas, maritime and energy applications come together to identify threats and build counter-strategies, looking at both technical and behavioural aspects.

Proven cyber security management approaches look at:

  • Raising the awareness of all stakeholders, including onshore personnel and offshore crews
  • Assessing and implementing defensive and reactive countermeasures
  • Monitoring and reviewing effectiveness and robustness of barriers, emphasising continuous improvement

Our approaches address information technology (IT) as well as the industry-specific operational technology (OT) systems. Our range of services and solutions include:

  • Organisational and technical gap assessments: According to your needs to reach compliance with regulations and standards (e.g. IMO Resolution MSC.428(98), DNV GL’s Cyber Secure Class Notation, ISO/IEC 27001, NIST Cybersecurity Framework, TMSA 3, GDPR) our cyber security experts  will engage with your onshore personnel and offshore crews to check written and unformal praxis of your company and vessels;
  • Cyber risk assessment: Our interdisciplinary teams engage with your onshore personnel and offshore crews to identify and address your cyber security risks via various levels of assessment; starting with a high-level self-assessment through an App on Veracity – My Services, to more detailed assessments tailored to your specific business risks.  
  • Assessment of ships in operation – We provide cyber security assessment & testing onboard your vessels, including visual inspection of the systems and their surroundings, interviews with crew members and testing of systems and networks. 
  • Cyber security enhancement – Based on a systematic assessment, we help you efficiently close cyber security gaps by supporting the development of improvement plans, looking at systems, the human factor and management procedures. 
  • Penetration testing – Testing the robustness of your barriers is essential to ensure that your assets are secure. Our penetration testing offer comprehensive and effective validation of your systems and procedures.
  • Verification for newbuilds and ships in operation – We provide third-party verification of cyber security requirements throughout the life cycle of a vessel towards the compliance with DNV GL’s Cyber Secure Class Notation or letter of compliance for other classed vessels.
  • Training – Our (online) classroom training covers general awareness, management, technical and hacking lessons. Our e-learning solution can be performed on board or in the office, so your crews can address pivotal aspects of any cyber security system – covering the human factor.
  • Emergency response exercise – In order to be better prepared for an incident we help you with executing desktop exercises both onboard and onshore to train and verify effective communication, response and recovery activities.
  • ISO/IEC 27001 preparedness – DNV GL Maritime assesses and help you improve the existing documentation to help you prepare for certification.  
  • Certification – DNV GL Business Assurance certify against ISO/IEC 27001 and ISO 22301. 

Be on the safe side of cyber security with DNV GL:

  • Combining traditional IT security best practices with in-depth understanding of maritime operations and industrial automated control systems
  • Local and international experts draw on extensive knowledge and experience in cyber security risk management, maritime operations and the human factor
  • All testing and recommended mitigation measures are tailored to specific maritime needs

Source: dnvgl


shutterstock_406440547-by-Anatoly-Menzhiliy-1280x640-1-1200x600.jpg

Coastal surveillance and maritime security systems require the integration and presentation of information from many different sources, including primary radar, AIS and CCTV. SPx software provides high-performance software components for system integrators to build integrated radar and video display solutions. With its “modules of expertise” approach, the SPx software simplifies the addition of radar and camera display into new or existing applications.

Cambridge Pixel supplies sensor processing products and expertise to prime system integrators working in the field of air surveillance and defence (including Cobham, Tellumat and DSE). With full British Standards audited ISO-9001 quality approvals, Cambridge Pixel understands the importance of providing full life-cycle support from pre-sales engineering for system design through to obsolescence management.

The SPx software supports the capture of radar video from major radar manufacturers including Kelvin Hughes, Terma, Navico (Simrad), Raytheon, Sperry, JRC and Furuno. An HPx radar input card may be used to interface to analogue radar video, trigger and turning data or, where network radar video is available (for example in ASTERIX format), this can often be input directly into the SPx software framework.

The capabilities of the SPx software are available to system developers in the form of software libraries and complete ready-to-run applications. In a typical system, the SPx Server application provides tracking from radar video and those tracks may then may be output into the client application and may be fused with AIS data by the SPx Fusion Server software. The client application may be one of Cambridge Pixel’s ready-made display applications, such as RadarWatch, or it could be a custom application written using the SPx library to provide core radar display capabilities.

Cambridge Pixel’s turnkey display applications offer a fast, cost-effective solution to receipt and display of sensor data, supporting: multiple radar videos, with underlay maps or electronic charts, AIS/ADS-B targets, radar tracks and video from multiple camera sources. Camera steering control (including slew-to-cue) is also supported by a number of display applications including RadarWatch, VSD and RadarView.

Cambridge Pixel’s software modules are already being used in numerous diverse coastal surveillance and maritime security projects worldwide, from protection of offshore oil and gas facilities, to monitoring safety zones at firing ranges, to helping to keep bathers safe on beaches.

Some examples of where Cambridge Pixel’s products can be used are outlined below:

Asset Protection
Protection of high value waterside and offshore assets, such as oil rigs, nuclear power stations and industrial facilities.

Critical Infrastructure
Monitoring of critical infrastructure, such as bridges, dams and wind farms.

Safety Solutions
Within maritime collision avoidance systems and safety solutions around designated marine hazards or military danger zones.

Border Protection, Search & Rescue
Border protection and search & rescue operations, detecting and locating small targets.

Traffic Monitoring
Observation and monitoring of vessel traffic in waterways, rivers, estuaries, small ports and harbours.

Source: cambridgepixel


Sep-15-Mayflower-Autonomous-Ship-begins-trials-ahead-of-unnamed-Atlantic-voyage-1024x546.jpg

Franman’s core activity since its establishment has been the representation of First Class Makers of Shipbuilding Equipment for merchant vessels.

The function of the Shipbuilding Division is to introduce and promote its principals to shipping companies in Greece, Cyprus and the greater Eastern Mediterranean area.

We ensure that our customers are fully acquainted with our principals’ equipment and products. This is achieved via continuous communication with the customer in order to acquaint them with the Principals’ equipment and products, while for the effective promotion we utilize various available marketing tools, like seminars, workshops, participation to exhibitions and targeted advertisements, among others.

Thereafter, Franman’s involvement in a specific new building project begins at an early stage. Our first objective is to ensure to the extent possible, that the equipment we represent is included in the shipyard’s maker list. Our ultimate target is to pursue an agreement between maker and owner with the best possible terms for both parties involved.

Another area that we are heavily involved is that of retrofit projects for all the equipment that we represent and promote.

Our effectiveness is based on our in depth knowledge of our markets, our experience and the close business relationships that we have established with the shipping companies since our company’s formation back in 1991 and utilized for the benefit of both our customers and our principals.

Source: divisions


IMOHQ-671x381.jpg

Since 30 September 2020, the issue has been affecting IMO’s public website and internal intranet services.

Image Courtesy: IMO

“The interruption of service was caused by a sophisticated cyber-attack against the Organization’s IT systems that overcame robust security measures in place,” the IMO said, adding that the organization’s IT technicians shut down key systems to prevent further damage from the attack.

“The IMO is working with UN IT and security experts to restore systems as soon as possible, to identify the source of the attack, and further enhance security systems to prevent recurrence.”

As informed, internal and external emails are working as normal while service has been restored to the GISIS database, IMODOCS and Virtual Publications.

Furthermore, the IMO Secretariat has continued to function with some limitations and the Facilitation Committee has continued meeting this week on the external platform.

Earlier this week, French container shipping giant CMA CGM also confirmed a cyber attack impacting the company’s peripheral servers. CMA CGM thus became the fourth major shipping company to experience a cyber attack, after Swiss Mediterranean Shipping Company (MSC), China’s COSCO Shipping and Danish Maersk.

 

Source: offshore


International-Maritime-Organisation.jpeg
Shipping’s global regulatory body the International Maritime Organization (IMO) has been hit by a cyber attack.

The IMO said on Twitter: “The interruption of service was caused by a cyber attack against our IT systems. IMO is working with UN (United Nations) IT and security experts to restore systems as soon as possible, identify the source of the attack, and further enhance security systems to prevent recurrence.”

At the time of writing the IMO’s website remained unavailable with a message that it was “under maintenance”. Some document and publication services remained active.

It is the second cyber attack on a shipping organisation this week with the world’s third largest container line CMA CGM hit with malware that forced it to take its e-commerce systems off line and resulted in a suspected data breach.

From 2021 cyber security will be part of the IMO’s safety management systems for shipping, a regulatory change that also referred to as IMO 2021.

 

Source: seatrade


Mopic-680x0-c-default.jpg

CMA CGM yesterday revealed it may have suffered a data breach during the recent cyber-attack.

As the French carrier works on restoring its systems, it said: “We suspect a data breach, and are doing everything possible to assess its potential volume and nature.”

However, it added that its IT technicians had made progress in restoring its systems.

“Today, the back-offices (shared services centres) are gradually being reconnected to the network, thus improving bookings and documentation processing times,” it said.

And it reminded customers that online bookings could still be made through the INTTRA portal, as well by spreadsheet via email, and said EDI messages were also secure.

It told them: “Maritime and port activities are fully operational. We are providing alternative and temporary processes for your bookings and are committed to processing them as quickly as possible.”

Meanwhile, cyber criminals have continued their assault on the maritime sector after the industry’s governing body, the International Maritime Organization (IMO), admitted it had also suffered a cyber-attack when its website went down yesterday.

“The interruption of service was caused by a cyber-attack against our IT systems,” it said today. “IMO is working with UN IT and security experts to restore systems as soon as possible, identify the source of the attack and further enhance security systems to prevent recurrence.”

 

Source: theloadstar


Aug-6-Port-of-Vladivostok-joins-TradeLens-af4sKS06muvzjpg

The United Nations agency for international shipping came under cyber-attack at the end of last week, forcing a number of services offline, it has emerged.

Headquartered in London, the International Maritime Organization (IMO) is responsible for the regulation, safety and security of global shipping.

However, it revealed in a tweet last Wednesday that its website was “undergoing some technical issues.” It admitted a day later that these had actually been caused by malicious actors.

In a longer announcement on Friday recapping the incident, the IMO said its Global Integrated Shipping Information Systems (GISIS) database, document repository IMODOCS, and its Virtual Publications service had been affected by the attack but were now restored.

However, at the time of writing, Virtual Publications appeared to still be offline.

The IMO said restoration of the other unnamed services affected by the attack would take place “as soon as possible and as safe as possible.”

“The interruption of web-based services was caused by a sophisticated cyber-attack against the organization’s IT systems that overcame robust security measures in place. IMO has ISO/IEC 27001:2013 certification for its information security management system. IMO was the first UN organization to get this certification in 2015,” the IMO explained.

“The IMO headquarters file servers are located in the UK, with extensive backup systems in Geneva. The backup and restore system is regularly tested. Following the attack the secretariat shut down key systems to prevent further damage from the attack.”

The organization’s email and virtual meeting platforms were unaffected by the incident, it added.

The incident sounds like a ransomware attack: just last week it was revealed that French shipping giant CMA CGM suffered such an outage after a breach at its Chinese offices impacted the availability of some servers and applications.

Source: infosecurity


Risks-in-Maritime-Cybersecurity.jpg

Dryad and cyber partners RedSkyAlliance continue to monitor the stark upward trend in attempted attacks within the maritime sector. Here we also examine the recent attack on CMA CGM.

“Fraudulent emails designed to make recipients hand over sensitive information, extort money or trigger malware installation on shore-based or vessel IT networks remains one of the biggest day-to-day cyber threats facing the maritime industry.”

Dryad Global’s cyber security partners, Red Sky Alliance, perform weekly queries of backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails. Email subject line Motor Vessel (MV) or Motor Tanker (MT) keyword usage is a common lure to entice users in the maritime industry to open emails containing malicious attachments.

With our cyber security partner we are providing a weekly list of Motor Vessels where it is observed that the vessel is being impersonated, with associated malicious emails.

The identified emails attempted to deliver malware or phishing links to compromise the vessels and/or parent companies. Users should be aware of the subject lines used and the email addresses that are attempting to deliver the messages.

In the above collection, we see malicious actors attempting to use vessel names to try to spoof companies in the maritime supply chain. This week we observed a wide variety of maritime-related subject lines. Some of the new vessel names used this week include “MT Blue Sky” and “MV YARRAWONGA” among others. Analysts observed bad actors continuing to leverage “ Kleven” in malicious email subject this week. Beginning in February 2020, analysts saw threat actors using this vessel name as part of their subject lines. Using the following sender emails, attackers have leveraged this vessel to spread malware targeting multiple unique recipients:

“Hashemi”<ops.ir@mcha-shipping.com>
”A.P. Moller – Maersk.(Shanghai, Head Office)” nooreply@maersk.com
P. Moller – Maersk (Shanghai, Head Office)<eb6bceca@fd8e08.com>
”A.P. Moller – Maersk”<nooreply@maersk.com>
”A.P. Moller – Maersk” <14709c9@fd8e08.com>
”A.P. Moller – Maersk”<f5fbf089377@1cb9beb999.com>
”Azil bin Salleh(LCTC Information Technology Services)”<azils@lotte.net>
”Babel Markus (Gechter GmbH)”<markus.babel@gechter.com></markus.babel@gechter.com></azils@lotte.net></f5fbf089377@1cb9beb999.com></nooreply@maersk.com></eb6bceca@fd8e08.com></ops.ir@mcha-shipping.com>

Red Sky Alliance will continue to monitor this vessel name and identify the malicious activity associated with it. Analysts observed the malicious subject line “Fw: Re: FRFQ CARGO CONTAINER 6X6X8” being used this week. Notably, this subject line was sent from the same sender to multiple unique recipients. Typically, attackers will CC others on malicious emails or add them to the list of recipients in a single email. However, this attacker sent an individual email to each recipient.

The email address using this subject line to send malware is “Lisa Emily” <charlesmaherr@grps.org>. This email address is currently used by the principal of Sibley Elementary, based in Grand Rapids, Michigan. This user’s email does not appear in breach data so at this time, it appears that threat actors are spoofing the email instead of using an account which has been successfully taken over. The alias in this case is “Lisa Emily” however, there have been multiple aliases used with that email address. The following names have also been used as an alias with this email address:</charlesmaherr@grps.org>

Maichele Suzan
Anny Jesse
Eng Tan Jessmine
The senders use multiple unique subject lines (not all maritime related) and appear to target Electroputere . Electroputere is one of the largest industrial companies in Romania. It is unclear why these specific  are being targeted or what positions they hold at the company.

The attackers are attaching malware to the emails in the form of malicious zip files using unique file names. The zip files contain Trojan:Win32/MereTam.A malware which has the ability to create a backdoor on a target system to download other malware, including but not limited to ransomware. This malware also has the ability to stop scheduled scanning by Microsoft Windows Defender which helps the malware evade detection.

In other  this morning, the shipping giant CMA CGM was hit by a major cyber attack which disrupted daily operations for the company. According to Lloyd’s of London Intelligence sources, several of the company’s  offices were affected by Ragnar Locker ransomware.[1] CMA CGM initially claimed that their booking system was disabled by an internal IT issue, but later confirmed “external access to CMA CGM IT applications are currently unavailable” after the ransomware attack.

Last week Red Sky Alliance analysts identified CMA CGM’s name being used as part of a malicious email using the subject line “RE: CMA CGM CHRISTOPHE COLOMB – Bridge” (TR-20-265-001_Vessel_Impersonation). This email contained a malicious attachment containing TrojanDownloader:O97M/Emotet.CSK!MTB malware. This malware is typically used to steal sensitive information from a victim’s network but can also be used to download other malware including, but not limited, to ransomware.

Analysts have determined that this email was not part of this specific attack, but malicious emails often play a critical role in activating malware on a company’s network. That particular email had a “redacted” message body which would force many unwitting recipients into opening the attachment out of curiosity.

Attackers often use ransomware to earn a profit, however Ragnar has taken their attacks a step further. If a company is able to restore their data from backups and avoid paying the ransom, attackers will expose sensitive information online which was stolen as part of the ransomware attack. This attack would make CMA CGM the fourth major container shipping carrier known to have fallen victim to such a major cyber incident.

[1] https://lloydslist.maritimeintelligence.informa.com/LL1134044/CMA-CGM-confirms-ransomware-attack

Book a no-obligation Cyber Consultation

These analysis results illustrate how a recipient could be fooled into opening an infected email. Doing so could cause the recipient to become an infected member of the maritime supply chain and thus possibly infect victim vessels, port facilities and/or shore companies in the marine, agricultural, and other industries with additional malware.

Fraudulent emails designed to make recipients hand over sensitive information, extort money or trigger malware installation on shore-based or vessel IT networks remains one of the biggest day-to-day cyber threats facing the maritime industry. These threats often carry a financial liability to one or all those involved in the maritime transportation supply chain.

Preventative cyber protection offers a strong first-line defence by preventing deceptive messages from ever reaching staff inboxes, but malicious hackers are developing new techniques to evade current detection daily.

Using pre-emptive information from Red Sky Alliance-RedXray diagnostic tool, our Vessel Impersonation reports, and Maritime Blacklists offer a proactive solution to stopping cyber-attacks. Recent studies suggest cyber-criminals are researching their targets and tailoring emails for staff in specific roles.

Another tactic is to spoof emails from the chief executive or other high-ranking maritime contemporaries in the hope staff lower down the supply chain will drop their awareness and follow the spoofed email obediently. Analysts across the industry are beginning to see maritime-specific examples of these attacks.

Pre-empt, don’t just defend
Preventative cyber protection offers a strong first-line defense by preventing deceptive messages from ever reaching staff inboxes, but malicious hackers are developing new techniques to evade current detection daily.

Using preemptive information from Red Sky Alliance RedXray diagnostic tool, our Vessel Impersonation reports and Maritime Blacklists offer a proactive solution to stopping cyber-attacks. Recent studies suggest cyber-criminals are researching their targets and tailoring emails for staff in specific roles. Another tactic is to spoof emails from the chief executive or other high-ranking maritime contemporaries in the hope staff lower down the supply chain will drop their awareness and follow the spoofed email obediently. Analysts across the industry are beginning to see maritime-specific examples of these attacks.

The more convincing an email appears, the greater the chance employees will fall for a scam. To address this residual risk, software-based protection should be treated as one constituent of a wider strategy that also encompasses the human-element as well as organizational workflows and procedures.

It is imperative to:

Train all levels of the marine supply chain to realize they are under constant cyber-attack.
Stress maintaining constant attention to real-world cyber consequences of careless cyber practices or general inattentiveness.

Provide practical guidance on how to look for a potential phishing attempt.
Use direct communication to verify emails and supply chain email communication.
Use Red Sky Alliance RedXray proactive support, our Vessel impersonation information and use the Maritime Black Lists to proactively block cyber attacks from identified malicious actors.

 

Source: businessandmaritimewestafrica


image_750x_5f29fb6fa24ee.jpg
Technology; great when it works, frustrating when it doesn’t. Our reliance upon technology, and in particular remote connectivity, has never been greater.

While any rewards are invariably well articulated, many misconceptions continue to pervade cyber risk – and it’s the consequences of these “cyber myths” that could result in significant financial cost.

Here are several cyber risk misconceptions that exist within the maritime sector to watch out for:

  1. 01

    Cyber risk does not affect the maritime sector

    An organization that relies upon technology for any aspect of its operation has cyber risk. The maritime sector is therefore exposed to the same cyber risk as any other industry sector. Note the recent study by Naval Dome which reported a 400% increase in cyber-attacks against the maritime industry between February and June 20201.

  2. 02

    Nobody is going to target a business in the maritime sector and therefore I have nothing to worry about

    Cosco2, MSC3 and most recently, Carnival4, are just three high-profile examples of companies in the maritime sector who were targeted by cyber-criminals. You do not, however, have to be a target in order to suffer the impact of a cyber-attack – just ask Maersk5 and many others, who were collateral damage in a cyber-attack whose target was Ukraine. It is well documented that Maersk suffered significant financial harm as a result of the attack.

  3. 03

    We have invested significantly in network security controls and have therefore eradicated the cyber risk

    Putting the right controls in place is a crucial element of cyber risk mitigation. Such controls, however, can only ever minimize the vulnerabilities in the network and/or decrease the likelihood of the threat. It is impossible to eradicate the risk altogether. Moreover, insider threats remain an issue. Employees make mistakes and, on occasions, seek to deliberately cause their employers harm.

  4. 04

    Losses arising from cyber risk are covered under our traditional marine insurance policies

    This, of course, could be correct depending on the terms of the insurance contract. Hull and machinery policies, however, typically exclude loss or damage where caused by a cyber-attack. In some cases, policies may be silent on whether loss arising from cyber risk is covered or excluded, which potentially gives rise to uncertainty.

  5. 05

    My hull and machinery policy includes a cyber-attack exclusion, but a cyber-attack can’t lead to property damage

    This is incorrect. For example, in 2008 a pipeline in Turkey exploded after cyber-criminals hacked into the pipeline’s control systems. Similarly, in 2014, hackers accessed the control systems of a steel mill in Germany causing significant physical damage. Whilst there have been no reported cases of physical damage to vessels caused by a cyber-attack, the increased reliance upon operational technologies such as GPS, AIS and ECDIS on board vessels, may increase the threat of physical damage.

  6. 06

    I’ve looked at cyber insurance solutions in the past and concluded the cover was not relevant to my business

    While cyber threats are the same regardless of the sector, the way in which they impact organizations can vary enormously. Traditionally, cyber insurance solutions were drafted on a ‘one size fits all’ basis. Cyber risk poses unique challenges and exposures for the maritime sector, however. This is why Willis Towers Watson has developed CyNav, an insurance policy designed by cyber and marine specialists, specifically to meet the needs of the maritime sector.

Source: willistowerswatson


Twitter

@AnyawbSales - 1 year

INDIA TO BAN SINGLE USE PLASTIC ON ALL CALLING SHIPS

@AnyawbSales - 2 years

SQEXpress maritime electronic sms forms platform just released

Photo Gallery