MARITIME CYBER SECURITY Archives - Page 23 of 41 - SHIP IP LTD

GTMaritime is now offering a penetration testing service free of charge which allows customers to evaluate the ability of their personnel to identify phishing attacks

Hackers are constantly trying to come up with new ruses to outwit software-based protections. For this reason, crew cannot afford to become complacent in the belief that, with a technological safety net in place, everything reaching their inbox is trustworthy and can be taken at face value.

On the contrary, they must remain vigilant: the few malicious messages that do arrive will more likely resemble an authentic request or employ advanced social-engineering techniques, which make them harder to recognise.

Quality ship operators understand this and take a holistic approach to cyber defence. To supplement the work done by technological tools such as GTMailPlus by GTMaritime, they routinely remind staff to stay alert and offer training on what to look out for.

However, it can be difficult to gauge exactly how well these measures are working or to identify areas that would benefit from improvement. In the same way that cyber criminals are constantly refining their techniques, ship operators too must continually adapt.

Last autumn GTMaritime started offering a penetration testing service free of charge to its shipping company customers. The service involves sending a selection of crafted spoof phishing messages to crew to test for alertness and for response. These realistic but ultimately harmless simulated attacks offer an effective way of gathering quantitative evidence on the alertness of the frontline staff most exposed to hoax emails.

By revealing weaknesses in training provision, the free service allows customers to pinpoint where educational resources can be enhanced or redirected, knowledge gaps plugged and awareness raised.

Test results revealed weaknesses

We recently completed a two-round penetration test for an established shipping company. For the initial test the vessel operator sent to sixteen of its captains a spoof message appearing to come from a Port Authority requesting basic identifying information about the vessel and its owner.

Half correctly identified the message as a phishing attempt and ignored it, but half supplied the information asked for. Of the latter group, in no case was the message escalated to management for advice on how to proceed.

The 50-50 split certainly raised pulses at company headquarters, as the spoof email was written in poor English and emanated from a mysteriously unnamed port authority – both common traits that should ring alarm bells. To determine if the same result would be found if more detailed information was requested a second test was employed.

This time the message that supposedly came from a port authority had a personalised subject line that mentioned the target vessel’s name and IMO number. There is mounting evidence of cyber criminals including references to familiar people or organisations, adding a veneer of authenticity that encourages the targeted recipient to lower their guard. The rogue message then asked for a host of sensitive particulars and security details, which if passed on to pirates could jeopardise the safety of vessel and crew.

The response showed a marked improvement over the first test. Eight recipients immediately detected something was amiss and ignored the request. Encouragingly, three were suspicious enough to seek guidance from head office. Although head office personnel were kept in the dark about the test, they reacted correctly, advising vessels not to send any data and also alerted the IT department.

Even so, five vessels still obligingly followed the instructions in the message without properly considering either the safety or commercial ramifications of sensitive information falling into the wrong hands.

Path to enhanced education and procedures

Following the penetration tests GTMaritime supplied the vessel operator with educational materials for both staff and IT personnel. The operator took an enlightened view to the results, seeing them as an opportunity to learn rather than apportion blame. It later shared the full findings in a company-wide security bulletin in the hope that using real data rather than hypothetical scenarios to present the dangers would drive home the need for vigilance.

SHIP IP LTD – Remote internal/external Vulnerability & Penetration Testing

TRUST OUR NETWORK – WE GUARANTEE BEST PRICES!

READ MORE

http://shipip.com/maritime-vulnerability-and-penetration-testing/

As ships get bigger, with more automation, fewer crew members, and more connectivity, the attack surface of a modern commercial vessel is becoming as complex and diverse as that of a connected car or commercial aeroplane.

We have ex-ships officers and engineering staff on the team here, so we have first-hand experience of the unusual networks and communications found on board.

Don’t risk your ships security to a penetration tester that doesn’t understand shipping; we’ve come across other consultancies that have broken critical systems on board whilst trying to test their security, as they simply didn’t understand what they were testing.

What does a ship look like to an attacker?

The complex systems involved in shipping offer rich pickings to the hacker, pirate and thief. Load theft, smuggling stowaways, narcotics, arms, even crippling or sinking a vessel are very real threats.

Maritime insurance often specifically excludes losses as a result of ‘cyber’ incidents, so it’s very important to check your cover.

From satcoms, mobile data and Wi-Fi through to propulsion and loading systems, this is what a hacker sees when they look at a ship. Many of these systems can be comprised, causing financial loss and safety issues.

Tactical Advice
Tens of vendors are involved in connected systems on ships, from Dell providing desktop PCs, to satcoms gear for Internet, chart systems, MMI, control systems, radar systems etc. This is a recipe for security disasters.

Here are a few basic issues you could check for yourself:

Check your satcom terminals for default, weak or blank admin passwords. Make sure the latest software is running on ALL of your terminals.

Check the network isolation and segregation between bridge, engine room, crew, Wi-Fi and business networks.

Check Wi-Fi networks for strong encryption and strong passwords. Make sure that business systems are particularly well protected.

Demand evidence from your technology suppliers that the systems they provide to you are secure. Remember, if you don’t ask for security, you probably won’t get it!

Sit down and think about how you might attack your ships network, given your knowledge of your systems. That’s what the hacker does, so pre-empt them and defend better.

Don’t forget your people. Officers can become fixated on digital navigation systems on the bridge. These can be hacked and manipulated, so don’t forget to look outside.

SHIP IP LTD – Remote internal/external Vulnerability & Penetration Testing

TRUST OUR NETWORK – WE GUARANTEE BEST PRICES!

READ MORE

http://shipip.com/maritime-vulnerability-and-penetration-testing/

Source: thedigitalship

Penetration testing services

Our ICS penetration testing services enable you to find weaknesses in your network perimeter. The penetration testing commences by scanning the network to determine what types of hardware are connected and the operating systems being used. Then we search for unpatched vulnerabilities in those devices and attempt to exploit those vulnerabilities to gain access to the network. The penetration testing services are supported by our ethical hackers group, who have a background in IT and engineering, and certification according Certified Ethical Hacker (CEH), GXPN, GPEN, Global Industrial Cyber Security Professional (GICSP).

Securing control systems, preventing cyber security breaches

A common design principle is to ensure that programmable logic controllers (PLCs) and the network infrastructure that is used to connect them, operate in a secure environment (i.e. sealed from malicious attackers). In practice, ICS are often inadvertently connected to other networks, which can allow remote access through open networks or the Internet. Our ICS penetration testing services will identify such weaknesses, consider the possible impacts and then suggest corrective actions.

SHIP IP LTD – Remote internal/external Vulnerability & Penetration Testing

TRUST OUR NETWORK – WE GUARANTEE BEST PRICES!

READ MORE

http://shipip.com/maritime-vulnerability-and-penetration-testing/

The rising trend of piracy over the past several years has constituted a grave threat to the lives of the crews and the safe operation of ships. Areas of particular concern have been off the coast of Somalia, the Gulf of Guinea and the Malacca Straits. INTERTANKO has been actively involved to addressing piracy wherever it occurs through a number of actions, including the development of industry Best Management Practices to combat piracy, engaging with United Nations Contact Group on Piracy, working with IMO on the development of guidelines to Administration and seafarers and engaging with the Regional Cooperation Agreement on combating piracy in Asia. INTERTANKO will continue to ensure that its members have the most up-to-date information so they can decide on the best measures they feel are appropriate to protect their tankers against acts of piracy anywhere in the world.

Sanctions
The United Nations and individual countries have imposed sanctions against certain countries around the world for a variety of reasons, ranging from economic and trade to more targeted measures such as arms embargoes, travel bans, and financial or commodity restrictions. The purpose of these sanctions is to peacefully bring about some sort of change within the country affected. INTERTANKO assists Members in dealing with sanctions in two major ways. First, ensuring that any sanctions imposed that may affect members’ tanker operations are fair, reasonable and practical to implement. And second, to ensure that all members are fully aware of any sanctions that could affect their tanker operations, thereby minimizing the possibility of violating the sanction and avoiding potential penalties or trade restrictions.

Refugees
The recent upheaval of certain governments in the Middle East and Africa, combined with unprecedented terrorist activities in these areas has resulted in the largest migration of refugees since World War II. The majority of these migrants are seeking refuge in Europe through sea routes in the Aegean and Mediterranean Seas. In many cases, the refugees are turning to smugglers who provide sea craft that are not suitable for crossing these seas, resulting in very unsafe conditions and the need for the refugees to be rescued at sea.  When called on to assist in rescuing these refugees at sea, INTERTANKO Members’ tankers respond. However, there is a need for a coordinated governments’ approach to addressing the problem ashore. INTERTANKO has been, and will continue to, encourage governments to take the appropriate action to mitigate the need for rescuing refugees at sea and assist members in having those rescued, disembarked safety ashore as soon as possible to minimise delays.

Cyber Risk Management
Cyber-technologies have become essential to the operation and management of numerous systems critical to the safety and security of shipping and protection of the marine environment. In some cases, these systems are to comply with international standards and/or national requirements. However, the vulnerabilities created by accessing, interconnecting or networking these systems can lead to cyber risks in many of ships systems, including bridge navigation equipment, cargo handling and main propulsion and machinery. IMO has developed guidelines on cyber risk management which provide high level recommendations to be used in development and implementation of detailed specific risk management processes that are ship specific. In addition, the shipping industry has prepared Industry Guidelines on Cyber Security which complement the IMO guidelines. INTERTANKO has been actively involved in the development of both and will continue to play an active role in updating these guidelines to ensure that Members have the most up-to-date information to protect their tankers.

Ssource: intertanko

Please adhere to on line etiquette during our presentations.  We kindly ask you to mute your microphone and video upon commencing the link and to use the Chat application for any  questions, which will be addressed by the speaker at the end of the presentation. We suggest dialling in at least 5 mins before the start of the webinar.

Please note that any recording of this event will be available post-event in DropBox format, subject to speaker authorisation.

Protecting Maritime Assets in a Cyber World delves into the biosphere of cyber-security in the maritime industry. Due to the challenges posed to the maritime industry including ports, terminals, ships, refineries, and support systems which are vital components all nations’ critical infrastructure, national security, and economies, these parties look to insurance as a way to “fill the gap”. This is because cyberattacks on industrial control systems could kill or injure workers, damage equipment, expose the public and the environment to harmful pollutants, and lead to extensive economic damage. The loss of ship and cargo scheduling systems could substantially slow cargo operations in ports, leading to backups across the transportation system. A less overt cyberattack could facilitate the smuggling of people, weapons of mass destruction, or other contraband into a country.

Many cyber security experts believe attacks on maritime related infrastructure has increased by over 900%. Because there are as many potential avenues for cyber damage in the maritime sector as there are cyber systems, all stakeholders must identify and prioritize risks, take this threat seriously, and work together to improve our collective defenses. Fortunately, the process for doing so is parallel in structure to that of other security and safety efforts: assess risk, adopt measures to reduce that risk, assess progress, revise, and continue. These processes, taken together, can significantly improve an organization’s risk reduction efforts and increase resilience through continuity of business planning. This includes implementing IMO 2021 (along with specific flag state guidance), where on the first annual verification of a shipping company’s Document of Compliance (DOC), cybersecurity will be part of the safety management audit, where a shipping company must demonstrate that appropriate measures for handling cyber risk are an integral part of its safety management system.

At this market briefing, our speakers will explore cyber security issues within the maritime industry, case examples for study and discuss the keys to cyber security planning and cyberattack “avoidance”.

Source: iua.co.uk

Seaports are fixed infrastructures of maritime transportation systems. Through Industry 3.0 and Industry 4.0, ports have faced with digital transformation based on networked cyber physical systems to be a part of smart and intelligent transportation systems. However, besides the advantages, this transformation has brought cyber security gaps and threats which can be resulted in breakdowns in maritime transportation domain. Therefore, port and port facilities should be prepared for cyber threats through holistic risk assessment frameworks for developing proactive actions. Based on these facts, this study has proposed to apply an integrated cyber risk assessment method for a container port with a cyber-physical perspective through analyzing four exemplary cyber-attack scenarios. For each cyber-attack scenario, risk assessment methodology has been applied using integrated cyber security management approach by taking into account the cyber physical assets of the container port. Results show that for the specified cyber threats, the risks have been evaluated non acceptable. Mitigation strategies have also been presented briefly in conclusion.

Source: sciencedirect

The Department of Homeland Security (DHS) plans to spend more than $7 billion on its portfolio of major acquisition programs—with life-cycle costs over $300 million— in fiscal year 2021 to help execute its many critical missions.

Since 2015, the Government Accountability Office (GAO) has reviewed DHS’s major acquisitions on an ongoing basis. In its January 19 report, GAO notes both positive actions taken and areas of concern from its sixth review.

As of September 2020, 19 of the 24 DHS programs GAO assessed that had DHS approved acquisition program baselines were meeting their currently established goals. However, of the 24 programs, ten had been in breach of their cost or schedule goals, or both, at some point during fiscal year 2020. A few programs experienced breaches related to external factors, such as the COVID-19 pandemic, while others breached their baseline goals because of acquisition management issues. Five of these programs rebaselined to increase costs or delay schedules, but the remaining five were still in breach status as of September 2020. These were the National Cybersecurity Protection System program ($5,908 million), the Homeland Advanced Recognition Technology program ($3,923 million), the Grants Management Modernization program ($289 million), the National Bio Agro-Defense Facility program ($1,298 million), and the Medium Range Surveillance Aircraft program ($15,187 million). All were in breach of schedule. The Homeland Advanced Recognition Technology and Grant Management Modernization programs were also found to be in breach of cost.

GAO’s review also found that some of the 19 programs that were meeting their currently established goals are at risk of future cost growth or schedule slips.

U.S. Customs and Border Protection’s (CBP) Border Wall System Program is at risk for additional schedule slips as a result of continuing issues acquiring land necessary to construct the border wall. Specifically, program officials told us that as a result of the outbreak of COVID-19 and social distancing requirements, there have been challenges meeting with land owners, In addition, some courts have been closed, which limits the ability to search county records and hold hearings related to land possession. CBP’s Integrated Fixed Tower program is also at risk of additional schedule slips, which officials attribute in part to time needed to allow for the preservation of archaeological sites that were uncovered while building access roads to tower sites.

GAO found that the U.S. Coast Guard’s Polar Security Cutter will likely experience a schedule slip because planned delivery of the lead ship is two months after its acquisition program baseline (APB) threshold date. Further, during a briefing to Coast Guard leadership in April 2020, program officials reported that the program’s aggressive schedule continues to be one of its most significant risks. In September 2020, DHS officials told GAO that the program plans to rebaseline in late calendar year 2020 or early 2021 to update its cost and schedule goals based on contractor information not available when the baseline was established.

In addition, Coast Guard’s Offshore Patrol Cutter is at risk of additional schedule slips and cost growth. GAO reported in October 2020 that the Offshore Patrol Cutter program “continues to move forward in the acquisition process with an immature design as well as cost and schedule risks”. After the shipbuilder requested relief from certain requirements under contract following widespread disruptions from Hurricane Michael in October 2018, the Coast Guard divided the program into two stages and a revised baseline in March 2020. Under this revised plan, the current shipbuilder will build up to four cutters in the first stage, while the acquisition of the remaining 21 cutters will be awarded under one or more new contracts in fiscal year 2022 in the second stage. GAO notes however that the program’s revised baseline does not include a schedule or a refined cost estimate that fully account for these changes.

The COVID-19 pandemic has inevitably put a spanner in several acquisition efforts. For example, CBP’s Biometric Entry-Exit and U.S. Citizenship and Immigration Services’ Transformation programs reported shortfalls in fees the government collects from immigration services that are used to fund these programs. According to officials, collection of fees for these services has been significantly reduced, in part because of the COVID-19 pandemic. CBP officials told GAO that they have prior year funding available to mitigate funding shortfalls in fiscal year 2020, but they are coordinating with component and DHS officials to address anticipated funding gaps in fiscal year 2021. Similarly, Transformation program officials said they are coordinating with U.S Citizenship and Immigration Services officials and also are assessing staffing needs based on workload and fees collected.

In other instances, programs reported that social distancing requirements—the practice of maintaining physical distance from others and avoiding large gatherings to reduce the rate of infectious diseases— as well as travel restrictions have resulted in schedule delays and limited the ability of some contractors to perform work as expected. For example, the Cybersecurity and Infrastructure Security Agency’s Next Generation Networks – Priority Services program reported delays in testing due to social distancing requirements, which limited the number of officials allowed within lab spaces.

Meanwhile, the Transportation Security Administration’s (TSA) Electronic Baggage Screening Program reported delays in testing due to social distancing requirements. According to program officials, the TSA Systems Integration Facility prioritized testing of certain technologies, but the delays have not had a significant effect on the program’s schedule.

During the course of its sixth review, the watchdog found that supplemental guidance for the development of acquisition documents generally aligned with requirements in DHS’s acquisition management policy. However, its report notes that “guidance for developing acquisition documentation in DHS’s Systems Engineering Life Cycle Instruction and accompanying Guidebook does not reflect current requirements in DHS’s acquisition management policy”. DHS officials told GAO that the information related to development of acquisition documents—including the systems engineering life cycle tailoring plan—should be consistent across all of DHS’s policies, instructions, and guidebooks.

The Joint Explanatory Statement accompanying a bill to the DHS Appropriations Act, 2019, directed DHS to provide quarterly briefings on summary ratings for all major acquisition programs. While GAO found that DHS is meeting this direction with summary ratings, the ratings do not include contextual information, such as programs’ cost, schedule, or performance risks. Without more information on the current status of DHS’s major acquisition programs and the risks these programs are facing that might affect future performance, congressional decision makers lack key information to inform their critical oversight responsibilities and budgetary decisions.

GAO is making one recommendation for DHS to align acquisition guidance with policy – with which DHS concurs – and one matter for Congress to consider determining what additional information it needs to perform oversight.

Source: hstoday

Source: thedigitalship