MARITIME CYBER SECURITY Archives - Page 24 of 41 - SHIP IP LTD

Source: threatpost

President Trump has released the “National Maritime Cybersecurity Plan,” which sets forth how the United States government will defend the American economy through enhanced cybersecurity coordination, policies and practices, aimed at mitigating risks to the maritime sub-sector, promoting prosperity through information and intelligence sharing, and preserving and increasing the nation’s cyber workforce.

President Trump designated the cybersecurity of the Maritime Transportation System (MTS) as a top priority for national defense, homeland security, and economic competitiveness in the 2017 National Security Strategy. The MTS contributes to one quarter of all United States gross domestic product, or approximately $5.4 trillion. MTS operators are increasingly reliant on information technology (IT) and operational technology (OT) to maximize the reliability and efficiency of maritime commerce. This plan articulates how the United States government can buy down the potential catastrophic risks to our national security and economic prosperity created by technology innovations to strengthen maritime commerce efficiency and reliability.

The National Maritime Cybersecurity Plan unifies maritime cybersecurity resources, stakeholders, and initiatives to aggressively mitigate current and near-term maritime cyberspace threats and vulnerabilities while complementing the National Strategy for Maritime Security. The Plan identifies government priority actions to close maritime cybersecurity gaps and vulnerabilities over the next five years.

This Administration continues to defend American workers and American prosperity while strengthening our national security. President Trump has taken numerous steps to bolster cybersecurity measures, promote American workers, defend American technology, and lead the world in technological innovation. Today’s release furthers the President’s successes at bridging the private and public technological and industrial sectors to benefit the American people and protect the American way of life.

Source: whitehouse

Maritime transportation systems increasingly rely on IT and OT, which can create vulnerabilities, the plan notes.

“The proliferation of IT across the maritime sector is introducing previously unknown risks, as evidenced by the June 2017 NotPetya cyberattack, which crippled the global maritime industry for more than a few days,” the plan states.

The U.S. relies on ocean-based commerce for about 25% of its gross national product. The plan is designed to help protect the nation’s network of 25,000 miles of coastal and inland waterways, 361 ports, 124 shipyards, more than 3,500 maritime facilities, 20,000 bridges, 50,000 federal navigation aids and 95,000 miles of shoreline.

“The National Maritime Cybersecurity Plan unifies maritime cybersecurity resources, stakeholders and initiatives to aggressively mitigate current and near-term maritime cyberspace threats and vulnerabilities while complementing the National Strategy for Maritime Security,” says National Security Adviser Robert O’Brien .

The plan, which is designed to unify maritime cybersecurity resources and close defensive gaps, will be reassessed every five years.

Citing a lack of specialists in this field, the plan calls for investing in the training of maritime cybersecurity specialists in port and vessel systems. This will include developing career paths for those who choose this profession along with continuing education and retention incentives.

Uniform Standards

A top priority, according to the plan, is for the government to encourage the use of uniform cybersecurity standards by the 20 federal agencies that have a role in maritime security. These agencies are responsible for vessel and personnel safety, transportation standards, physical security and other maritime industry activities.

“The NSC staff, through the policy coordination process, will identify gaps in legal authorities and identify efficiencies to de-conflict roles and responsibilities for MTS cybersecurity standards,” the plan states.

The plan also calls for the U.S. Coast Guard to analyze and clarify the 2016 and 2020 cybersecurity reporting guidance for maritime stakeholders. The Coast Guard also should collect maritime cyber incident reports to identify trends and attack vectors and then share that information with others, the plan says.

The Department of Defense and Homeland Security should work together to examine whether critical port operational technology systems have cybersecurity vulnerabilities, the plan states. Because a framework for conducting such an assessment does not exist, the plan calls for basing maritime audits on practices in other sectors.

“For example, the Department of Energy conducts small-scale vulnerability testing to protect electrical power generation and distribution OT systems. Similarly, maritime OT systems would benefit from vulnerability inspections. Findings from these audits may inform cybersecurity mitigation and remediation for MTS users,” the plan says.

Information and Intelligence Sharing

The plan also calls for the Coast Guard, the U.S. Cybersecurity and Infrastructure Security Agency and the FBI to work together to create a list of cybersecurity issues that can then be shared with domestic and international partners in the maritime industry.

It also calls for the creation of a mechanism for government agencies to share unclassified, and when possible, classified information to protect maritime IT and OT networks with all those in the maritime industry.

Source: govinfosecurity

As the Trump administration in the US draws to a close, the President has released a new ‘National Maritime Cybersecurity Plan’ detailing how the United States government will aim to defend the cybersecurity of the maritime sector through enhanced coordination, policies and practices, aimed at mitigating risks and increasing the nation’s cyber workforce.

The cybersecurity of the Maritime Transportation System (MTS) was listed as a top priority in the 2017 US National Security Strategy. The MTS contributes to one quarter of all United States gross domestic product, or approximately $5.4 trillion, with the new plan addressing the potential catastrophic risks to security and economic prosperity that could be created by maritime cyber vulnerabilities.

“The American people elected me on the promise to make America great again. I promised that I would protect American interests and promote the welfare and economy of our great citizens,” writes President Trump, in the plan’s introduction.

“During my first year in office, I designated transportation and maritime sector cybersecurity as a priority for my administration. In keeping with my promise and this priority, I am continuing to promote the second pillar of the national security strategy, promote American prosperity, by approving the national maritime cybersecurity plan.”

“The national maritime cybersecurity plan explains how my administration will: defend the American economy by establishing internationally recognized measures of risks to the maritime sub-sector and standards to mitigate those risks; promote prosperity through information and intelligence sharing; and preserve and increase our great nation’s cyber workforce.”

The Plan aims to unify US maritime cybersecurity resources, stakeholders, and initiatives to mitigate current and near-term maritime cyberspace threats and vulnerabilities while complementing the National Strategy for Maritime Security, identifying government priority actions to close maritime cybersecurity gaps and vulnerabilities over the next five years.

The full US National Maritime Cybersecurity Plan can be downloaded here.

A new report warns of increasing cybersecurity threats to the maritime industry. The Global Maritime Consultants Group’s (GMCG) Marine Cyber Security white paper, published on December 24, warns of attacks which may originate via email, denial of service, impersonation or various other means and sets out measures that the maritime industry can take to protect against and prevent such attacks.

The industry has recognized cybersecurity as a major threat and to some extent is playing catch-up with other industries, particular when compared to other forms of transportation. To help address the need for increased action against cyber attacks, the International Maritime Organisation (IMO) has introduced a new code which from January 1 2021 requires ship owners and managers to assess cyber risk and implement relevant measures across all functions of their safety management system.

GMCG warns that one of the simplest ways of threatening and corrupting a ship’s system is for an employee to open an infected email. “In doing so it can cause the recipient of the targeted email to become an infected member of the maritime supply chain. This can then result in the electronic virus being downloaded and passed on through the systems associated with the ship, its land-based operations and often with financially crippling effects. Most of these fraudulent emails are designed to make recipients hand over sensitive information or trigger malware installation on shorebased or vessel IT networks.”

The report says the first step for ship owners is to have a recognized plan that identifies cybersecurity objectives that are relevant for safe ship operations. “These checks and balances should also encompass anyone connected with the ship’s operations, both in-house and external. It is also vital to create an inventory list of all safety and business-critical systems and software which will be needed in the first instance to define and create a cyber risk assessment.”

Communication systems, ship propulsion and power control systems, cargo management systems, passenger services, and the ship’s bridge system are all vulnerable areas and the report also recommends ensuring that public network connections are kept entirely separate from the ship’s and maritime land-based networks.

A coalition of maritime organizations* recently updated a set of cybersecurity guidelines for the industry. Issued in December, the fourth version of the Guidelines on Cyber Security Onboard Ships includes general updates to best practices in the field of cyber risk management, and as a key feature, includes a section with improved guidance on the concept of risk and risk management. The improved risk model takes into consideration the threat as the product of capability, opportunity, and intent, and explains the likelihood of a cyber incident as the product of vulnerability and threat.

“In recent years, the industry has been subjected to several significant incidents which have had a severe financial impact on the affected companies,” said Dirk Fry, chair of BIMCO’s cyber security working group and Director of Columbia Ship Management Ltd.

“While these incidents have had little or no safety impact, they have taught us some very important lessons which have been incorporated into the new version of the guidelines,” added Fry.

*The following organizations produced the fourth edition of Guidelines on Cyber Security Onboard Ships: BIMCO, Chamber of Shipping of America, Digital Containership Association, International Association of Dry Cargo Shipowners (INTERCARGO), Interferry, International Chamber of Shipping (ICS), INTERMANAGER, International Association of Independent Tanker Owners (INTERTANKO), International Marine Contractors’ Association (IMCA), International Union of Marine Insurance (IUMI), Oil Companies International Marine Forum (OCIMF), Superyacht Builders Association (Sybass), and World Shipping Council (WSC).

Source: hstoday

The White House on Tuesday rolled out a plan to secure the nation’s maritime sector against cybersecurity threats that could endanger national security.

The plan, which was compiled in December but made public this week, lays out the Trump administration’s plans for defending the maritime transportation sector against cybersecurity threats.

The sector is involved in around a quarter of the nation’s gross domestic product.

The three goals of the plan include establishing international standards defining threats to the maritime sector, enhancing intelligence and information sharing around these threats and increasing the nation’s cyber workforce for the maritime sector.

The plan is meant to address new threats from the increased use of new information technology and operational technology systems in the sector.

“The National Maritime Cybersecurity Plan demonstrates my commitment to promoting American prosperity by strengthening our cybersecurity,” President Trump wrote in a statement included in the plan. “This is a call to action for all nations to join us in protecting the vital maritime sector that interconnects us.”

National security adviser Robert O’Brien said in a statement Tuesday that the plan would help the federal government “buy down the potential catastrophic risks to our national security and economic prosperity” created by the reliance of the maritime sector on new technologies.

“This Administration continues to defend American workers and American prosperity while strengthening our national security,” O’Brien said. “President Trump has taken numerous steps to bolster cybersecurity measures, promote American workers, defend American technology, and lead the world in technological innovation.”

“Today’s release furthers the President’s successes at bridging the private and public technological and industrial sectors to benefit the American people and protect the American way of life,” he added.

Priority actions included in the national security plan include prioritizing the training of cybersecurity specialists in port and vessel systems, sharing government information with private sector groups involved in the maritime sector, prioritizing maritime intelligence collection and developing a “cyber-forensics process” for investigating cyberattacks involving the maritime sector.

The National Security Council will oversee the completion of these priorities, and will reassess the plan at least once every five years.

“The United States is a maritime Nation that depends on a robust, integrated, and secure maritime transportation system to support our economic prosperity, provide for our national defense, and connect the United States economy with the global market,” the plan reads. “Technology innovation develops at a pace faster than that which global maritime security can maintain, creating low-cost opportunities for malicious actors.”

The sector has already been targeted by hackers. The Coast Guard put out an alert in late 2019 that a ransomware intrusion at a facility regulated under the Maritime Transportation Security Act forced the facility to shut down for 30 hours after disrupting camera and physical access control systems, along with the entire corporate IT network at the facility.

The plan was also rolled out as the federal government continues to grapple with one of the largest cyber incidents in U.S. history, with the majority of federal agencies and the U.S. Fortune 500 companies compromised by Russian hackers as part of an attack on IT group SolarWinds.

The Department of Defense, which houses the Navy, and the Department of Homeland Security, which oversees the Coast Guard, were among the agencies impacted by the incident.

Source: thehill

The Ports and Maritime Organization of Iran announced in a statement that its information technology experts have thwarted a cyberattack targeting the electronic infrastructures of the Iranian ports.

All missions and activities of the Ports and Maritime Organization are going on normally, the statement added, noting that online services are being provided to prevent any disruption to the freight services or loading and unloading operations even for a moment.

Last month, an official said the export of non-oil commodities in the first half of the current Iranian year via the southeastern port city of Chabahar has risen by 95 percent compared to the corresponding period a year earlier.

Chabahar is the closest and best access point of Iran to the Indian Ocean and Iran has devised serious plans to turn it into a transit hub for immediate access to markets in the northern part of the Indian Ocean and Central Asia.

Source: tasnimnews.com

With greater than 90 percent of all global trade tonnage transported by sea and vital global energy networks, maritime infrastructure has never been more essential and yet also more at risk. In just the last two weeks, there have been several high-profile attacks on the maritime industry, with both the fourth largest global shopping company and the International Maritime Organization (IMO) targeted.

To dive deeper on this topic, we asked seven experts—including several who spoke at a recent Scowcroft Center for Strategy and Security event on maritime cybersecurity—about these threats and how policymakers can help protect against them:

What are the most vulnerable aspects of our maritime infrastructure? What makes them such attractive targets?

“When compared to commercial IT, the technologies used within the maritime sector illustrate the difficulties new sectors have to adapt to the Internet of Everything (IoE). Like many other sectors, the maritime sectors used to develop stand-alone software and hardware, inherently “limiting” the risks to internal threats. The new IoE paradigm, however, proves that it is challenging to securely design, develop, and operate a fully connected environment. Current GPS, ECDIS, and AIS systems have demonstrated various vulnerabilities in the last couple of years. So in order for the maritime environment to develop and operate in a secure fashion, it will be essential to have an overall view of the supply chain, from third party manufacturer to the people operating and maintaining the equipment. This view should further evolve over the lifetime of the equipment, with updates, upgrades, and training.

“In its current state, the maritime industry is a prime target due the many moving parts of ports and vessels, the increasing attack surface (e.g. adding connectivity to devices that had never been thought to be connected), the current lack of security and privacy by design, as well as the inadequacy of cyber-security training. Furthermore, with the industry quickly bridging the gap between IT and Operational Technology (OT), we may soon see wide-spread vulnerabilities impacting the maritime sector as a whole.”

Dr. Xavier Bellekens, Lecturer and Chancellor’s Fellow, Institute for Signals, Sensors, and Communications,University of Strathclyde

From a government standpoint, what can the US government do to incentivize the maritime industry to invest more in cybersecurity?

“I believe that the most impactful things the US government can do to incentivize maritime industry investments in cybersecurity are:

• Promote robust, real-time, maritime-specific cyber threat and incident information sharing between maritime industry stakeholders, and between those stakeholders and the US government (and vice versa), when appropriate.
• Share cybersecurity threat intelligence with cleared maritime industry stakeholders.

I believe that these two measures are critically important as, currently, maritime industry executives have limited information about cybersecurity threats that other companies have experienced. Only by sharing cybersecurity threat and incident information widely with and between maritime companies can their senior executives gain a clear appreciation of the collective threats and potential financial and national security impacts of failing to adequately invest in IT and OT infrastructure improvements and other cybersecurity enhancement measures. Having this complete cybersecurity threat picture is key to making corporate cost-benefit decisions on increased investments in cybersecurity, and to ensuring that those investments achieve the best possible cybersecurity protections.”

Cameron Naron, Director, Office of Maritime Security, Maritime Administration, US Department of Transportation

What kind of players exist in the maritime industry and what role should they play in driving improved cybersecurity outcomes?

“The challenges in driving improvement in cybersecurity programs within the global maritime industry result from the many links in the marine transportation system and the personnel at each of these links. With enhanced technology, the interconnectivity—while improving the efficiency of the system itself—also presents multiple nodes which provide opportunities for cyberattacks. Looking at the system as a whole and starting at the most basic level, the vessel and its systems, interconnected within the ship and interfaced with shore management, is the basic building block. Key links to and from the vessel include shore management (ship owner, operator, or charterer), government agencies requiring electronic reporting of vessel information, third-party contractors including classification societies, vendors, technical service providers, and port and terminal authorities. Simply put, in an ideal world, the entire logistics chain is interconnected and provides stakeholders real-time information essential to scheduling and decision making. Integrating cybersecurity programs at each interface is critical as is also the education of personnel at each interface. In such an integrated system, the cybersecurity programs are only as good as the weakest link, making it critical that all links in the logistics chain collaborate in establishing robust programs, properly training personnel and maintaining the operational efficiency necessary for all parts to work as one.”

Ms. Kathy Metcalf, President and Chief Executive Officer, Chamber of Shipping of America

Cyber-attacks on maritime infrastructure can be especially alarming because of potential compounding effects. What lessons can be taken from other sectors to help better protect maritime infrastructure from systemic threats?

“Three opportunities for maritime to build on the cybersecurity lessons learned by others jump out. First, from the energy sector, how to monitor and alert on malicious system behaviors in technology without a great deal of computing head room left for big commercial IT security applications. Second, from the US financial sector, the importance of regular and realistic joint exercises to build confidence in the collaborative links between stakeholders and raise awareness of channels for cascade failure between them. Third, from the telecommunications sector, how some companies have approached repeated adversarial events as an issue of resilience—building flexibility, capacity to adapt, and deep system expertise as a means of operating through failure rather than endlessly seeking to prevent it.”

Trey Herr, Director, Cyber Statecraft Initiative, Scowcroft Center for Strategy and Security, Atlantic Council

What was your biggest takeaway from the Atlantic Council panel conversation? How does it align with what you see as the biggest threat to maritime cybersecurity that needs to be tackled?

“Sustaining a safe, secure, and resilient marine transportation system is foundational to our economic and national security. When we consider evolving risks in the cyber domain, the maritime sector is on par with other more widely recognized sectors, like finance and energy, in terms of the potential for significant consequences. As we have seen from recent incidents, the maritime industry’s growing dependence on continuous network connectivity and converging layers of information and operational technology make it inherently vulnerable to cyber threats.

“The first step for the maritime industry is to recognize that cyber risk management is not an administrative function that can be left solely to company IT professionals, but rather a strategic and operational imperative that must be managed at the C-suite level. We also need to recognize that cyber security is a team sport; no single public or private entity has the capabilities, authorities, resources, and partnerships to do it alone, so information sharing and collaboration are essential to managing this risk.”

Captain Jason P. Tama, Commander, Sector New York; Captain of the Port of New York and New Jersey, United States Coast Guard

How does cyber insecurity in civilian maritime infrastructure impact military readiness and capabilities? Why should the cybersecurity of our commercial fleets be a priority for the US government and the Department of Defense (DoD)?

“While cyber insecurity in civilian maritime infrastructure has not yet been a hindrance to force projection, it could be in the future, given the right set of circumstances. In the past, we have operated under the assumption of an uncontested homeland and uncontested passage. However, exploring the asymmetric level of effort required for successful cyber-attacks juxtaposed against the damage they may cause, has forced a re-evaluation of whether our infrastructure and routes will remain uncontested in the future. Because the Army relies on the civilian maritime industry to move equipment, when US forces need to be sent overseas quickly, minor delays throughout our civilian critical infrastructure could have a ripple effect on the deployment timeline. The cybersecurity of commercial fleets should be a priority for the US government and DoD because disruptions or delays to military deployments could jeopardize our ability to maintain stability and to support our allies and partners.”

Dr. Erica Mitchell, Critical Infrastructure/Key Resources Research Group Leader, Army Cyber Institute, West Point; Assistant Professor in the Electrical Engineering and Computer Science Department, West Point

How can we help better enable and operationalize the Maritime industry to ensure that cybersecurity is not only understood, but also prioritized? 

“First, to understand and prioritize cybersecurity, persistent visibility into organizations’ own networks, assets, and critical third-party integration must be achieved. This is the spectrum of attack surfaces that requires the same continual monitoring and awareness that we have practiced for centuries at sea: inspections of cargo holds and machinery spaces, watertight enclosures and hatches, and material conditions throughout the vessel to ensure seaworthiness. An understanding of network architecture, what is connected, when it connects, and who may be required to connect is an imperative. Real-time knowledge of business, vessel, and marine terminal networks and technologies presents the greatest power of information to empower stakeholders because what belongs and what doesn’t belong is discoverable and tangible in the present, allowing actions to be taken early, instead of after a breach.  Observable behaviors of how systems react to detectable adversarial activities and breach attempts is convincing and defensible evidence from which to understand then prioritize the risk through informed decisions. This is largely missing—inconsistent at best—across the maritime industry, with some exceptions. Without persistent monitoring in a rapidly advancing digital ecosystem, decisions will be farther behind the curve and based on scanty information.

“Second, cybersecurity leadership is necessary in the board room to ensure leadership is informed, that all the appropriate considerations are included in strategic planning and governance, and that cybersecurity actions taken are translated to a business language for all leadership and stakeholders to understand. In operating ships and marine terminals where cyber-physical systems integrate with IT, leaders must create and implement unified strategies for how the fleet or facilities will be protected; to support the vessel masters, crews, and employees through the creation of sensible plans to respond and recover, and to maintain safe operations. This is no different from how responsible maritime companies develop strategies to understand and manage other forms of somewhat tangible risk, such as geopolitical, climate change, ballast water, and even obsolescent technology replacement. As an example, many operational and safety checks are required to be performed and logged for a vessel preparing to sail or arrive in port. Very little in the form of pre-departure or arrival cybersecurity checks are provided to the vessel as tested and validated from ashore. This type of assurance and safety due diligence can be organized and led by a maritime Chief Information Security Officer (CISO). At the present, very few maritime companies are staffed with a CISO, with some exceptions. So how can we sail into the digital future without the dedicated leadership and the processes to trust-but-verify?

“Third, industry would benefit from discreet information sharing exchanges from which stakeholders may meet in private to discuss not only cybersecurity threat information, but also strategy and best practices, and to meet with government representatives as needed. As the deployment of OT monitoring software solutions by vendors increases, we must understand industry’s experiences with the performance of these technologies, the value of the output data, and new unintended security vulnerabilities. These lessons learned should be shared so industry can advance through digitalization together, vice operate in a vacuum. Lastly, as businesses interface with shareholder and government entities in the sharing of cybersecurity information, organizations need the right blend of industry and cyber leadership expertise to represent their equities ahead of regulation.

“We are always thinking ahead in maritime—monitoring through watchkeeping, anticipating, scanning, plotting navigation fixes, inspecting, analyzing trends, and preparing—because the sea is unforgiving, and the duty of care is neither optional nor negotiable. Until now, cyber has run counter to every best practice we have learned and practiced—react, wait for the bad news, then scramble (with some exceptions). Instead, turn the constraints of limited resources, talent, and low priority into advantages and strategy by simplifying the cybersecurity problem through continuous monitoring, dedicated cybersecurity leadership, and discreet collaboration.

Source: atlanticcouncil