MARITIME CYBER SECURITY Archives - Page 26 of 40 - SHIP IP LTD

The International Maritime Organization (IMO) is the second major shipping organisation to be hit by a cyber attack this week.

The IMO’s public website and internal intranet services were unavailable but have since been brought back online. The interruption of services started on 30 September and was caused by a “sophisticated cyber attack” against the IMO’s IT systems, the organisation said in a statement.

IMO IT technicians have shut down key systems to prevent further damage from the attack. The IMO is working with United Nations IT and security experts to identify the source of the attack and restore the network systems.

This is the second reported cyber incident to hit the maritime industry this week and the fifth high-profile attack in 2020. Container shipping company CMA CGM announced on 28 September that it was dealing with a malware attack that affected its peripheral servers. The company suspected the attack may have caused a data breach, CMA CGM said in a follow-up statement on 30 September.

Transportation and logistics company Toll Group was attacked on 31 January and 12 May. The organisation had to shut down several systems across multiple business units, causing delays and disruptions to the business. The hackers subsequently published stolen Toll Group data on the dark web.

Mediterranean Shipping Co. also underwent a malware attack at its Geneva headquarters on 10 April. An investigation into the incident found that no data was stolen, and the attack only affected a limited number of physical computer systems.

Cyber security experts have suggested that distractions and increased reliance on digital services due to COVID-19, as well as untrained staff having to carry out diagnostics, software updates, and patches, may be behind a surge in attacks this year.

Ido Ben-Moshe, vice-president of business development for maritime cyber security company Naval Dome, said that remote working and an increase in remotely controlled, autonomous technologies will likely accelerate during and after COVID-19. “This will see companies face new cyber security challenges if they fail to implement adequate protective measures,” he concluded.

Source: safetyatsea

After disrupting the services of France-based CMA CGM, hackers reportedly targeted London based IMO aka International Maritime Organization, a federal organization that regulates shipping.

And because of the attack, the website of the company is down and not reachable.

The shipping related UN organization says that its internal systems and email services were restored back to normalcy after they were pushed to the database of Global Integrated Shipping Information System (GISS) and Virtual publication services and IMODOCS will be soon revived.

IMO has asked the IT staff of UN Council to probe down the incident and to identify the attack and enhance security of the systems.

What’s interesting about the attack is that it just occurred two days after a cybersecurity breach occurred on the database of CMA CGM.

Note 1- Although many media sources speculate that the attack on IMO was of ransomware variant, the shipping governing agency did not confirm it. A ransomware is a kind of malware that steals a portion of data and then encrypts a database until a ransom is paid.

Note 2- IMO is an organization that takes care of safety, environmental concerns, legal matters, technical cooperation, maritime security and works towards efficacy of shipping in international waters. It has over 174 member states and 3 associate members and an assembly that governs 5 committees- namely the Maritime Safety Committee, the Maritime Environment Protection Committee, the legal committee, the Technical Co-operation Committee and the Facilitation Committee.

 

Source: cybersecurity

The Maritime and Port Authority of Singapore (MPA) was established on 2 February 1996, with the mission to develop Singapore as a premier global hub port and international maritime centre (IMC), and to advance and safeguard Singapore’s strategic maritime interests.

MPA is the driving force behind Singapore’s port and maritime development, taking on the roles of Port Authority, Port Regulator, Port Planner, IMC Champion, and National Maritime Representative.

MPA partners the industry and other agencies to enhance safety, security and environmental protection in our port waters, facilitate port operations and growth, expand the cluster of maritime ancillary services, and promote maritime R&D and manpower development.

 

The global shipping industry sustained a second cyber attack within a week that’s raising concern about disruptions to supply chains already straining to move goods heading into the usual peak season for consumer demand.The International Maritime Organization, a United Nations agency that serves as the industry’s regulatory body, said in a statement Thursday it has suffered “a sophisticated cyber attack against the organization’s IT systems.” A number of IMO web-based services are currently unavailable and the breach is affecting its public website and internal systems, it said.

That attack followed the disclosure earlier this week by closely held CMA CGM SA, the world’s fourth-biggest container liner by capacity, that its information systems were compromised. The Marseille, France-based company said Thursday that offices are “gradually being reconnected to the network thus improving the bookings’ and documentation’s processing times.”

“We suspect a data breach and are doing everything possible to assess its potential volume and nature,” the company said in an emailed statement. CMA CGM is among the world’s five leading container liners that account for 65% of global capacity, according to Alphaliner data.

A ‘Headache’

A rash of cyber incidents has afflicted the shipping industry in recent years, the biggest of which was an intrusion that cost Copenhagen-based A.P. Moller-Maersk A/S about $300 million in 2017.

The Maersk incident “has clearly drawn the attention of scammers and cyber criminals who realized that the shipping industry is acutely exposed,” said Ken Munro, a security specialist at Pen Test Partners, a cyber-security company with clients in the maritime industry. “If shore-based systems aren’t available to book containers, ships can’t load and can’t generate revenue. Targeted attacks against shipping lines are therefore lucrative for ransomware operators.”

While it’s too soon to say whether the recent attacks will prove to be a brief irritant for global trade or a trigger of wider damage, logistics experts like Bloomberg Intelligence’s Lee Klaskow say the cyber threats are a “near-term headwind and headache for sure.”

The timing of the latest acts of cyber piracy is particularly bad for shipping liners that are still waiting to see some normalcy restored to their seasonal cycles.

The pandemic threw supply chains out of sync for everything from paper towels and face masks to trampolines and computer monitors, as consumers were forced to work from home and purchase necessities online.

The demand on shippers, which reduced capacity initially in anticipation of deep recessions caused by Covid-19 lockdowns, hasn’t really abated because e-commerce purchases have stayed strong and companies are restocking inventories.

As a result, the benchmark cost to move cargo containers across the Pacific has tripled since the start of the year.

The world’s third largest container line said on Monday that it was dealing with a cyber attack impacting peripheral servers, excluding its logistics arm, CEVA Logistics.

“As soon as the security breach was detected, external access to applications was interrupted to prevent the malware from spreading,” CMA CGM said.

Related: MSC confirms malware attack caused website outage

“Our teams are fully mobilized and access to our information systems is gradually resuming. The CMA CGM network remains available to the Group’s customers for all booking and operation requests.”

According to social media posts the cyber attack is in the form of ransomware, although the exact nature of the attack remains unknown.

“An investigation is underway, conducted by our internal experts and by independent experts,” the company said.

Earlier this year fellow container line MSC was hit by a malware attack, which took down all its customer facing systems, while logistics company Toll Group has been subject to two cyber attacks this year. IN 2017 Maersk Line was hit globally by the NotPetya malware attack.

Copyright © 2020. All rights reserved.  Seatrade

Copyright: Arab News © 2020 All rights reserved. Provided by SyndiGate Media Inc.

[The excerpts below are from the book Maritime Cybersecurity: A Guide for Leaders and Managers, published in early September.]

[T]hreats must be put into context. The figure [below] shows the light configuration of a vessel that you do not want to see steaming towards you at night. Not only is this ship coming towards you head-on, it suggests that you are already in very dangerous waters, per Rule 27(f) in the Navigation Rules.

While this portrayal has a certain element of dark humor to it, it is also analogous to real life. When a ship is in a minefield, what is the real problem? Is it the threat of hitting a mine, or is it the vulnerability of the ship to the damage caused by the explosion? During the early days of the Battle in the Atlantic during World War II, Germany deployed magnetic mines against the British. The mines rose from the seafloor when they detected the small change in the Earth’s magnetic field that occurred when a steel-hulled vessel came within range. The British, upon discovering this mechanism, took countermeasures to effectively degauss their warships. This change eliminated the mine’s ability to exploit the ship’s magnetic field and, at least temporarily, obviated the threat. The vulnerability of the ship to a mine was not eliminated, but the exploit was defeated.

In cyberspace, we can’t control where the mines are, but we can control our susceptibility to getting hit by one and the subsequent damage that could result.

This leads to the following general truth about cybersecurity:

Vulnerabilities Trump Threats Maxim: If you know the vulnerabilities (weaknesses), you’ve got a shot at understanding the threats (the probability that the weaknesses will be exploited and by whom). Plus, you might even be OK if you get the threats all wrong. But if you focus mostly on the threats, you’re probably in trouble.

Threats are a danger from someone else that can cause harm or damage. We might or might not be able to identify a potential threat, but we cannot control them. Vulnerabilities are our own flaws or weaknesses that can be exploited by a threat actor. Indeed, not all vulnerabilities can be exploited. We are—or should be—able to identify our vulnerabilities and correct them.

While we cannot control the threats, we should be knowledgeable about the threat landscape and have an idea of threat actors who might wish to do us harm, but we should not obsess over the threats while planning a cyberdefense. Instead, we should look inward at our own systems, seek out the vulnerabilities, and plug the holes. New threats always emerge, but that doesn’t change the strategic importance of fixing our own vulnerabilities.

Ironically, there is a corollary to this maxim: “Identifying threats can help get you funding while identifying vulnerabilities probably won’t.” Almost all cybersecurity professionals have gone to management to seek funds for an emergency update to hardware or software, just to be told that fixing a vulnerable system can always wait until the next budget cycle. Conversely, when management sees a memo from IMO or USCG, or a warning from an ISAC/ISAO, that highlights a credible threat directed at that same hardware or software, it’s remarkable how quickly the funds become available.

——————————————————–

A common but mistaken belief at the leadership level of many organizations, both within the maritime industry and beyond, is that the responsibility for protecting information assets lies within the technology ranks. To those who subscribe to that belief, let us share the following: Anyone who thinks that technology can solve their problems does not understand technology or their problems.

Cybersecurity—or, arguably more properly, information security—is not merely, or even primarily, the responsibility of the IT department. Everyone who comes in contact with information in any form has the responsibility to protect it and, further, to recognize when it is under attack—and take whatever action is required to defend it, including reporting suspected attacks to the appropriate defensive agencies within the organization. Ultimately, it is the responsibility of a designated Chief Information Security Officer (CISO) to manage the cybersecurity posture of an organization. That posture includes the creation of a sense of urgency and awareness around cyberthreats at every level of the organization.

It is also important to recognize that IT and cybersecurity professionals have different—albeit often overlapping—skill sets. IT professionals keep networks running and resilient, and provide services and application to the users; cybersecurity professionals defend these assets.

——————————————————–

[We wrote this book for] the maritime manager, executive, or thought leader who understands their business and the maritime transportation system, but is not as familiar with issues and challenges related to cybersecurity. Our goal is to help prepare management to be thought and action leaders related to cybersecurity in the maritime domain. We assume that the reader knows their profession well, knowledge that will help to provide the insight into how cyber affects their profession and organization.

Chapter One (The Maritime Transportation System, MTS) provides a broad, high-level overview of the MTS, the various elements within it that we’re trying to secure, and the size and scope of the challenge. Chapter Two (Cybersecurity Basics) offers terms, concepts, and the vocabulary required to understand the articles that one reads and the meetings that one attends that discuss cybersecurity.

The next three chapters describe actual cyber incidents in various domains of the MTS and their impact on maritime operations. Chapters Three through Five address cyberattacks on shipping lines and other maritime companies, ports, and shipboard networks, respectively. Chapter Six (Navigation Systems) discusses issues relating to Global Navigation Satellite Systems (GNSS) and Automatic Identification System (AIS) spoofing and jamming, while Chapter Seven (Industrial Control and Autonomous Systems) presents cyber-related issues and the ever-increasing challenge of remote control, semi-autonomous, and fully-autonomous systems finding their way into the MTS.

Chapter Eight (Strategies for Maritime Cyberdefense) discusses practices that address cybersecurity operations in the MTS, including risk mitigation, training, the very real need for a framework of policies and procedures, and the development and implementation of a robust cybersecurity strategy. Chapter Nine offers final conclusions and a summary.

——————————————————–

Author’s note: This book is intended to speak to all levels of members of the MTS, from executives, directors, and ship masters to managers, crew members, and administrative staff. Our hope is that it informs the reader to a higher level of awareness so that they can be more aware of the threats and be better prepared — at whatever level of their job — to protect their information assets.

Because the field is so fast moving, we also have a Web site — www.MaritimeCybersecurityBook.com — where we will post additional information.

Gary C. Kessler is a Professor of Cybersecurity in the Department of Security Studies & International Affairs at Embry-Riddle Aeronautical University. He is also the president of Gary Kessler Associates, a training, research, and consulting company in Ormond Beach, Florida.

Steven D. Shepard is the founder of Shepard Communications Group in Williston, Vermont, co-founder of the Executive Crash Course Company, and founder of Shepard Images. 

With today’s news that French shipping giant CMA CGM has been hit by a ransomware attack, this now means that all of the four biggest maritime shipping companies in the world have been hit by cyber-attacks in the past four years, since 2017.

Previous incidents included:

1. APM-Maersk – taken down for weeks by the NotPetya ransomware/wiper in 2017.
2. Mediterranean Shipping Company – hit in April 2020 by an unnamed malware strain that brought down its data center for days.
3. COSCO – brought down for weeks by ransomware in July 2018.

On top of these, we also have CMA CGM, which today took down its worldwide shipping container booking system after its Chinese branches in Shanghai, Shenzhen, and Guangzhou were hit by the Ragnar Locker ransomware.

This marks for a unique case study, as there is no other industry sector where the Big Four have suffered major cyber-attacks one after the other like this.

But while all these incidents are different, they show a preferential targeting of the maritime shipping industry.

“I’m not so sure it’s that they’re any more or less vulnerable than other industries,” said Ken Munro, a security researcher at Pen Test Partners, a UK cyber-security company that conducts penetration testing for the maritime sector.

“It’s that they are brutally exposed to the impact of ransomware.

Google’s latest smartphone isn’t a new flagship device: It’s the Pixel 4A, the budget version of last year’s Pixel 4. Owners of flagship smartphones won’t be wowed by its features (which are minimal) or its design (which is simple), but the Pixel…

Downloads provided by TechRepublic

“After Maersk was hit by the NotPetya crytper, I believe criminals realized the opportunity to bring a critical industry down, so payment of a ransom was perhaps more likely than other industries,” Munro said.

IT’S NOT THE SHIPS! IT’S THE SHORE-BASED NETWORKS

Over the past year, incidents where malware landed on ships have intensified. This included sightings of ransomware, USB malware, and worms; all spotted aboard a ship’s IT systems.

Maritime industry groups have responded to these increasing reports of malware aboard ships by publishing two sets of IT security guidelines to address maritime security aboard ocean-bound vessels.

But Munro points out that it’s not the ships that are usually getting attacked in the major incidents.

Sure, malware may land on a ship’s internal IT network once in a while, but the incidents where malware gangs have done the most damage were the attacks that targeted shore-based systems that sit in offices, business offices, and data centers.

These are the systems that manage personnel, receive emails, manage ships, and are used to book container transports. There is nothing particularly different from these systems compared to any other IT systems sitting inside other industry verticals.

“That said, if you can’t book a container, there’s no point in having the ship,” Munro added.

For all intents and purposes, it appears that despite efforts to protect ships from external hacking, the maritime industry has failed to treat its shore-based systems with the same level of attention.

While the rare ship hacking incidents are the ones that usually grab headlines, it’s the attacks on a shipping company’s shore-based systems that are more common these days, and especially the attacks on their container booking applications.

These systems have often been hacked by sea pirate groups looking for ship manifests, container ID numbers, and ship sea routes so they can organize attacks, board ships, and steal containers transporting high-value goods like electronics and jewelry [1, 2, 3, 4].

These waves of “cyber pirates,” as these groups have been often named, along with the recent attacks on the Big Four shipping giants, are a clear sign that the shipping industry needs to stop prioritizing the less likely ship hacking scenarios and focus more on its shore-based systems, at least, for the time being.

Source: zdnet

This overview continues the Eazi Security series on practical considerations for Designated Persons Ashore (DPA’s) to ensure full compliance with Resolution MSC 428(98) on maritime cyber security. The requirement to implement effective cyber security measures across a fleet of vessels and in Company offices ashore can be daunting for DPA’s. Particularly as the cyber threat may not be in the direct knowledge and experience of the safety team. Most DPA’s are experienced mariners and have a very well developed sense of what is (and is not) safe with ship-board operations. Cyber security may be outside their technical comfort zone.

However, the important thing for DPA’s to remember is that cyber threats can be assessed using the same methodology as any other maritime risk. The key is to go back to the first principles of safety management.

In particular the ISM Code (Section 1.2 Objectives) requires the following:

• Ensure safety at sea (i.e. ensure that control systems on board can not be compromised by cyber malware to prevent the safe operation of the vessel, particularly navigation and propulsion systems)
• Prevention of human injury or loss of life (i.e. IT systems, especially operation systems, are sufficiently protected when used in critical operations involving enhanced risk to people).
• Damage to the marine environment and property (i.e. bunkering, ballasting and the use of oily water separators).

It is an important point to note that the ISM Code does not specifically require the prevention of commercial risk. This is an interesting point as most cyber crime is committed for commercial gain. Whilst protecting the vessel’s systems to make them safe is a requirement, and will undoubtedly assist against hackers for commercial gain, it is not an explicit requirement of the ISM Code to establish systems solely to prevent commercial wrongdoing . Therefore when implementing enhanced IT security measures the DPA should ask the fundamental question, is this for safety or commercial benefit? If it is only the latter it may be worth considering whether it should be included in the ISM framework (and who should be responsible for the management of that commercial risk).

Moreover, the ISM Code requires the Company to identify risks to its ships, personnel and the environment and thereafter establish appropriate safeguards (ISM Code Section 1.2.2.2). This requirement is usually understood as defining credible risks and put in place measures to manage the risk As Low As Reasonably Practicable (ALARP). DPA’s and Company IT managers should be asking if a cyber threat is credible to their specific operating environment. The subsequent level of protection then needs to be commensurate with the identified cyber threat. It does not need to be bank level security in response to an incredible threat (the equivalent in ship operations terms would be attempts to quantify and manage the risk of a jumbo jet landing on the vessel whilst alongside during cargo operations).

Good cyber security providers have software which will audit the Company’s existing IT systems remotely (usually for a period of a couple of weeks) and report on the actual level of threat the Company is experiencing. This will form the basis of a risk register of known and credible threats. This can then be used to identify a pragmatic and cost effective solution where resources are needed to reduce the known and credible threats to ALARP.

Source: eazisecurity