MARITIME CYBER SECURITY Archives - Page 31 of 40 - SHIP IP LTD

A feature from Volume 1, Issue 1 of Pacific Ports Magazine
By Christy Coffey, Vice President of Operations, Maritime Transportation System ISAC

First, we would like to thank the Association of Pacific Ports for requesting a blog. We are looking forward to speaking at their 107th annual event in 2021.

The concept of collaborating as a maritime community to identify, detect and protect against threats to the maritime transportation system (MTS) has a long tradition in the Pacific. This has been true whether facing a wide variety of threats and hazards and continues today. Look at the COVID-19 virus and how communities are using crowdsourcing, with public and private sector organizations working together locally and globally, to identify and move much-needed supplies and perform research.

Another example we regularly see relates to weather-related emergency response scenarios. These events are an excellent example of how public and private sector organizations work together to address and recover from the threat. While storms are not entirely predictable, we are aware that they occur, we understand the range of their potential impacts, and understand that there are actions that both sets of stakeholders are responsible for taking. So, the MTS develops and exercises plans to ensure preparedness.

Cyber risk management and the MTS 

When cybersecurity professionals in the Pacific apply the maritime community traditions with their own best practices from the NIST Cybersecurity Framework (www.nist.gov/cyberframework/online-learning/five-functions) — Identify, Protect, Detect, Respond, and Recover — the community can become more resilient to cyber risks in the face of motivated cyber adversaries. While information security professionals, or their organizational team, often focus on internal, individual activities to manage cyber risk, the sharing of threat information can serve as a force multiplier. Sharing information allows multiple organizations to more quickly identify vulnerabilities, threat activity and effective countermeasures. Rather than each individual stakeholder trying to counter cyber-attacks on their own, we can more efficiently tackle challenges at the community level for multiple reasons.

First, given the resources that cyber threat actors are pouring into their capabilities, the resources required to defend against threats is currently insufficient, especially when efficient use of those resources is not maximized. We believe the maritime community well understands the resource challenges that are present.

Second, the MTS continues to rapidly apply new technologies to port environments to increase operational efficiencies. Information technology (IT), operational technology (OT), and Internet of Things (IoT) technologies are being quickly integrated in port operations. These technologies are being integrated less often by single organizations, but frequently across the MTS ecosystem by multiple stakeholders including suppliers, vendors, and operators of other modes of transportation. As a result, IT, OT, and IoT cybersecurity challenges have become community challenges. However, we often try to address them as individual organizational challenges.

Third, we know that there is a shortage of cybersecurity expertise around the globe, and even fewer professionals that are focused on the specific challenges of maritime environments. This shortage places additional pressure on organizations. While the initial reaction to this pressure might be to focus those resources internally, we understand the efficiencies generated by pooling resources into a larger community effort. A team of resources can accomplish more than the sum of its parts.

U.S. Government is adjusting its focus

Well, we’re starting to see government actions to focus resources on these maritime community cybersecurity challenges. In February, the Department of Homeland Security’s (DHS) Federal Emergency Management Agency (FEMA) released the Port Security Grant Program (PSGP) Notice of Funding Opportunity which prioritized cybersecurity as the one area that “attracts the most concern” and subsequently included it as a funding priority for this year’s grants. This is certainly a welcome reprioritization.

A month later, the U.S. Coast Guard published the Navigation and Vessel Inspection Circular (NVIC) No. 01-20: Guidelines for Addressing Cyber Risks at MTSA Regulated Facilities which requires regulated facilities to address cyber risk in their Facility Security Assessments (FSAs) and Facility Secur-ity Plans (FSPs). Industry had been eagerly awaiting this NVIC. While it provides some clarification regarding MTSA requirements, the Coast Guard also released a “Cyber Job Aid” to “provide the service’s marine safety personnel with additional guidance as they address facilities’ documented cyber vulnerabilities.”

Unfortunately (and please keep in mind challenges #2 and #3 above), this guidance is being read by some who may not understand the details of cybersecurity as to what is required to manage cyber risk. The NVIC and the “Cyber Job Aid” fail to mention some of the basics of cybersecurity (e.g., access control lists, alerts, securing APIs, asset inventory, availability — those are just some of the As, let alone B-to-Z).

Helping connect the community

How can we help break this cycle by managing risk through “checklist cyber controls” to address compliance requirements?  First, we have to acknowledge the challenges above as well as the limitations of traditional approaches. The MTS-ISAC community, which engages both public and private sector stakeholders, is leveraging historical, regional relationships in a new way to address local cybersecurity challenges while maintaining global connectedness and situational awareness.

The MTS-ISAC has issued several TLP:GREEN Advisories that highlighted how threat actors have targeted MTS critical infrastructure, and how security controls can prevent unauthorized access to port systems. These advisories are shared quickly throughout the MTS-ISAC community and then more broadly with the maritime community with actionable intelligence and cybersecurity control recommendations to help other MTS stakeholders prevent similar cyber risk from impacting them. Stakeholders have not seen this type of timely advisory used in the maritime sector other than by the MTS-ISAC.

While working at the international as well as the local level to share malicious and suspicious cybersecurity activity is effective, local communities also provide a connectedness for working together on educational initiatives, adoption of best practices, and incident preparedness through exercises and response plans. We will be more successful in mitigating cyber risks through an MTS and critical infrastructure all-hands approach — private and public sector working together, private sector working together at a local level with global connectedness, and cross-sector collaboration. In addition to issuing regular TLP-GREEN advisories to trusted maritime stakeholders, the MTS-ISAC is holding regular webinars to raise awareness on a variety of maritime cybersecurity topics, including a recent informational webinar on protecting GPS, and supporting local maritime cybersecurity exercises.

For more information on the MTS-ISAC, visit https://www.mtsisac.org/. We hope you will join our community and learn more about efforts underway to manage cyber risk at the Maritime Cybersecurity Summit in Orlando, FL November 4-5, 2020 (https://www.maritimecybersecuritysummit.com/).  


Although shipowners have until 1 January 2020 to retrofit cyber risk management into their ship safety management systems to meet IMO’s updated requirements within the International Ship Management (ISM) Code,

But owners should work with shipyards to adopt cyber-secure operational technology (OT) during ship construction, panellists said during Riviera’s ‘Cyber security: readying for the ISM Code’s 1 January 2021 requirements’ webinar.

This was held on 5 August in association with premier partner ClassNK and sponsor F-Secure as part of Riviera’s Maritime Cyber Security Webinar Week.

Panellists included ClassNK cyber security team deputy manager Makiko Tani, TÜV Rheinland director for consulting services in Asia Pacific for cyber security and functional safety Rajeev Sukumaran, Moran Cyber managing director Captain Alex Soukhanov and Beazley senior risk manager Kelly Malynn.

During the webinar, they discussed how shipping companies can incorporate cyber security into their safety management systems no later than the first annual verification of the company’s document of compliance following 1 January 2021.

The panellists clarified IMO’s requirements, confirmed what owners and operators need to do now, and underlined the help and advice available.

Ms Tani said cyber security “should not just be about compliance” but could open “new opportunities for business and new innovations”. She said owners with existing fleets need to understand the OT on ships and required cyber risk controls. “Aim high, but start small,” Ms Tani said. “Start from knowing the vessels and being aware of the onboard OT and IT, and where these meet.”

This is easier if owners engage with shipyards and classification societies during the newbuilding phase.

“Ships can be designed to be cyber-secure,” said Ms Tani. “Ships can be constructed with cyber security capacity” and with class society cyber secure notations.

Mr Sukumaran agreed cyber security should start with ship design. “Builders, designers, owners, etc all need to be taking in cyber security,” he said.

Cyber security was not just about onboard IT and OT, said Mr Sukumaran, as ships were part of a much wider ecosystem involving ports and supply chains. “It is not just about technology, owners need supporting processes and procedures,” he said.

Capt Soukhanov brought a seafarer’s perspective to cyber risk management in his presentation. He agreed cyber security should be incorporated in the build stage. “We are currently retrofitting cyber security” into existing ships, he said.

Which is why all of the supply chain needs to be included in the process. “Our number one priority is the business strategy, as digitalisation needs to be protected,” Capt Soukhanov said, adding that ship operators and vendors “should collaborate and work together to protect onboard systems”.

Ms Malynn said vessel owners should use these requirements to incorporate cyber risk management under the ISM Code “as an opportunity to get to know vessels”. It is also an opportunity to review insurance cover for cyber risk.

She recommended owners conduct risk assessments and gain a better understanding of the cyber threats and vulnerabilities on ships. “Risk assessment quality is important. Owners need to invest in this,” Ms Malynn said.

You can view the webinar, in full, along with the rest of our Cyber Security Week webinars in our webinar library.

And you can sign up to attend our upcoming webinars on our events page.

Source: rivieramm


Cyberattacks on the maritime industry’s operational technology systems have increased by 900% over the last three years with the number of reported incidents set to reach record volumes by year-end, according to Israeli cybersecurity specialist Naval Dome.

Addressing port and terminal operators during an online forum last week, Robert Rizika, Naval Dome’s Boston-based Head of North American Operations, explained that in 2017 there were 50 significant OT hacks reported, increasing to 120 in 2018 and more than 310 last year. He said this year is looking like it will end with more than 500 major cyber security breaches, with substantially more going unreported.

Rizika said that since NotPetya – the virus that resulted in a $300 million loss for Maersk – “attacks are increasing at an alarming rate”.

Recalling recent attacks, he told delegates that in 2018 the first ports were affected, with Barcelona, then San Diego falling under attack. Australian shipbuilder Austal was hit and the attack on COSCO took down half of the shipowner’s US network.

He said this year a US-based gas pipeline operator and shipping company MSC have been hit by malware, of which the latter incident shut down the shipowner’s Geneva HQ for five days. A US-based cargo facility’s operating systems were infected with the Ryuk ransomware, and last month the OT systems at Iran’s Shahid Rajee port were hacked, restricting all infrastructure movements, creating a massive backlog.

Intelligence from Iran, along with digital satellite imagery, showed the Iranian port in a state of flux for several days. Dozens of cargo ships and oil tankers waiting to offload, while long queues of trucks formed at the entrance to the port stretching for miles, according to Naval Dome.

Emphasising the economic impact and ripple effect of a cyber-attack on port infrastructures, Rizika revealed that a report published by Lloyd’s of London indicated that if 15 Asian ports were hacked financial losses would be more than $110 billion, a significant amount of which would not be recovered through insurance policies, as OT system hacks are not covered.

The network connecting RTGs, STS cranes, traffic control and vessel berthing systems, cargo handling and safety and security systems, etc., – are all under threat, Rizika said.

“Unlike the IT infrastructure, there is no “dashboard” for the OT network allowing operators to see the health of all connected systems. Operators rarely know if an attack has taken place, invariably writing up any anomaly as a system error, system failure, or requiring restart.

“They don’t know how to describe something unfamiliar to them. Systems are being attacked but they are not logged as such and, subsequently, the IT network gets infected,” Rizika explained.

“What is interesting is that many operators believe they have this protected with traditional cybersecurity, but the firewalls and software protecting the IT side, do not protect individual systems on the OT network,” he said.

An example would be the installation of an antivirus system on a vessel bridge navigation system (ECDIS) or, alternatively, a positioning system in a floating rig DP (Dynamic Positioning), or on one of the dock cranes on the pier side of the port.

“The antivirus system would very quickly turn out to be non-essential, impairing and inhibiting system performance. Antivirus systems are simply irrelevant in places where the attacker is anonymous and discreet,” he said.

“Operational networks, in contrast to information networks, are measured by their performance level. Their operation cannot be disconnected and stopped. An emergency state in these systems can usually only be identified following a strike and they will be irreparable and irreversible.”

Where OT networks are thought to be protected, Rizika said they are often inadequate and based on industrial computerised system, operating in a permanent state of disconnection from the network or, alternatively, connected to port systems and the equipment manufacturer’s offices overseas via RF radio communication (wi-fi) or a cellular network (via SIM).

“Hackers can access the cranes, they can access the storage systems, they can penetrate the core operational systems either through cellular connections, wi-fi, and USB sticks. They can penetrate these systems directly.”

Rizika said that as the maritime industry moves towards greater digitalisation and increases the use of networked, autonomous systems, moving more equipment and technologies online, more vulnerabilities, more loopholes, will be created.

There will be a whole series of new cyber security openings through which people can attack if systems are not properly protected.

“If just one piece of this meticulously-managed operation goes down it will create unprecedented backlog and impact global trade, disrupting operations and infrastructure for weeks if not months, costing tens of millions of dollars in lost revenues.”

Naval Dome also predicts that cyber criminals, terrorists and rogue states will at some point begin holding the environment to ransom.

“One area we see becoming a major issue is cyber-induced environmental pollution. Think about it: you have all these ships in ports, hackers can easily over-ride systems and valves to initiate leaks and dump hazardous materials, ballast water, fuel oil, etc.,” Rizika warned.

He said a deep understanding of the differences between the two spaces is vital.

There is a disconnect between IT and OT security. There is no real segregation between the networks. People can come in on the OT side and penetrate the IT side. We are actually seeing this now. Successful IT network hacks have their origins in initial penetration of the OT system.”

Rizika warned that if many operators are not even aware that they are being attacked, stressing that they need to start to work on prevention before it is too late, especially since the risk of attacks and their frequency rise.

Source: offshore-energy


What is Maritime Security?

Maritime cybersecurity is essentially the collection of policies, tools, habits, security safeguards, and guidelines that maritime groups implement in order to protect their organizations, vessels, and associated networks.

According to the International Maritime Organization (IMO), “​Maritime cyber risk refers to a measure of the extent to which a technology asset could be threatened by a potential circumstance or event, which may result in shipping-related operational, safety or security failures as a consequence of information or systems being corrupted, lost or compromised.”

Over the years, maritime technology has improved rather significantly. Yet over that same time, many organizations have continued to leverage legacy technologies that were never built to be connected to the internet. This has exposed vessels and maritime networks to increased risk.

“There was a time when connectivity on a vessel was minimal, and ship control engineers addressed security issues with air gapping to physically isolate a secure network from unsecured networks. By definition, an air-gapped system is neither connected to the Internet nor any other system,” Mission Secure explains. “But now, using something as simple as a USB flash drive or unsecured Wi-Fi connection, a malicious hacker or even an inexperienced insider could infiltrate and infect critical systems. This development is especially concerning given the connectivity of modern maritime vessels.

4 Tips for Better Maritime Security

In 2020, the need for better maritime security is clear and convincing. Here are some tips organizations within the industry can use to stay safe:

1. Emphasize Physical Security

Believe it or not, physical security comes first. Many cyberattacks are made possible by giving physical access to people who have no business interacting with certain parts of the network or system.

Good physical security calls for vigilance, continuous monitoring, and regular drills. These drills will help you identify weaknesses that may not be obvious otherwise. Try surveying your team, analyzing crew performance, and studying all duties of the ship security officer so that you can identify and phase out any loopholes that represent a vulnerability.

2. Manage User Privileges

All users should be given the least amount of access they need to perform the duties that align with their job role. Be reasonable, but certainly don’t be liberal in how you hand out user privileges.

When granting high level system privileges, users should be carefully monitored and managed. In other words, access doesn’t mean the individual has free reign. Multi-layered safeguards are a must.

3. Invest in Malware Prevention

Malware can be referred to as any type of malicious content that’s intended to access, influence, and/or damage key systems of a computer or network. When deployed successfully, a piece of malware acts as a virus – seriously impacting all of the ship’s systems and services.

Maritime organizations must be serious about investing in and implementing the right anti-malware policies and solutions. And once implemented, they need to be rigorously monitored and updated to stay fully operational.

4. Develop a Robust Strategy

Mission Secure believes in a six-part cybersecurity risk management approach. While it’s a complex process with too many proprietary steps to outline here, it’s basically broken down like this:

  • Identify threats. Make a thorough list of all internal and external cybersecurity threats to the ship.
  • Identify vulnerabilities. Develop a comprehensive inventory of all onboard systems that have direct and indirect communication.
  • Assess risk exposure. Analyze the risk exposure of internal threats, external threats, and all vulnerabilities. Determine the likelihood of being exposed in any of these ways.
  • Develop protection and detection measures. The plan should include tactics for reducing the likelihood of being compromised, as well as the impact of certain vulnerabilities being exploited.
  • Establish contingency plans. This plan should have a prioritized list of action steps to mitigate cyber risks as they’re detected.
  • Respond and recover. Focus on recovering and strengthening cyber defenses so that similar future attacks don’t stand a chance of being successful.

A meticulous approach like this takes time to develop, but creates a strong defense that stands up in even the most hostile environments. A failure to invest in a 360-degree strategy like this could lead to serious compromises.

Safer Times Ahead

While the industry is moving fast to protect against cyber attacks, it’s going to take a while for all of the major maritime companies to coalesce around comprehensive cybersecurity strategies that stand up to the latest and most advanced threats. But once the wrinkles get ironed out, it’ll be smooth sailing into the future.

Source: smartdatacollective


The Maryland Department of Transportation Maryland Port Administration (MDOT MPA) was awarded $1,158,589 in the most recent round of the Federal Emergency Management Agency’s (FEMA) Port Security Grant Program. The funding is designated to strengthen cyber security initiatives and closedcircuit television (CCTV) capabilities at the state-owned, public marine terminals of the Helen Delich Bentley Port of Baltimore.

Governor Larry Hogan said:

“Throughout the COVID-19 pandemic, the dedicated employees at the Port of Baltimore have continued to welcome the ships that maintain our supply chain and keep shelves stocked across our state. Our world-class Port is already among the most secure in the United States, and this funding supports our commitment to protect Port employees and the cargo that travels in and out of Maryland.”

For 11 consecutive years, the Port of Baltimore’s public marine terminals have received a top rating on an annual security assessment conducted by the U.S. Coast Guard. The Port of Baltimore was also recognized earlier this year by Security magazine in its listing of top U.S. sea and airports for ongoing security programs and initiatives.

MDOT Transportation Secretary Greg Slater said:

“Security is an essential part of day-to-day operations at the Port of Baltimore, and is critical for our workers and customers. Maryland’s recovery will depend on a vibrant port, and our focus on security gives clients confidence that Maryland is not only open for business, but is a secure place to conduct business.”

MDOT MPA Executive Director Bill Doyle said:

“The Port of Baltimore already has a stellar reputation in the maritime industry for its security program, and this grant will help us make it even better. This grant reflects FEMA’s confidence in our security initiatives, and we appreciate that support.”

Source: seawanderer


Commercial Port of Vladivostok in Russia has been announced as the latest supply chain stakeholder to join the TradeLens blockchain platform.

TradeLens was created by Maersk and IBM and launched in late 2018, using blockchain technologies to allow data and digitised documents to be securely exchanged between cargo owners, shipping companies, customs authorities, ports and terminal operators.

The platform can be used to speed up the process of exchanging documents such as bills of lading for cargo, sanitary certificates, or invoices for payment, while still maintaining security and certainty in the chain of ownership across the supply chain in the absence of paper copies by using the blockchain.

“We are now testing the system and transferring information about loading and discharge of cargo, and berthing of vessels to the blockchain platform,” said Anton Popov, director of the IT department at Commercial Port of Vladivostok.

“After complete integration of the system, we will be able to optimise work with regulatory authorities, reduce the time required for processing documents and receive updates from the sea carrier online.”

Source: smartmaritimenetwork


UK-based but globally-minded CyberOwl, a cyber curity startup whose platform helps to safeguard transport and infrastructure systems, has raised a further €2 million to help expand its business in the maritime sector.

CyberOwl, founded in 2016, provides early warning of cyber security breaches in assets such as ships, ports, industrial plants and infrastructure and sets out clear priorities on how to tackle them. Maritime security is a hot topic right now, with the International Maritime Organisation having ordered fleet operators to address their cyber security by 1 January 2021, due to increasing targets by cyber criminals and facing pressure from regulators. The startup, which is Coventry University spinout, has already been working with maritime operators in Greece, Singapore and Asia.

The recent funding round was led by 24 Haymarket, Mercia’s EIS funds, and the MEIF Proof of Concept & Early Stage Fund, which is managed by Mercia as part of the Midlands Engine Investment Fund. The latest investment will allow the company to expand its global client base and establish itself as a leader in cyber security for shipping lines and port operators.

The Midlands Engine Investment Fund project is supported financially by the European Union using funding from the European Regional Development Fund (ERDF) as part of the European Structural and Investment Funds Growth Programme 2014-2020 and the European Investment Bank.

CEO of CyberOwl, Dan Ng, said: “The world may be adjusting to a new reality but cyber attackers have had years of experience in remote working and thrive in chaotic environments like this. The Covid-19 crisis will put even greater pressure on maritime operators to manage their cyber risks. This round of investment puts us in a strong position to help them continue to secure their systems and comply with security standards.”

David Baker, Investment Manager with Mercia, added: “Mercia has supported CyberOwl from the early days and we are pleased to do so once again in this latest funding round. CyberOwl has made real progress in generating interest from businesses in the past year and is emerging as a leader in cybersecurity for the maritime industry. This further investment will allow it to capitalise on the opportunities created to date.”

Pat Hanlon, Board Director for Access to Finance at GBSLEP, said: “CyberOwl is a hugely ambitious business which has developed at an impressively quick rate and it’s fantastic to be able to provide them with this sort of support. At a time when organisations have had to rely on digital technology more than ever, CyberOwl is providing important support across the globe, and we’re excited to see the business go from strength to strength.” 

Source: eu-startups.


Source: Riviera – News Content Hub – Why cyber security should start in the shipyard

 


According to Naval Dome, the maritime industry has seen a 900% increase in cyber-attacks since 2017

Better late than never seems to be the motto being followed by the International Maritime Organization (IMO), which issued a deadline of January 2021 to shipowners and operators to address cyber risks in existing safety management systems (SMS). In 2013, Trend Micro, a cybersecurity firm in Japan, demonstrated how the automatic identification system (AIS) used by ships to broadcast their identity and position, could be manipulated and compromised. Besides AIS, which continues to be unencrypted and loaded with security flaws, even the rest of the OT infrastructure used in the maritime industry hasn’t kept up with evolving cyber risks. Let’s take a closer look at some of the systems that can potentially come under attack.

Cyber Risks in the Maritime Industry

The shipping giant, Maersk, fell victim to the NotPetya malware in June 2017, which resulted in financial losses of up to USD300m. It brought 76 port terminals across the world, and its container ships at sea to a halt. COSCO shipping lines, and Austal (an Australia-based ferry and defense shipbuilder), were also hit by a cyber-attack in 2018.
When we’re talking about cyber risks in the maritime industry, we need to consider not only information security risks that compromise the confidentiality of data, its integrity, and availability but also risks to operation technology (ICS/SCADA) systems. Some of the systems that might get impacted are as follows:
  • Navigation systems (ECDIS, Radar, GPS, etc.) can be manipulated using jamming and spoofing techniques.
  • Communication systems (sat link, AIS, GSM, etc.) can be targeted by attacking the wireless link.
  • Loading and stability of the ship can be modified by manipulating the EDIFACT messages to destabilize ships, cause delays at ports, change price details, etc.
  • Global Maritime Distress and Safety System (GMDSS) sends or receives distress alerts from ship-to-shore, shore-to-ship, and ship-to-ship. According to IOActive, terminals running on the insecure ThraneLink protocol are prone to attacks.
  • Ship and crew networks are often not properly segregated and can be compromised via email, social engineering attacks, malware downloads, etc.
  • Sensors (temperature, pressure, level, current, anemometer, etc.) connected to the shipboard LAN, if compromised, can lead to misrepresented data on the ship’s Electronic Chart Display and Information Systems (ECDIS).
  • Third-party updates and remote access to service providers on the shoreside can also be one of the attack vectors.
AIS, used for collision avoidance and traffic monitoring, receives the location data from GPS (or any location-sensing technology) and then broadcasts this information to nearby ships and onshore receivers. GPS manipulation and spoofed AIS data can make ships appear or disappear and create ‘ghost’ ships that could ultimately lead to collisions or unplanned changes to a ship’s route to avoid one. They can also cause a distorted view of commodity flows, supply and demand at ports, impact trading models due to false data, etc.
Figure 1: Working principle of AIS; Image Source: https://aulanautica.org/wp-content/uploads/2015/03/TEMARIO-PY-140.jpg
The shipping industry has been known to be vulnerable to GPS jamming and spoofing attacks. South Korea reported the return of 280 vessels to port due to problems in their navigation system in 2016, while, more recently, in 2019, spoofing attacks on hundreds of vessels were carried out in China.
Even without manipulating signals, sending phishing emails, or hacking into these systems using various channels, an attacker can collect a lot of information about their target merely by searching the internet.  This information can be put to good use in the later stages of an attack.

Leveraging OSINT to Gather Ship Data

OSINT refers to Open Source Intelligence that relies on publicly disclosed resources to gather information about an entity of interest. The information collection process is carried out passively without any direct contact with the target. Public resources such as blog posts, social media sites, discussion boards, etc. are typically used though more specialized tools such as Shodan, Maltego, etc. can also be deployed.
Shodan is a powerful search engine for IoT devices. It can not only find VSATs, comm boxes, etc. but also list open ports on these devices and
vulnerabilities based on their technology stack. The screenshots below are from a Very Small Aperture Terminal (VSAT) device that discloses information such as the exact location of the ship, the vessel’s name, etc. Entering the latitude and longitude information on Google Maps pulls up the image of the ship on sea, nearby ports, etc.
Figure 2: VSAT Dashboard of a Ship
The user login and administration screens can also be accessed. A simple google search can be used to find the default credentials (admin/1234, in this case). Considering that most of these devices do not use SSL certificates, do not update their software versions or run on outdated hardware components, there is a fair chance that many of them would not have changed the default login credentials.
Figure 3: Login Screen
Figure 4: A CommBox with network config information revealed by hovering over the VSAT tab.
Figure 5: Vulnerability list and open ports from a VSAT on Shodan
Other details such as the flag under which the ship is sailing, call sign, IMO number, other vessels close to it, etc. can also be found using websites like MarineTrafficVesselFinder, etc. They also feature a live tracking map that plots all the ships out on the sea and whose details can be obtained by clicking on an arrowhead.
Figure 6: Ship Details
Any malicious actor can launch an attack by sending phishing messages or emails to the crew currently working on these ships. Most of them have access to emails, messaging apps, or can be found via social media. The crew network is not always properly isolated from the ship network, and a foothold can potentially be gained via this channel. At the very least, there is a decent chance to phish the credentials used by the target crew member, especially if additional OSINT is done. MyShip is one such networking platform for seafarers running over an unsecured HTTP connection.
Figure 8: MyShip Portal
Figure 7: Crew member listing

Wrapping Up

According to a study done by Futurenautics in 2018, just under half of the active mariner respondents claimed to have sailed on a vessel compromised by a cyber-attack, and only 15% of seafarers received any form of cybersecurity training. These numbers are indicative of a general lack of awareness on safe security practices that can be improved through training and workshops. What will prove challenging is discontinuing obsolete components and upgrading systems to patch vulnerabilities, given that a ship’s operation technology can have dire physical impacts from accidental or malicious modifications.

Source: hackernoon


CYBER-attacks on the maritime industry’s operational technology (OT) systems have increased by 900% over the last three years with the number of reported incidents set to reach record volumes by year end. ADVERTISING Addressing port and terminal operators during an online forum last week, Robert Rizika, Naval Dome’s Boston-based Head of North American Operations, explained that in 2017 there were 50 significant OT hacks reported, increasing to 120 in 2018 and more than 310 last year. He said this year is looking like it will end with more than 500 major cyber security breaches, with substantially more going unreported. Speaking during the 2020 Port Security Seminar & Expo, a week-long virtual conference organised by the American Association of Port Authorities, Rizika said that since NotPetya – the virus that resulted in a US$300 million loss for Maersk – “attacks are increasing at an alarming rate”. READ ALSO:Westerhof sues Bonfrere over allegations of match-fixing Recalling recent attacks, he told delegates that in 2018 the first ports were affected, with Barcelona, then San Diego falling under attack. Australian shipbuilder Austal was hit and the attack on COSCO took down half of the shipowner’s US network. He said this year a US-based gas pipeline operator and shipping company MSC have been hit by malware, of which the latter incident shut down the shipowner’s Geneva HQ for five days. A US-based cargo facility’s operating systems were infected with the Ryuk ransomware, and last month the OT systems at Iran’s Shahid Rajee port were hacked, restricting all infrastructure movements, creating a massive back log. Reports of this attack have gone some way in raising public awareness of the potential wider impact of cyber threats on ports around the world. Intelligence from Iran, along with digital satellite imagery, showed the Iranian port in a state of flux for several days. Dozens of cargo ships and oil tankers waiting to offload, while long queues of trucks formed at the entrance to the port stretching for miles, according to Naval Dome. Emphasising the economic impact and ripple effect of a cyber-attack on port infrastructures, Rizika revealed that a report published by Lloyd’s of London indicated that if 15 Asian ports were hacked financial losses would be more than US$110 billion, a significant amount of which would not be recovered through insurance policies, as OT system hacks are not covered. Going on to explain which parts of the OT system – the network connecting RTGs, STS cranes, traffic control and vessel berthing systems, cargo handling and safety and security systems, etc., – are under threat, Rizika said all of them. “Unlike the IT infrastructure, there is no “dashboard” for the OT network allowing operators to see the health of all connected systems. Operators rarely know if an attack has taken place, invariably writing up any anomaly as a system error, system failure, or requiring restart. “They don’t know how to describe something unfamiliar to them. Systems are being attacked but they are not logged as such and, subsequently, the IT network gets infected,” Rizika explained. “What is interesting is that many operators believe they have this protected with traditional cyber security, but the fire walls and software protecting the IT side, do not protect individual systems on the OT network,” he said. An example would be the installation of an antivirus system on a vessel bridge navigation system (ECDIS) or, alternatively, a positioning system in a floating rig DP (Dynamic Positioning), or on one of the dock cranes on the pier side of the port. “The antivirus system would very quickly turn out to be non-essential, impairing and inhibiting system performance. Antivirus systems are simply irrelevant in places where the attacker is anonymous and discreet,” he said. “Operational networks, in contrast to information networks, are measured by their performance level. Their operation cannot be disconnected and stopped. An emergency state in these systems can usually only be identified following a strike and they will be irreparable and irreversible.” Where OT networks are thought to be protected, Rizika said they are often inadequate and based on industrial computerised system, operating in a permanent state of disconnection from the network or, alternatively, connected to port systems and the equipment manufacturer’s offices overseas via RF radio communication (wi-fi) or a cellular network (via SIM). “Hackers can access the cranes, they can access the storage systems, they can penetrate the core operational systems either through cellular connections, wi-fi, and USB sticks. They can penetrate these systems directly.” Rizika said that as the maritime industry moves towards greater digitalisation and increases the use of networked, autonomous systems, moving more equipment and technologies online, more vulnerabilities, more loopholes, will be created. “There will be a whole series of new cyber security openings through which people can attack if systems are not properly protected. “If just one piece of this meticulously-managed operation goes down it will create unprecedented backlog and impact global trade, disrupting operations and infrastructure for weeks if not months, costing tens of millions of dollars in lost revenues.” Naval Dome also predicts that cyber criminals, terrorists and rogue states will at some point begin holding the environment to ransom. “One area we see becoming a major issue is cyber-induced environmental pollution. Think about it: you have all these ships in ports, hackers can easily over-ride systems and valves to initiate leaks and dump hazardous materials, ballast water, fuel oil, etc.,” Rizika warned. Offering advice on the first steps port operators need to take to protect their OT systems, he said a deep understanding of the differences between the two spaces is vital. “There is a disconnect between IT and OT security. There is no real segregation between the networks. People can come in on the OT side and penetrate the IT side. We are actually seeing this now. Successful IT network hacks have their origins in initial penetration of the OT system.” In a pre-recorded message broadcast during Naval Dome’s presentation, Rear Admiral (Retd) Shiko Zana, the CEO of Ashdod Port, said: “We have become more aware of the growing cyber threat to OT systems. Naval Dome has a unique cyber defence solution capable of protecting against both internal and external cyber attack vectors. The solution provides protection for OT systems.” Vanguard

Read more at: https://www.vanguardngr.com/2020/07/maritime-cyber-attacks-increase-by-900-in-three-years/


Company DETAILS

SHIP IP LTD
VAT:BG 202572176
Rakovski STR.145
Sofia,
Bulgaria
Phone ( +359) 24929284
E-mail: sales(at)shipip.com

ISO 9001:2015 CERTIFIED