MARITIME CYBER SECURITY Archives - Page 31 of 40 - SHIP IP LTD

Port of Vladivostok joins TradeLens

August 13, 2020 MARITIME CYBER SECURITY

Commercial Port of Vladivostok in Russia has been announced as the latest supply chain stakeholder to join the TradeLens blockchain platform.

TradeLens was created by Maersk and IBM and launched in late 2018, using blockchain technologies to allow data and digitised documents to be securely exchanged between cargo owners, shipping companies, customs authorities, ports and terminal operators.

The platform can be used to speed up the process of exchanging documents such as bills of lading for cargo, sanitary certificates, or invoices for payment, while still maintaining security and certainty in the chain of ownership across the supply chain in the absence of paper copies by using the blockchain.

“We are now testing the system and transferring information about loading and discharge of cargo, and berthing of vessels to the blockchain platform,” said Anton Popov, director of the IT department at Commercial Port of Vladivostok.

“After complete integration of the system, we will be able to optimise work with regulatory authorities, reduce the time required for processing documents and receive updates from the sea carrier online.”

Source: smartmaritimenetwork

CyberOwl nabs €2 million to increase global maritime cyber security

August 13, 2020 MARITIME CYBER SECURITY

UK-based but globally-minded CyberOwl, a cyber curity startup whose platform helps to safeguard transport and infrastructure systems, has raised a further €2 million to help expand its business in the maritime sector.

CyberOwl, founded in 2016, provides early warning of cyber security breaches in assets such as ships, ports, industrial plants and infrastructure and sets out clear priorities on how to tackle them. Maritime security is a hot topic right now, with the International Maritime Organisation having ordered fleet operators to address their cyber security by 1 January 2021, due to increasing targets by cyber criminals and facing pressure from regulators. The startup, which is Coventry University spinout, has already been working with maritime operators in Greece, Singapore and Asia.

The recent funding round was led by 24 Haymarket, Mercia’s EIS funds, and the MEIF Proof of Concept & Early Stage Fund, which is managed by Mercia as part of the Midlands Engine Investment Fund. The latest investment will allow the company to expand its global client base and establish itself as a leader in cyber security for shipping lines and port operators.

The Midlands Engine Investment Fund project is supported financially by the European Union using funding from the European Regional Development Fund (ERDF) as part of the European Structural and Investment Funds Growth Programme 2014-2020 and the European Investment Bank.

CEO of CyberOwl, Dan Ng, said: “The world may be adjusting to a new reality but cyber attackers have had years of experience in remote working and thrive in chaotic environments like this. The Covid-19 crisis will put even greater pressure on maritime operators to manage their cyber risks. This round of investment puts us in a strong position to help them continue to secure their systems and comply with security standards.”

David Baker, Investment Manager with Mercia, added: “Mercia has supported CyberOwl from the early days and we are pleased to do so once again in this latest funding round. CyberOwl has made real progress in generating interest from businesses in the past year and is emerging as a leader in cybersecurity for the maritime industry. This further investment will allow it to capitalise on the opportunities created to date.”

Pat Hanlon, Board Director for Access to Finance at GBSLEP, said: “CyberOwl is a hugely ambitious business which has developed at an impressively quick rate and it’s fantastic to be able to provide them with this sort of support. At a time when organisations have had to rely on digital technology more than ever, CyberOwl is providing important support across the globe, and we’re excited to see the business go from strength to strength.” 

Source: eu-startups.

Why cyber security should start in the shipyard

August 13, 2020 MARITIME CYBER SECURITY

Source: Riviera – News Content Hub – Why cyber security should start in the shipyard

 

Using OSINT for Maritime Intelligence

August 6, 2020 MARITIME CYBER SECURITY

According to Naval Dome, the maritime industry has seen a 900% increase in cyber-attacks since 2017

Better late than never seems to be the motto being followed by the International Maritime Organization (IMO), which issued a deadline of January 2021 to shipowners and operators to address cyber risks in existing safety management systems (SMS). In 2013, Trend Micro, a cybersecurity firm in Japan, demonstrated how the automatic identification system (AIS) used by ships to broadcast their identity and position, could be manipulated and compromised. Besides AIS, which continues to be unencrypted and loaded with security flaws, even the rest of the OT infrastructure used in the maritime industry hasn’t kept up with evolving cyber risks. Let’s take a closer look at some of the systems that can potentially come under attack.

Cyber Risks in the Maritime Industry

The shipping giant, Maersk, fell victim to the NotPetya malware in June 2017, which resulted in financial losses of up to USD300m. It brought 76 port terminals across the world, and its container ships at sea to a halt. COSCO shipping lines, and Austal (an Australia-based ferry and defense shipbuilder), were also hit by a cyber-attack in 2018.
When we’re talking about cyber risks in the maritime industry, we need to consider not only information security risks that compromise the confidentiality of data, its integrity, and availability but also risks to operation technology (ICS/SCADA) systems. Some of the systems that might get impacted are as follows:
  • Navigation systems (ECDIS, Radar, GPS, etc.) can be manipulated using jamming and spoofing techniques.
  • Communication systems (sat link, AIS, GSM, etc.) can be targeted by attacking the wireless link.
  • Loading and stability of the ship can be modified by manipulating the EDIFACT messages to destabilize ships, cause delays at ports, change price details, etc.
  • Global Maritime Distress and Safety System (GMDSS) sends or receives distress alerts from ship-to-shore, shore-to-ship, and ship-to-ship. According to IOActive, terminals running on the insecure ThraneLink protocol are prone to attacks.
  • Ship and crew networks are often not properly segregated and can be compromised via email, social engineering attacks, malware downloads, etc.
  • Sensors (temperature, pressure, level, current, anemometer, etc.) connected to the shipboard LAN, if compromised, can lead to misrepresented data on the ship’s Electronic Chart Display and Information Systems (ECDIS).
  • Third-party updates and remote access to service providers on the shoreside can also be one of the attack vectors.
AIS, used for collision avoidance and traffic monitoring, receives the location data from GPS (or any location-sensing technology) and then broadcasts this information to nearby ships and onshore receivers. GPS manipulation and spoofed AIS data can make ships appear or disappear and create ‘ghost’ ships that could ultimately lead to collisions or unplanned changes to a ship’s route to avoid one. They can also cause a distorted view of commodity flows, supply and demand at ports, impact trading models due to false data, etc.
Figure 1: Working principle of AIS; Image Source: https://aulanautica.org/wp-content/uploads/2015/03/TEMARIO-PY-140.jpg
The shipping industry has been known to be vulnerable to GPS jamming and spoofing attacks. South Korea reported the return of 280 vessels to port due to problems in their navigation system in 2016, while, more recently, in 2019, spoofing attacks on hundreds of vessels were carried out in China.
Even without manipulating signals, sending phishing emails, or hacking into these systems using various channels, an attacker can collect a lot of information about their target merely by searching the internet.  This information can be put to good use in the later stages of an attack.

Leveraging OSINT to Gather Ship Data

OSINT refers to Open Source Intelligence that relies on publicly disclosed resources to gather information about an entity of interest. The information collection process is carried out passively without any direct contact with the target. Public resources such as blog posts, social media sites, discussion boards, etc. are typically used though more specialized tools such as Shodan, Maltego, etc. can also be deployed.
Shodan is a powerful search engine for IoT devices. It can not only find VSATs, comm boxes, etc. but also list open ports on these devices and
vulnerabilities based on their technology stack. The screenshots below are from a Very Small Aperture Terminal (VSAT) device that discloses information such as the exact location of the ship, the vessel’s name, etc. Entering the latitude and longitude information on Google Maps pulls up the image of the ship on sea, nearby ports, etc.
Figure 2: VSAT Dashboard of a Ship
The user login and administration screens can also be accessed. A simple google search can be used to find the default credentials (admin/1234, in this case). Considering that most of these devices do not use SSL certificates, do not update their software versions or run on outdated hardware components, there is a fair chance that many of them would not have changed the default login credentials.
Figure 3: Login Screen
Figure 4: A CommBox with network config information revealed by hovering over the VSAT tab.
Figure 5: Vulnerability list and open ports from a VSAT on Shodan
Other details such as the flag under which the ship is sailing, call sign, IMO number, other vessels close to it, etc. can also be found using websites like MarineTrafficVesselFinder, etc. They also feature a live tracking map that plots all the ships out on the sea and whose details can be obtained by clicking on an arrowhead.
Figure 6: Ship Details
Any malicious actor can launch an attack by sending phishing messages or emails to the crew currently working on these ships. Most of them have access to emails, messaging apps, or can be found via social media. The crew network is not always properly isolated from the ship network, and a foothold can potentially be gained via this channel. At the very least, there is a decent chance to phish the credentials used by the target crew member, especially if additional OSINT is done. MyShip is one such networking platform for seafarers running over an unsecured HTTP connection.
Figure 8: MyShip Portal
Figure 7: Crew member listing

Wrapping Up

According to a study done by Futurenautics in 2018, just under half of the active mariner respondents claimed to have sailed on a vessel compromised by a cyber-attack, and only 15% of seafarers received any form of cybersecurity training. These numbers are indicative of a general lack of awareness on safe security practices that can be improved through training and workshops. What will prove challenging is discontinuing obsolete components and upgrading systems to patch vulnerabilities, given that a ship’s operation technology can have dire physical impacts from accidental or malicious modifications.

Source: hackernoon

Maritime cyber attacks increase by 900% in three years

August 6, 2020 MARITIME CYBER SECURITY

CYBER-attacks on the maritime industry’s operational technology (OT) systems have increased by 900% over the last three years with the number of reported incidents set to reach record volumes by year end. ADVERTISING Addressing port and terminal operators during an online forum last week, Robert Rizika, Naval Dome’s Boston-based Head of North American Operations, explained that in 2017 there were 50 significant OT hacks reported, increasing to 120 in 2018 and more than 310 last year. He said this year is looking like it will end with more than 500 major cyber security breaches, with substantially more going unreported. Speaking during the 2020 Port Security Seminar & Expo, a week-long virtual conference organised by the American Association of Port Authorities, Rizika said that since NotPetya – the virus that resulted in a US$300 million loss for Maersk – “attacks are increasing at an alarming rate”. READ ALSO:Westerhof sues Bonfrere over allegations of match-fixing Recalling recent attacks, he told delegates that in 2018 the first ports were affected, with Barcelona, then San Diego falling under attack. Australian shipbuilder Austal was hit and the attack on COSCO took down half of the shipowner’s US network. He said this year a US-based gas pipeline operator and shipping company MSC have been hit by malware, of which the latter incident shut down the shipowner’s Geneva HQ for five days. A US-based cargo facility’s operating systems were infected with the Ryuk ransomware, and last month the OT systems at Iran’s Shahid Rajee port were hacked, restricting all infrastructure movements, creating a massive back log. Reports of this attack have gone some way in raising public awareness of the potential wider impact of cyber threats on ports around the world. Intelligence from Iran, along with digital satellite imagery, showed the Iranian port in a state of flux for several days. Dozens of cargo ships and oil tankers waiting to offload, while long queues of trucks formed at the entrance to the port stretching for miles, according to Naval Dome. Emphasising the economic impact and ripple effect of a cyber-attack on port infrastructures, Rizika revealed that a report published by Lloyd’s of London indicated that if 15 Asian ports were hacked financial losses would be more than US$110 billion, a significant amount of which would not be recovered through insurance policies, as OT system hacks are not covered. Going on to explain which parts of the OT system – the network connecting RTGs, STS cranes, traffic control and vessel berthing systems, cargo handling and safety and security systems, etc., – are under threat, Rizika said all of them. “Unlike the IT infrastructure, there is no “dashboard” for the OT network allowing operators to see the health of all connected systems. Operators rarely know if an attack has taken place, invariably writing up any anomaly as a system error, system failure, or requiring restart. “They don’t know how to describe something unfamiliar to them. Systems are being attacked but they are not logged as such and, subsequently, the IT network gets infected,” Rizika explained. “What is interesting is that many operators believe they have this protected with traditional cyber security, but the fire walls and software protecting the IT side, do not protect individual systems on the OT network,” he said. An example would be the installation of an antivirus system on a vessel bridge navigation system (ECDIS) or, alternatively, a positioning system in a floating rig DP (Dynamic Positioning), or on one of the dock cranes on the pier side of the port. “The antivirus system would very quickly turn out to be non-essential, impairing and inhibiting system performance. Antivirus systems are simply irrelevant in places where the attacker is anonymous and discreet,” he said. “Operational networks, in contrast to information networks, are measured by their performance level. Their operation cannot be disconnected and stopped. An emergency state in these systems can usually only be identified following a strike and they will be irreparable and irreversible.” Where OT networks are thought to be protected, Rizika said they are often inadequate and based on industrial computerised system, operating in a permanent state of disconnection from the network or, alternatively, connected to port systems and the equipment manufacturer’s offices overseas via RF radio communication (wi-fi) or a cellular network (via SIM). “Hackers can access the cranes, they can access the storage systems, they can penetrate the core operational systems either through cellular connections, wi-fi, and USB sticks. They can penetrate these systems directly.” Rizika said that as the maritime industry moves towards greater digitalisation and increases the use of networked, autonomous systems, moving more equipment and technologies online, more vulnerabilities, more loopholes, will be created. “There will be a whole series of new cyber security openings through which people can attack if systems are not properly protected. “If just one piece of this meticulously-managed operation goes down it will create unprecedented backlog and impact global trade, disrupting operations and infrastructure for weeks if not months, costing tens of millions of dollars in lost revenues.” Naval Dome also predicts that cyber criminals, terrorists and rogue states will at some point begin holding the environment to ransom. “One area we see becoming a major issue is cyber-induced environmental pollution. Think about it: you have all these ships in ports, hackers can easily over-ride systems and valves to initiate leaks and dump hazardous materials, ballast water, fuel oil, etc.,” Rizika warned. Offering advice on the first steps port operators need to take to protect their OT systems, he said a deep understanding of the differences between the two spaces is vital. “There is a disconnect between IT and OT security. There is no real segregation between the networks. People can come in on the OT side and penetrate the IT side. We are actually seeing this now. Successful IT network hacks have their origins in initial penetration of the OT system.” In a pre-recorded message broadcast during Naval Dome’s presentation, Rear Admiral (Retd) Shiko Zana, the CEO of Ashdod Port, said: “We have become more aware of the growing cyber threat to OT systems. Naval Dome has a unique cyber defence solution capable of protecting against both internal and external cyber attack vectors. The solution provides protection for OT systems.” Vanguard

Read more at: https://www.vanguardngr.com/2020/07/maritime-cyber-attacks-increase-by-900-in-three-years/

Cyber security

August 6, 2020 MARITIME CYBER SECURITY

While the IMO has given shipowners and operators until 2021 to incorporate cyber risk into ships’ safety management systems, cyber criminals are already at work. Crises like the COVID-19 pandemic often lead malicious cyber actors to take advantage through various malicious methods.

Also available in Japanese.

To cope with operational issues such as denied physical access, quarantined vessels and travel restrictions, shipowners are now actively opening for remote access and implementing remote digital survey tools towards vessels and encouraging shore staff to work remotely from home.

There is also increased use of mobile devices to access operational systems onboard vessels and core business systems in the company. Unprotected devices could lead to the loss of data, privacy breaches, and systems being held at ransom. Data is an asset and protecting it requires a good balance between confidentiality, integrity and availability.

In an era of cyber everywhere, with more technological transformation, use of cloud, and broader networking capabilities towards vessels, the threat landscape continues to increase. Cyber-criminals will look to attack operational systems and backup capabilities simultaneously in highly sophisticated ways leading to destructive cyber attacks. Cyber security depends not only on how company and shipboard systems and processes are designed but also on how they are used – the human factor.

Cyber risks may not be easy to identify

Criminals trying to exploit the maritime industry, the vessels and their crew are well organised and continuously evolve in the way they operate. This reflects the constantly evolving nature of cyber risk in general. Approaches to cyber risk management need to be company- and vessel specific but must also be guided by requirements contained in relevant national, international and flag state regulations.

Shipowners and operators who have not already done so, should undertake risk assessments and incorporate measures to deal with cyber risks in their ship’s safety management systems (SMS) and crew awareness training. Shipowners and operators should also embed a culture of cyber risk awareness into all levels and departments in the office and on board the vessels. The result should be a flexible cyber risk management regime that is in continuous operation and constantly evaluated through effective feedback mechanisms.

Most Classification societies (Class) and several marine consulting companies have issued guidelines and recommendations on cyber security onboard vessels. Class, as a Recognized Organization on behalf of Flag State authorities, may now also deliver ISM audits which include cyber risk.

Class is also offering a voluntary cyber secure class notation for verifying secure vessel design and operation and cyber secure type approval to support manufacturers with cyber-secure systems and components. As an advisor, Class may also offer cyber security risk assessment, improvement, penetration testing and training support both on board and in the office.

At Gard we strive to protect the interests of our Members and clients in the best possible way. Our recommendation is to take a holistic approach to the cyber risks to protect the confidentiality, integrity and accessibility of both IT and OT systems through measures covering processes, technology and most importantly people. The easiest and most common way for cyber criminals to gain access, is through negligent or poorly trained individuals.

Recommendation No.1: Focus on policies, procedures and risk assessments

The latest Guidelines on Cyber Security Onboard Ships anticipates that cyber incidents will result in physical effects and potential safety and/or pollution incidents. Therefore, companies need to assess the risks arising not only from the use of IT equipment but also from OT equipment onboard ships and establish appropriate safeguards against cyber incidents involving either of these.

Company plans and procedures for cyber risk management must be aligned with existing security and safety risk management requirements contained in the ISPS and ISM Codes as included in company policies. Requirements related to training, operations and maintenance of critical cyber systems should also be included in relevant documentation on-board.

The IMO Maritime Safety Committee (MSC) adopted Resolution MSC.428(98) on Maritime Cyber Risk Management in Safety Management Systems in June 2017. The resolution states that an approved safety management system should include cyber risk management in accordance with the objectives and requirements of the ISM Code, no later than the first annual verification of a company’s Document of Compliance after 1 January 2021.

Based on the recommendations in MSC-FAL.1/Circ.3Guidelines on maritime cyber risk management, the resolution confirms that existing risk management practices should be used to address the operational risks arising from the increased dependence on cyber enabled systems. The guidelines set out the following actions that can be taken to support effective cyber risk management:

  1. Identify: Define the roles responsible for cyber risk management and identify the systems, assets, data and capabilities that, if disrupted, pose a risk to ship operations.
  2. Protect: Implement risk control processes and measures, together with contingency planning to protect against a cyber incident and to ensure continuity of shipping operations.
  3. Detect: Develop and implement processes and defenses necessary to detect a cyber incident in a timely manner.
  4. Respond: Develop and implement activities and plans to provide resilience and to restore the systems necessary for shipping operations or services which have been halted due to a cyber incident.
  5. Recover: Identify how to back-up and restore the cyber systems necessary for shipping operations which have been affected by a cyber incident.

The Document of Compliance holder is ultimately responsible for ensuring the management of cyber risks on board. Where the ship is under third party management, the ship manager is advised to reach an agreement with the shipowner as to who is responsible for this matter. Emphasis should be placed by both parties on the split of responsibilities, alignment of pragmatic expectations, agreement on specific instructions to the manager and possible participation in purchasing decisions as well as budgetary requirements.

Apart from the ISM requirements, such an agreement should take into consideration additional applicable legislation such as the EU General Data Protection Regulation (GDPR) or specific cyber regulations in other coastal states. Managers and owners should consider using these guidelines as a base for an open discussion on how best to implement an efficient cyber risk management regime onboard. Any agreements on responsibility for cyber risk management should be formal and in writing.

Companies should also evaluate and cover service providers’ physical security and cyber risk management processes in supplier agreements and contracts. Similarly, coordination of the ship’s port calls is a highly complex task being both global and local in nature. It includes updates from agents, coordinating information with all port vendors, port state control, handling ship and crew requirements, and electronic communication between the ship, port and authorities ashore.

Agents’ quality standards are important because like all other businesses, agents are also targeted by cyber criminals. Cyber enabled crime, such as electronic wire fraud and false ship appointments, and cyber threats such as ransomware and hacking, call for mutual cyber strategies and cyber enhanced relationships between owners and agents to mitigate these risks.

Recommendation No.2: Ensure that system design and configuration are safe and fully understood and followed

The problem with procedures is that good intentions can become paper pushing exercises. It is therefore important to ensure that those performing tasks involving cyber security understand that the purpose of the procedures is to prevent unauthorised access and not simply to satisfy the regulators or their immediate superiors.

Unlike other areas of safety and security, where historic evidence is available, cyber risk management is made more challenging due to the lack of facts about incidents and their impact. Until we have such evidence, the scale and frequency of attacks will continue to be unknown.

Experience from the shipping industry and other business sectors such as financial institutions, public administrations and air transport have shown that successful cyber attacks can result in a significant loss of services.

Modern technologies may add vulnerabilities to ships especially if there are placed on unsecured networks and given free access to the internet onboard. Additionally, shoreside and onboard personnel may be unaware that some equipment manufacturers maintain remote access to shipboard equipment and its network system. Unknown, and uncoordinated remote access to an operating ship should be an important part of the risk assessment.

Gard recommends that companies fully understand the ship’s IT and OT systems and how these systems connect and integrate with the shore side, including public authorities, marine terminals and stevedores. This requires an understanding of all computer-based systems onboard and how safety, operations, and business can be compromised by a cyber incident.

Some IT and OT systems can be accessed remotely and may have a continuous internet connection for remote monitoring, data collection, maintenance, safety and security. These can be “third-party systems”, whereby the contractor monitors and maintains the systems from a remote location and can be both two-way data flow or upload-only.

Systems and workstations with remote control, access or configuration functions could, for example, be:

  • bridge and engine room computers and workstations on the ship’s administrative network,
  • cargo such as containers with reefer temperature control systems or specialised cargo that is tracked remotely,
  • stability decision support systems,
  • hull stress monitoring systems,
  • navigational systems including Electronic Navigation Chart (ENC) Voyage Data Recorder (VDR),
  • dynamic positioning systems (DP),
  • cargo handling and stowage, engine, and cargo management and load planning systems,
  • safety and security networks, such as CCTV (closed circuit television),
  • specialised systems such as drilling operations, blow out preventers, subsea installation systems,
  • Emergency Shut Down (ESD) for gas tankers, submarine cable installation and repair.

Below are some common cyber vulnerabilities, which may be found onboard existing ships, and on some newbuild ships:

  • obsolete and unsupported operating systems,
  • outdated or missing antivirus software and protection from malware,
  • inadequate security configurations and best practices, including ineffective network management and the use of default administrator accounts and passwords,
  • shipboard computer networks lacking boundary protection measures and segmentation of networks,
  • safety critical equipment or systems always connected to the shore side,
  • inadequate access controls for third parties including contractors and service providers.

Recommendation No.3: Provide proper onboard awareness and training

Today, the weakest link when it comes to cyber security is still the human factor. It is therefore important that seafarers are given proper training to help them identify and report cyber incidents.

The latest cyber security surveys show that the industry is more aware of the issue and has increased cyber risk management training, but there is still room for improvement. This has also been confirmed by the 2018 Crew Connectivity Survey by Futurenautics Maritime group with partners, where only 15% of seafarers acknowledge having received cyber security training, and only 33% said the company they last worked for had a policy of regularly changing passwords on board.

When assessing cyber risks, both external and internal cyber threats should be considered. Onboard personnel have a key role in protecting IT and OT systems but can also be careless, for example by using removable media to transfer data between systems without taking precautions against the transfer of malware. Training and awareness should be tailored to the appropriate seniority of onboard personnel including the master, officers and crew.

Gard have previously, together with DNV-GL, published a free to download and share cyber security awareness campaign to build competence towards crew and others – focusing on daily tasks and routines, with the aim to de-mystify the cyber issues for “normal people”. The material is not intended to suggest any industry changes or rule changes, but rather changes in the way people behave and act.

Lastly, we recommend everyone to stay cyber alert and avoid all “COVID-19 phishing” expeditions by:

  • Exercise caution in handling any email with a COVID-19 related subject line, attachment, or hyperlink, and be wary of social media pleas, texts, or calls related to COVID-19.
  • Use trusted sources—such as legitimate, government websites for up-to-date, fact-based information about cyber security and COVID-19.
  • Do not reveal personal or financial information in email, and do not respond to email solicitations for this information.
  • Remember to disconnect or close temporary remote access given to any external party after finishing the job.

Source: gard.no

The Biggest Challenges and Best Practices to Mitigate Risks in Maritime Cybersecurity

August 6, 2020 MARITIME CYBER SECURITY

Ships are increasingly using systems that rely on digitalization, integration, and automation, which call for cyber risk management on board. As technology continues to develop, the convergence of information technology (IT) and operational technology (OT) onboard ships and their connection to the Internet creates an increased attack surface that needs to be addressed.

Challenges in Maritime Cybersecurity

While the IT world includes systems in offices, ports, and oil rigs, OT is used for a multitude of purposes such as controlling engines and associated systems, cargo management, navigational systems, administration, etc. Until recent years, these systems were commonly isolated from each other and from any external shore-based systems. However, the evolution of digital and communications technology has allowed the integration of these two worlds, IT and OT.

The maritime OT world includes systems like:

  • Vessel Integrated Navigation System (VINS)
  • Global Positioning System (GPS)
  • Satellite Communications
  • Automatic Identification System (AIS)
  • Radar systems and electronic charts
Ship Bridge
Ship Bridge. Images courtesy of Isidoros Monogioudis and Hellenic American University

While these technologies and systems provide significant efficiency gains for the maritime industry, they also present risks to critical systems and processes linked to the operation of systems integral to shipping. These risks may result from vulnerabilities arising from inadequate operation, integration, maintenance, and design of cyber-related systems as well as from intentional and unintentional cyberthreats.

When addressing these cyberthreats, it is important to consider the uniqueness of OT systems, as these assets control the physical world. As such, there are certain challenges to consider, such as:

  • OT systems are responsible for real-time performance, and response to any incidents is time-critical to ensure the high reliability and availability of the systems.
  • Access to OT systems should be strictly controlled without disrupting the required human-machine interaction.
  • Safety of these systems is paramount, and fault tolerance is essential. Even the slightest downtime may not be acceptable.
  • OT systems present extended diversity with proprietary protocols and operating systems, often without embedded security capabilities.
  • They have long lifecycles, and any updates or patches to these systems must be carefully designed and implemented (usually by the vendor) to avoid disrupting reliability and availability.
  • The OT systems are designed to support the intended operational process and may not have enough memory and computing resources to support the addition of security capabilities.

Disruption of the operation of OT systems may impose significant risk to the safety of onboard personnel and cargo, cause damage to the marine environment, and impede the ship’s operation.

In addition to the ongoing integration of IT and OT, the future will bring MAS – Maritime Autonomous Systems. Based on artificial intelligence and Internet of Ships and Sea Services, the new generation of ships will be remotely controlled from the shore. MAS has a “disruptive” potential with implications in terms of technical, economic, environmental, legislative and social impacts in the years to come. This development may also provide opportunities and new concepts which could improve logistics and, therefore, also improve the overall environmental impact of transport.

Maritime Cyber Threat Landscape

Completely digitalized shipping means greater reliance on digital, interconnected control and communication systems, says Isidoros Monogioudis, Adjunct Professor at the Hellenic American University.

Maritime digitalization is planned to increase performance, efficacy, and better collaboration within the industry. However, at the same time it means a significant increase of the digital/cyber “attack” surface. Maritime industry, especially through vessels digitalization and with the numerous different Operational Technology devices deployed, creates a digital landscape previously unknown to a big extent due to the specific hardware and software being used. New security risks will be evolved with the impact being very significant mainly due to the direct connection with the physical world and the consequent operational damage.

In fact, it was only last July that the U.S. Coast Guard issued a safety alert warning all shipping companies of maritime cyber-attacks. The incident that led to this warning happened in February 2019 when a large ship on an international voyage bound for the Port of New York and New Jersey reported “a significant cyber incident impacting their shipboard network.”

The Coast Guard led an incident-response team to investigate the issue and found that “although the malware significantly degraded the functionality of the onboard computer system, essential vessel control systems had not been impacted.”

This was not the first time the U.S. Coast Guard had released a cyber safety warning. In May 2019, they published a bulletin to raise the awareness of maritime stakeholders of “email phishing and malware intrusion attempts that targeted commercial vessels.”

A cyber incident in ships might have severe consequences for the crew, the passengers, and the cargo on board. Considering that many ships carry harmful substances, a cyber incident might have severe environmental consequences or might lead to hijacking the ship to steal the cargo.

The Baltic and International Maritime Council (BIMCO) has defined a cyber safety incident any incident that leads to “the loss of availability or integrity of safety critical data and OT.”

Cyber safety incidents can be the result of:

  • a cyber security incident, which affects the availability and integrity of OT (for example, corruption of chart data held in an Electronic Chart Display and Information System (ECDIS))
  • a failure occurring during software maintenance and patching
  • loss or manipulation of external sensor data that’s critical to the operation of a ship including but  not limited to Global Navigation Satellite Systems (GNSS)

With more than 90% of the world’s trade being carried by shipping, according to the United Nations’ International Maritime Organization, the maritime industry is an attractive target for cyber attackers. The European Union has recognized the importance of the maritime sector to the European and global economy and has included shipping in the Network and Information Systems (NIS) Directive, which deals with the protection from cyber threats of national critical infrastructure.

Best Practices for Mitigating Maritime Cyber Threats

In 2017, the International Maritime Organization (IMO) adopted resolution MSC.428(98) on Maritime Cyber Risk Management in Safety Management System (SMS). The Resolution stated that an approved SMS should consider cyber risk management and encourages administrations to ensure that cyber risks are appropriately addressed in safety management systems.

The same year, IMO developed guidelines that provide high-level recommendations on maritime cyber risk management to safeguard shipping from current and emerging cyber threats and vulnerabilities. As also highlighted in the IMO guidelines, effective cyber risk management should start at the senior management level. Senior management should embed a culture of cyber risk awareness into all levels and departments of an organization and ensure a holistic and flexible cyber risk management regime that is in continuous operation and constantly evaluated through effective feedback mechanisms.

In addition, BIMCO has developed the Guidelines on Cyber Security Onboard Ships, which are aligned with the NIST Cybersecurity Framework. The overall goal of these guidelines is the building of a strong operational resilience to cyber-attacks. To achieve this goal, maritime companies should follow these best practices:

  • Identify the threat environment to understand external and internal cyber threats to the ship
  • Identify vulnerabilities by developing complete and full inventories of onboard systems and understanding the consequences of cyber threats to these systems
  • Assess risk exposure by determining the likelihood and impact of a vulnerability exploitation by any external or internal actor
  • Develop protection and detection measures to reduce the likelihood and the impact of a potential exploitation of a vulnerability
  • Establish prioritized contingency plans to mitigate any potential identified cyber risk
  • Respond and recover from cyber incidents using the contingency plan to ensure operational continuity

“Maritime industry and its digital exposure have many similarities with industrial systems and the broader OT,” says Isidoros Monogioudis. “In this context, these companies must move very fast to the direction of protecting their systems, providing a reliable operating environment not only from performance perspective but also from security perspective. Both proactive and reactive measures must be developed and applied with the real-time security awareness and visibility being possibly the most critical solution, since OT environment remains extremely sensitive in providing timely and accurate services.”

“Maintaining effective cybersecurity is not just an IT issue but is rather a fundamental operational imperative in the 21st century maritime environment,” said the U.S. Coast Guard in their July 2019 security warning.

Source: tripwire

Bakker Sliedrecht services ships Anthony Veder remotely via AR-glasses

August 4, 2020 MARITIME CYBER SECURITY

After a successful pilot, system integrator Bakker Sliedrecht and gas shipping company Anthony Veder intend to enter a partnership to provide ships with remote service through augmented reality glasses (AR-glasses). 

The companies have run a successful pilot on gas tanker Coral Favia. During the pilot, functionalities were tested via a dial-up connection and common failures were simulated. On board, an officer wore the AR glasses, guiding Bakker Sliedrecht experts virtually through the ship.

Thijs van Hal, Head of Main Contracting at Bakker Sliedrecht, says:

“Normally, emails and construction plans are sent back and forth first and phone calls are made to get to the core problem. Now we can watch live. We can solve the problem immediately, or we know what’s going on and we can make a better planning and bring the right parts directly with us.”

Thijs. Anthony Veder has a fleet of over thirty vessels transporting liquified gas on a worldwide scale, says:

“Now it can happen that a colleague is travelling for several days, while afterwards it turned out that the solution for the malfunction was relatively easy. As downtime for ships is very expensive, quick service is important. If you can offer them remote assistance through AR glasses, you can be ready in two hours instead of two days.”

All kinds of digital information can be projected or added to the screen on the glasses. This varies from construction plans, virtual arrows to a 3D impression of the engine room or the switch box. Computer screens on the glasses can also be shared. It is a kind of webcam on site, where you both see the same thing and where you have multiple additional tools to make an accurate assessment of the situation.

Wouter Boogaart, Digital Development Manager at Anthony Veder, says:

“It is a very useful tool when there are problems on a ship far away. You can see together what is the problem and how you can solve it.”

The AR glasses can also be used for tests and remote inspections.

According to Van Hal, this type of remote assistance technology will become more important as ships are becoming more and more complex:

“We will do more things remotely. Then it is important that we are already successful with this.”

Anthony Veder wants to expand the deployment of the AR glass in phases over a part of the fleet. In addition to purchasing AR glasses, staff will be trained and the IT infrastructure will be upgraded.

Boogaart says:

“We believe that these kinds of developments are the future. Ships are becoming increasingly complex. As a result, much more expertise and specialism is needed to see what is going on. Something that is often not present on board. The glasses can save a lot of time, travel time and money, which is why the investment is worth it. Especially during Corona times, the glasses are a useful tool because borders are closed and planes stay on the ground. Then these kinds of innovations have proven to be necessary.”

Source: seawanderer

Elbit Tested Shipborne Tactical UAS

August 4, 2020 MARITIME CYBER SECURITY

Elbit Systems tested the combination of a mini-unmanned aerial system with its Seagull Unmanned Surface Vessel (USV) to further enhance the vessel’s intelligence capabilities beyond Anti-Submarine Warfare (ASW) and Mines Countermeasure (MCM). The addition of a UAS extends the Seagull operator’s line of sight. Trials were conducted in recent weeks.

The shipborne mini-UAS is capable of point water recovery and a takeoff weight of up to 15kg. The visual feed generated by the mini-UAS can be transmitted to the land based control unit of the Seagull USV and to the Combat Management System (CMS) of additional vessels, according to the company announcement.

While the Seagull USV is a specially designed multi-role vessel for underwater warfare, the USV’s switchable payload suite includes Electronic Warfare and Electro-Optic/Infra-Red payloads to provide situational awareness and facilitate intelligence gathering.

The integration of a tactical UAS onboard the USV further expands its capacity to generate intelligence enabling to utilize the USV for enhancing the situational awareness of any maritime force and for shore exploration.

The Seagull USV enables naval forces to enhance performance while reducing risk to human life and dramatically cutting procurement and operating costs. Additional sonar systems were added onboard the Seagull USV during the last year, integrating a HELRAS sonar in-cooperation with the Israeli Navy and concluding a series of trials for the TRAPS-USV towed sonar, significantly enhancing its ASW capabilities.

The Seagull USV was deployed by in several exercises that were conducted with NATO maritime forces in the last few years, including in an MCM exercise alongside the HMS Ocean of the UK Royal Navy, and an ASW exercise and more.

Source: i-hls

Port Canaveral wins $908,015 federal grant to upgrade security measures

August 4, 2020 MARITIME CYBER SECURITY

The U.S. Department of Homeland Security has awarded Port Canaveral a $908,015 grant to help the port beef up its security.

The port said the grant will help pay for a $1.2 million project to improve Port Canaveral’s risk prevention, threat mitigation and security response service capabilities.

The grant award comes at a time when threats against seaports are evolving and becoming more sophisticated.

Cary Davis, government relations director and general counsel for the American Association of Port Authorities, said that, “whether it’s attempted supply-chain disruption, sophisticated and coordinated cross-border attacks, or novel cyber-threats that transcend national borders, ports have security challenges like never before.”

Port Canaveral Chief Executive Officer John Murray said the grant Brevard County’s seaport is receiving “will help us invest in some new technologies to broaden our capabilities to protect our people and assets with an enhanced ability to detect and respond to threats.”

Port Canaveral has been the world’s second-busiest cruise port, behind PortMiami, in terms of passenger volume, although the coronavirus pandemic has halted multiday cruises since mid-March. Port Canaveral also has a multifaceted cargo sector, with an increasing business involving space-related components, including SpaceX rocket boosters.

The grant Port Canaveral received is part of Department of Homeland Security’s Federal Emergency Management Agency Port Security Grant Program.

Port Canaveral was one of more than 30 U.S. ports awarded fiscal year 2020 federal funding from FEMA’s $100 million Port Security Grant Program, which provides grants to ports on a competitive basis. Some of that money also goes to terminal operators, municipalities and policing entities throughout the country.

Davis said these grants are crucial to the nation’s seaports.

“The Port Security Grant Program protects our country, our workers and our supply chains,” Davis said. “Ports large and small use these grants to stay vigilant; to ‘harden’ their facilities and networks; and to prepare for attacks. Even though it’s grotesque and difficult, critical infrastructure ports are targeted daily by terrorists around the world.”

The program’s priority is to protect critical port infrastructure, enhance maritime domain awareness, improve portwide maritime security risk management, and maintain or re-establish maritime security mitigation protocols that support port recovery and resiliency capabilities.

This is the second major grant Port Canaveral has received for security projects in the last two years. In September 2018, Port Canaveral was awarded $1.15 million in federal and state grants for upgrades to its port security operations and cybersecurity detection and prevention systems.

Murray said ensuring the safety and securing of the port and surrounding community is a top priority.

Source: floridatoday

Newer Posts

Older Posts

News

Quick Menu

Company DETAILS

SHIP IP LTD
VAT:BG 202572176
Rakovski STR.145
Sofia,
Bulgaria
Phone ( +359) 24929284
E-mail: sales(at)shipip.com

ISO 9001:2015 CERTIFIED