MARITIME CYBER SECURITY Archives - Page 33 of 40 - SHIP IP LTD

The Marine Corps Systems Command has announced that service is updating its tactical satellite system that provides increased communication on the battlefield.

Based on field user evaluations, the upgraded technology is performing beyond expectations.

The Mobile User Objective System is a next-generation, narrowband satellite communication capability that enables Marines to connect to SATCOM networks. It encompasses updated firmware to the AN/PRC-117G radio system and one of three antenna kits that help users simultaneously access these networks.

Initially fielded in March 2019, the system enables mobile or stationary Marines to leverage cellular technology to increase access to voice and data communication. It also improves overall reliability in urban environments.

“MUOS gives us a 3G capability using satellite constellations,” said Lt. Col. Jeff Decker, MCSC’s Ground Radios product manager. “It is similar to a cell phone capability in the sky that covers the entire globe.”

“We try to figure out anything that could be a possible issue for the warfighter. This helps to validate the concept of operations, and it allows us to provide lessons learned to other MEFs,” Lt. Col. Jeff Decker, MCSC’s Ground Radios product manager said.

The 3G networks used with MUOS remain far superior to the Marine Corps’ legacy SATCOM channels, said Decker. He noted that the Ground Radios program office continues to monitor the latest technologies and looks toward working with other services for future incremental improvements to the capability.

“We’re looking to support the warfighter with a lethal and sustainable capability, which is the command’s focus,” said Decker. “The more robust and resilient the capability, the more we can start adding on back-end systems to help Marines. MUOS is changing the way we look at a tactical satellite architecture.”

The importance of evaluations

From March to May 2020, MCSC conducted various field user evaluations with I Marine Expeditionary Force at Twentynine Palms, California, to assess an updated version of MUOS that increases network stability while executing missions.

During the testing, Marines participated in fire support simulation exercises where they employed MUOS for coordinated air strikes and mortar support. They also used the technology during scenario-based exercises that involved rehearsing command and control operations.

“We tested the system through user evaluation exercises to understand not only what the capability can do on paper, but how we can use it to increase lethality and provide redundancy across the [Fleet Marine Forces],” said Decker.

The testing enabled users to grow familiar with the system, ask questions and provide feedback. It allowed MCSC to learn more about MUOS, including the system’s strengths and limitations. Leveraging Marine feedback, the program office can make additional updates to MUOS as needed.

“We try to figure out anything that could be a possible issue for the warfighter,” said Decker. “This helps to validate the concept of operations, and it allows us to provide lessons learned to other MEFs.”

Eddie Young, project officer of Multiband Radio II Family of Systems at MCSC, said the testing helped the Ground Radios Team assess MUOS in combat-operational environments, which will better prepare them to employ the system during real missions.

“We wanted to bring in these units and make sure the system is working as it should,” said Young. “We want to ensure the warfighter’s needs are met.”

‘Exciting’ assessment results

Both Decker and Young said the feedback on the updated MUOS from Marines has been overwhelmingly positive, and that the system has exceeded performance expectations. Decker noted how Marines commended the new waveform for its lack of performance gaps, its adaptability and the absence of any technical difficulties while testing.

“Marines showed no frustration while trying to execute point-to-point calls while employing MUOS in an operational environment,” said Decker. “The system is doing what we expect it to do, and that is exciting.”

Sgt. Mason J. Roy, video chief for Communication Strategy and Operations at I MEF, participated in the communication exercises. He raved about the benefits of the exercises in training Marines for future missions that involve MUOS employment.

“I believe the exercises went really well,” said Roy. “The idea that we can send a video or photo from the field to a command post [using MUOS] shows we can rapidly inform commanders with visual information so that commands could potentially adjust battlespaces to promote mission accomplishment and protect our troops.”

The program office will begin fielding the updated version of MUOS this summer.

Source: defence-blog

Latent cyber risk. That’s what we in the cyber business call a cyber threat that is undetected, unplanned and unanticipated. These are the cyber risks that lurk in the dark places of your networks and the exposures that you didn’t think about that come out when you least expect.

Maritime has a lot of examples of these, such as when companies start connecting systems, devices and networks that were never designed to be connected. As fleets become more automated and digitized, we are connecting all sorts of systems—ones where cyber security was never even a consideration. The legacy networks don’t have the protection, updates or design to make them cyber resilient, because no one thought they would be connected when they were built. Hook up an old system to the internet, and you run the risk of unintentionally exposing it to a whole host of new cyber risks that you never considered.

Snap-back cyber risk

COVID-19 has its own latent cyber risk. With the sudden and unexpected onslaught of the COVID-19 pandemic, companies had precious little time to convert to an almost fully remote working environment. They scramble to adapt expanded and stretched networks way beyond their normal limits. As entire workforces switched to working from home, work networks mingled with home networks, people emailed documents to personal accounts and USB drives were used to help move and share files like never before.

Most IT departments have done a great job reworking their systems and networks to accommodate an immediate and severe shift in how they operate. However, they exchanged a lot of control for operational flexibility. Work offices became home offices, that also became home schools, entertainment centers, online shopping and part of family daily life. For months, work computers have been sitting on home networks and are used to help people cope with the realities of safer-at-home restrictions.
As a result, the attack surface – the exposure points that attackers can exploit – exploded. Add to that the COVID-19 related cyber scams that have employees unintentionally clicking on bad links, and you have a perfect environment for cyber malware and other exploitation to grow.

Now, many organizations are bringing everyone back to the workplace. Most are thoughtfully planning how to bring people back together. Temperatures will be taken, masks will be worn and social distances will be respected. However, few are considering how to reintegrate computers, devices and systems.

As networks snap back from their over-extension, they will bring back the cyber malware and exploits that could be infiltrating their over-extended networks. This is the latent cyber risk of COVID-19 and needs to be addressed.

It’s about safety

The snap-back risk of COVID-19 can have real-world consequences. Attackers are no longer only just interested in stealing data from corporate IT systems. They now are actively trying to understand how to take control of operational networks on-board vessels. This means they now want to take control of navigation systems, engines, valves, and anything else they can get their hands on. The operational networks that control these systems, called operational technology (OT), are uniquely exposed to these kinds of attacks. This is because, as you might guess, they were never designed to have the kind of connectivity we now have.

As attackers target OT systems, cyber security becomes a real-world cyber safety concern. Cyber risk impacts vessel, public, and environmental safety.
You cannot socially distance a network

Once your systems and networks are interconnected, and connected to the Internet, malware and intruders can spread almost instantaneously. The most you can do is segment, protect and monitor those networks. Unfortunately, too many OT networks do none of these.

Contact tracing a cyber attack is very difficult. Once in, it can be extremely hard to see where malware or an attacker has spread. It can spread in nanoseconds and attackers can be very skilled at covering their tracks. This is much harder in the OT environment, where it takes very specialized expertise to even understand how attack could spread.

No system is stand-alone. There is a perception that some systems are not connected to anything, thus they have an “air gap” and are not vulnerable. That is incorrect. From updates to operations, systems will have some form of connectivity, even if it is someone running an update from a disk. The general rule in cyber is, if someone can get to it, they will.

Cyber hyper-mutates

We are hoping the COVID-19 does not significantly mutate. Unfortunately, the nature of cyber is to hyper mutate. Every malware, every attack type and every mutation is being continuously adapted. Attackers are relentless at refining their attacks. Malware strains last months, weeks or days before new iterations come out. As we become more digital, we reshape the environment for cyber attacks. They respond by being in a constant state of change. You can’t only consider the last attack, you need to anticipate the next one.
We change. They change. We change. Constant vigilance, flexibility and adaptation is the nature of cyber.

You need good cyber hygiene

What can you do? First, you need to account and plan for cyber security. It is now a business imperative. It needs to be a daily part of operational and safety risk management. You then need to proactively manage it. This means that you need to create a cyber program that accounts for the assessment, planning, protection, defense, detection and response needed to minimize your cyber risks.

There are a number of cyber technologies, services and solutions that can help you protect your networks. Find the right partners who have the deep expertise in IT and OT environments, and work with them to build the program that fits your specific situation. Strong cyber hygiene can prevent most cyber infections. It can also help you handle a critical exploitation, if you are unfortunate enough to have to face one.

As for the COVID-19 snap back. You need to make it an integral part of your restart program. This could mean everything from new policies and education, to enhanced scanning, monitoring and management of IT and OT networks.

Remember that COVID-19 is not the only virus that your employees can bring back into your work place.
Source: ABS Group

The Coronavirus pandemic is leaving the maritime and offshore energy sectors vulnerable to cyber-attack, with the maritime security firm Naval Dome citing a massive 400% increase in attempted hacks since February 2020. 

An increase in malware, ransomware and phishing emails exploiting the Covid19 crisis is the primary reason behind the spike. Naval Dome says that travel restrictions, social distancing measures and economic recession are beginning to bite into a company’s ability to sufficiently protect itself.

The global crisis and social distancing measures are preventing specialist maritime technicians flying out to ships and oil rigs to upgrade and service critical systems, resulting in operators circumventing established security protocols, leaving them open to attack.

IT and other maritime Operating systems (OT) are no longer segregated and individual endpoints, critical systems and components may become vulnerable. Some of these are legacy systems which have no security update patches and are even more vulnerable.

The increase in specialist maritime security personnel working remotely on home networks and personal computers and WiFi routers just makes the problem worse.

The economic downturn and the drop in the price of crude oil is also having an effect, with oil companies and contractors being faced with limited budgets available to implement effective cyber security measures. The Mission to Seafarers has published a COVID-19 special issue of its Seafarer Happiness Index report, which shows a growing feeling of confusion from crew changing as the landscape shifts around them. According to the report, shore leave, which is already a problematic issue, has become even more difficult for seafarers as ports are locked down and there are fears of contracting the virus.

Seafarers also reported feeling that not enough is being done to ensure the safety of those onboard and a feeling of loneliness, physical and mental exhaustion, and homesickness.

Shen Attacks
A report, written by the University of Cambridge Centre for Risk Studies last year, called the Shen Attack: Cyber risk in Asia Pacific Ports, says that a cyber attack on ports could cause substantial economic damage to a wide range of business sectors globally due to the inter-connectivity of the maritime supply chain.

The combination of ageing shipping infrastructure and complex supply chains makes the shipping industry vulnerable to attack and consequentially huge losses. 

While the Shen attack is not a definitive forecast, it does highlight the need for vigilance in an industry that could be brought to its knees by a cyber event originating in Asia and spreading to Europe, America and the rest of the world.

The report is the second publication from the Cyber Risk Management project, the Singapore-based public-private initiative that assesses cyber risks, of which Lloyd’s is one of the founding members. Shen Attack estimates that losses of up to $110 billion would occur in an extreme scenario in which a computer virus infects 15 ports. Transportation, aviation and aerospace sectors would be the most affected ($28.2 billion total economic losses), followed by manufacturing ($23.6 billion) and retail ($18.5 billion).

Source: https://www.cybersecurityintelligence.com/

Further to the recent news posting ‘Composing a Picture from the Puzzle Pieces’, this is the first of seven pieces that describe in more detail the make up of the puzzle and covers the maritime transport demonstrator. The goal of each demonstrator is to ‘put the correct pieces together’ which are firstly described through concrete use cases.

The Use Cases

Although the security requirements of maritime transport are vast and cover multiple areas of cyber security controls, based on the requirements’ analysis and the maritime transport research and development roadmap developed in earlier stages of the project, we have identified four concrete security services (use cases) that will be integrated and later demonstrated.

1.Threat modelling and risk analysis for maritime transport services

We identified targeted threats and risks for maritime transport that include various other use cases, which describe all the distinctive phases, such as:

• critical maritime assets & services identification;
• vulnerability management;
• threat modelling & scenarios specification;
• maritime transport risk analysis;
• attack paths representation; and
• maritime transport risk management.

2. Maritime system software hardening

Applications used in the maritime domain, such as software running on a moving vessel, usually utilize legacy code which is hard to update and sometimes even harder to replace. An attractive option is software hardening, whereby a program is re-written in order to avoid memory-related vulnerabilities. Re-writing the code can be done either by re-compiling the source (where possible) or by reconstructing the binary. Note that this re-writing is focused on the security properties of software and not on its base functionality. Hardening can be applied much more easily than a total replacement of the code.

3. Secure maritime communications

We examined the secure exchange of various types of information, including maritime-specific systems such as:

• VHF data exchange system (VDES) frequencies;
• automatic identification system (AIS) information;
• maritime mobile service identity (MMSI), time, ship position, speed, course etc.;
• vessel voyage information (such as route plans and mandatory ship reports);
• maritime single window reporting information (e.g. ship certificates, log books, passengers’ lists and crew lists); and
• port to vessel information, such as weather reports, passenger or cargo manifestos.

4. Trust infrastructure for secure maritime communication

As various types of information are exchanged/transmitted between different maritime stakeholders and actors at sea and on shore, designing a specially crafted trust infrastructure is vital. However, it is not straightforward to set up and operate a typical public key infrastructure (PKI) solution, since there are constraints associated with the maritime transport domain. The communication bandwidth of ship networks have to be taken into account. For example, the SATCOM component of VDES is expected to become a bottleneck in ship communication, due to its low capacity. In addition, it is not rare for ships to sail for long periods of time without any Internet connectivity at all; and, as shipping is a low cost business, this imposes strict limitations on what solutions will be acceptable to the industry. Here we will research those constraints and design and demonstrate a PKI service specifically adapted to fit the needs of the maritime domain.

The Demonstrator Set-up

Here is what the three demonstrators will illustrate:

(A) Threat modelling and risk analysis for maritime transport services using a web application utilising multiple modules to give a complete risk assessment process. The sequence of information insertion will ultimately lead to a complete asset map and multiple informative risk assessment result output forms.

(B) Maritime system software hardening firstly by enhancing the risk analysis framework realised in (A), and then hardening unsafe components used in (C).

(C) Secure maritime communications and trust infrastructure for secure maritime communication initially implementing the PKI service described in (4) and in the next phase will be extended to demonstrate the secure maritime communications, described in (3).

For more information on this phase of all the demonstrators, detailed descriptions can be found here.

Panayiotis Kotzanikolaou, University of Piraeus

Source: https://cybersec4europe.eu/