MARITIME CYBER SECURITY Archives - Page 36 of 40

Iran Press/ Iran News: An official at Shahi Rejaei port said due to the vigilance and readiness of defensive Sybercecurity units at the port, attacks neutralized.

The source confirmed the cyber attacks from the zionist Regimes in past weeks and said that no interruption caused by the attacks.

Also, Mohammad Rastad, managing director of the Ports and Maritime Organization of Iran, said the terrorist attack “failed to penetrate the PMO’s systems and was only able to infiltrate and damage a number of private operating systems at the ports”.

The Shahid Rajaee port facility is the newest of two major shipping terminals in the Iranian coastal city of Bandar Abbas, on the Strait of Hormuz.

According to intelligence and cybersecurity officials, cited by the Washington Post, the attack was carried out by Israeli operatives. It came after the occupying regime claim that it had been the target of an attempt to penetrate the computers that operate water distribution systems in Israel.

Iran has been the target of US and Israeli cyber terrorism for a decade, including attempts to remotely sabotage the Islamic Republic’s nuclear program.

On December 15, Iran’s Minister of Communications and Information Technology Mohammad Javad Azari-Jahromi said that Iran detected foreign spying malware on the Government servers and the related suspects are under investigation.

The systematic cyber-attack on Iranian electronic government systems was discovered and foiled by Dejfa fortress at the time.

Source: https://iranpress.com/en/iran-i147423-zionist_regime_failed_cyber_attack_at_shahid_rajaee_port

IACS is pleased to announce the publication of its Recommendation on Cyber Resilience (No. 166). This single, standalone Recommendation consolidates IACS’ previous 12 Recommendations related to cyber resilience (Nos. 153 to 164) and applies to the use of computer-based systems which provide control, alarm, monitoring, safety or internal communication functions which are subject to the requirements of a Classification society. Part of the objective in consolidating the 12 Recommendations was to define responsibilities and harmonise and simplify the language used therein. This Recommendation has benefited from the valuable input of a wide range of industry partners contributing via the Joint Industry Working Group on Cyber Systems and covers the constructional aspects of the 12 previously published Recommendations. It provides information on matters such as reference guidelines and standards, terms and definitions, goals for design and construction, functional requirements, technical requirements and verification testing.

IACS Chairman, Arun Sharma, said ‘The publication of this important Recommendation marks a significant milestone in IACS’ work to support the maritime industry in the delivery of cyber resilient ships. I am pleased to note the significant cross-industry cooperation that led to its development and we look forward to maintaining that dialogue as we assess its practical implementation and effectiveness’.

This new recommendation is applicable to a vessel’s network systems using digital communication to interconnect systems within the ship and ship systems which can be accessed by equipment or networks off the ship. Robert Ashdown, IACS Secretary General, added ‘The network design forms the basis for a reliable and robust network. Issues such as compatibility of various devices, communication between devices, communication from various systems and sub systems, need due consideration during design phase. This Recommendation is an important step in addressing cyber resilience from the earliest stages of a vessel’s life.’

Operational aspects that were included in the superseded 12 Recommendations have been identified and grouped under a separate annexure. Following the publication of this consolidated Recommendation the earlier 12 Recommendations have been officially deleted by IACS.

IACS will continue to work with its industry partners and look for their feedback regarding its practical implementation and effectiveness. Based on the experience gained from the practical implementation of this Recommendation IACS will assess the suitability of using it as the basis for a Unified Requirement on Cyber Resilience.

Link for downloading Rec 166 (New Apr 2020): Recommendation on Cyber Resilience

Source: http://www.iacs.org.uk/news/iacs-launches-single-standalone-recommendation-on-cyber-resilience/

The COVID-19 crisis has been testing the foundations of our lives, societies and economies posing huge challenges for the future. Organisations across industries are rightly focusing on their employees’ well-being, whilst making sure that their operations continue undisrupted and at the same time, adapting to the new ways of operating. Inevitably, secondary aspects of day-to-day operations such as cyber security may fall by the wayside, potentially increasing the risk of cyber security attacks. Cyber criminals are cognisant of the change in priorities, making the pandemic an attractive opportunity for them to make their way into corporate networks to steal data, money or cause disruption.

How has this affected the shipping industry?

The shipping industry has already suffered from cyber attacks and some recent examples that have been made public include:

E-mail scams attempting to deliver malware or phishing links to compromise vessels and/or companies. Some of them impersonate the World Health Organisation whilst others use real vessel names and/or COVID-19 to impersonate actual ships and warn of infected crew and vessels through attachments infected with malware.
Mediterranean Shipping Company (MSC) reportedly experiencing a network outage due to a malware attack affecting their primary website and customer portal, which in turn affected online bookings for a number of days (agencies were still functional). Although the incident was not explicitly attributed to an opportunistic attack due to the pandemic, it happened at a time when several other incidents were affecting the industry.
The Danish pump maker DESMI being hit by ransomware with the organisation deciding against paying any ransom to make the compromised data available again. To respond to the attack, the organisation shut down some of their systems including e-mail, affecting their operations for a number of days.

So, what should the shipping sector do to maintain the security of their data and infrastructure?

The pandemic came at a time when shipping organisations have been investing to implement IMO’s “Guidelines on maritime cyber risk management”, in order to be better prepared against cyber security threats both on- and off-shore before 2021. Priorities have had to change in response to the COVID-19 outbreak, but the new reality with its extensive use of technology can still be seen as an opportunity for making sure that parts of the guidelines are implemented in an accelerated manner. Three key actions should be prioritised for shipping organisations to mitigate emerging risks due to the pandemic:

Secure newly implemented remote working practices

Shipping organisations had previously invested in remote working solutions primarily for IT professionals supporting vessels. Therefore, many shipping companies have had to rapidly introduce new remote working tools (e.g. video conferencing, laptops, etc.) that may lack certain security controls or policies resulting either in security gaps or inconsistent application of security protocols. Such solutions will likely be relied upon to a much greater extent as organisations return to business as usual, thus making them more susceptible to cyber attacks due to unpatched or insecurely configured new systems that could affect data confidentiality and integrity. Operations may also be disrupted if these solutions are not resilient to a potential Distributed Denial of Service (DDoS) attack.

Organisations should consider:

Risk assessing existing and new remote access systems to ensure critical security patches have been applied, secure configurations have been used and the solutions are resilient. Particular attention should be paid to systems used for remotely administering and monitoring IT and OT vessel systems. Where possible, these systems should be segregated from the network used by the crew;
Configuring remote access solutions, e-mail and identity management systems to log all authentication events especially those on vessels that were typically not logged in the past. Preserve logs and analyse for anomalous activity;
Reviewing any systems deployed to allow employees to work remotely, and ensure that key security controls are applied (e.g. web filtering, encryption, antimalware protection, data loss prevention, backup solutions and detection and response tooling).

Ensure the continuity of critical security functions

With the majority of employees having to work remotely, including employees responsible for the security functions, productivity is, to some extent, hindered. This is especially true for the monitoring functions that most shipping organisations have outsourced to a third party. Prior to the pandemic, multiple dashboards were used for continuously monitoring on- and off-shore activities, presented on large screens located in dedicated rooms, allowing close collaboration and escalation. Now, employees are limited to small screens for home-use and collaboration is less immediate.

Considerations in this respect include:

(Where outsourced) Ensuring that the third party has enabled their business continuity plan and has sufficient capacity and capability to achieve the agreed SLA;
(Where in-house) Ensuring that monitoring teams have the people, processes and technology necessary to monitor and respond to alerts affecting on-shore and vessel systems. Consider augmenting the teams with additional third-party resources;
Performing continuous vulnerability scanning to confirm patching processes are functioning and all critical vulnerabilities have been patched or mitigated. Make sure this is consistent for on-shore and vessel infrastructure;
Updating incident response plans and continuity playbooks to ensure they function during periods when relevant employees are primarily working remotely. Ensure they are not overly dependent on key members of staff.

Counter opportunistic threats that may be looking to take advantage of the situation

In light of the previously mentioned examples of cyber attacks affecting the shipping industry, organisations should:

Provide specific guidance to vessel crews to be extra vigilant when it comes to email communications relating to COVID-19 infections on specific vessels;
Provide specific guidance to finance teams to ensure they do not respond to email solicitations for personal or financial information, or requests to transfer funds, highlighting increased risks of business email compromise attacks;
Target additional awareness campaigns to both on-shore employees and vessel crews, leveraging phishing campaigns using COVID-19 lures or attempts to exploit different or new ways of working;
Where not already implemented, consider procuring web filtering technology that allows enforcement of web filtering rules on remote infrastructure including on vessels and laptops at home.

It is evident that the pandemic has brought new challenges for shipping organisations. Uncertainty, unprecedented situations, and rapid IT and organisational changes have shifted the nature of cyber threats, making the need for consistency in both on- and off-shore implemented protective and detective measures a ‘must’. We are yet to see how the industry will adapt to the “next day of normality”, but one thing is certain – the cyber security risk landscape has changed and the industry needs to remain vigilant and respond to the situation accordingly and with speed.

See also PwC’s article “Keeping the lights on with a response strategy plan” on what organisations in the shipping sector should do to ensure their continuity of operations.

Source: https://www.hellenicshippingnews.com/cyber-security-in-shipping-during-covid-19-pandemic/

A group of American seaports and maritime stakeholders have decided to address cybersecurity threats by launching a new non-profit, the Maritime Transportation System Information Sharing and Analysis Center (MTS-ISAC).

The new organization’s objective is to promote cybersecurity information sharing throughout the maritime community. A group of leaders from seaports, shipowners and terminal operators recognized the need to improve their own cybersecurity resiliency, and since resources are limited, they realized the best approach was to work with their peers to identify, protect against, and detect cyber threats. Information sharing and analysis efforts will focus on threats to both information technology (IT) and operational technology (OT) systems, which stakeholders can use to prevent or minimize potential cyber incidents.

The MTS-ISAC’s services assist infrastructure stakeholders with compliance requirements, including the 2021 IMO cyber risk management guidelines and the recently-released US Coast Guard Navigation and Vessel Inspection Circular (NVIC) 01-20 This NVIC states that in the Coast Guard’s view, the Maritime Transportation Security Act (MTSA) obligates regulated facilities to “identify, assess, and address the vulnerabilities of their computer systems and networks” when preparing the facility security plan.

The initial board members for the ISAC include the Alabama State Port Authority, Greater Lafourche Port Commission (Port Fourchon), Jacksonville Port Authority (JAXPORT), Port of New Orleans, Port of San Diego, Port Vancouver USA, and six other maritime critical infrastructure stakeholders.

“As the maritime sector continues to rapidly increase its reliance upon and integration of new technologies into operational capabilities, we’re seeing the need for stakeholders to pool limited cybersecurity resources to understand and manage the associated risks in effective ways,” said Scott Dickerson, the MTS-ISAC’s Executive Director. “We’re actively seeing an increase in cyber threat activity, and effective information sharing between our stakeholders has been a force multiplier for their risk management efforts. While IMO 2021 and the USCG NVIC [01-20] help provide guidance to industry, we believe effective maritime public-private partnerships will be a cornerstone for successful maritime cyber risk management efforts moving forward.”

Source: https://maritime-executive.com/article/u-s-maritime-stakeholders-launch-cyber-threat-clearinghouse

The TalTech Center for Digital Forensics and Cyber Security and the Estonian Maritime Academy have received approximately 2.5 million euros from the European Union for the establishment of a center for maritime cybersecurity, informs LETA/BNS.

The objective of the five-year project is to develop the domain of cybersecurity in the maritime field and enhance the competence of TalTech through the involvement of top scientists from all over the world.

Dan Heering, one of the champions of the project at the Estonian Maritime Academy, said that maritime business has not taken cybersecurity seriously for a long time and much remains to be done in said field.

“Since there is little in terms of public information related to ‘successful’ cyberattacks and incidents related to ships, shipping companies are not taking the threat seriously too,” Heering said.

Heering said that when exploring the topic for his master’s thesis, he was surprised at most businesses’ indifference towards the problem. He attributed this to shortcomings in legislation, which does not direct shipowners to protecting themselves against cyber risks and providing training to ship crews.

From January of next year the requirement starts to apply to shipping companies that management of cyber risks must be made part of the company’s system of organization of safety at sea, the project manager said.

Lukewarm interest on the part of shippers to date may be also a result of their ignorance of the attacks committed and the damage caused by them. Also, businesses at present see reducing cyber risks rather as an expense, not an investment.

According to Heering, several incidents related to cyber attacks against ships have become public over the past decade. In 2019, a freight ship headed for New York contacted the US Coast Guard after the ship’s computer systems had suffered damage as a result of getting infected with malware and the vessel’s maneuvrability had deteriorated significantly.

Campbell Murray, expert on cyber crime, demonstrated at a conference on superyachts in 2017 that it is possible to take control of a vessel equipped with modern technology using a laptop computer in a short period of time. It took the specialist just 30 minutes to break into the vessel’s wifi network and get access to e-mails, delete or even alter them. In addition, Murray gained access to the financial data of the yacht’s owner and took control of the vessel’s CCTV cameras, satellite communication and navigation equipment. Technically, it was possible for him to sail the superyacht out of port being not onboard the vessel himself.

Olaf Maennel, professor at the TalTech Center for Digital Forensics and Cyber Security, said that managers of shipping companies are as yet unable to notice the dark clouds gathering over them. He said that ships are increasingly dependent on technology and the internet, as navigation maps and cargo documents need to be updated and satellite communication is used on an ever bigger scale.

“This means that the computer systems of ships are vulnerable to attack, and the damage may amount to hundreds of millions of euros for the bigger companies,” Maennel said.

The Estonian Maritime Academy of TalTech and the TalTech Department of Software Science in fall 2019 filed a joint application for the financing of the project with the Horizon 2020 ERA Chairs program, which received a positive financing decision in March this year.

Source:

http://www.baltic-course.com/

Among these systems are marine autonomous surface systems (MASS), unmanned surface vessels (USVs), remotely operated vessels (ROVs) and autonomous underwater vessels (AUVs) able to operate from remote control centres often referred to as unmanned underwater systems (UUVs); and to unmanned aerial vehicles (UAVs) commonly known as drones.

As information technology (IT) has advanced, the opportunity for cyber crime has also increased. Technological advances now make USVs commonplace with many of these small craft (< 5 m) already in use for survey operations. Future larger systems will have varying levels of autonomy ranging from remotely controlled vessels operated from a shoreside RCC to, eventually, fully autonomous vessels.

These will use situational awareness sensors to assess and decide appropriate courses of action (albeit monitored from shore with a human override/final decision mode). These systems rely on data from sensors on various parameters communicated to the RCC for control and monitoring purposes. Robust and secure communications systems are central to their operation and performance.

IT cyber security remains of prime importance for any USV, UUV or AUV operation but operational technology (OT) must also be incorporated into the cyber security system.

Traditional IT cyber security protects the IT system and data held in it, whereas OT cyber security protects the complete system (vessel, people and environment).

The traditional IT-based definition of cyber security is:

Technologies, processes and practices designed to prevent malware from doing damage or harm to networks, computers, programs, or data.

But modern, distributed, interconnected remote systems demand a more comprehensive and robust OT-based cyber security system defined as:

Technologies, processes and practices designed to prevent the intended or unintended use of a cyber technology system to do damage to the cyber technology (networks, computers, programs, data), and vessel, or harm to people and environment.

To achieve this level of protection we need to be able to verify the satisfactory performance of the OT cyber security system by ensuring correct, safe, efficient and reliable operation through software quality engineering; and also preventing malicious and non-malicious threats through the cyber security system.

Functional testing will help assess a system against known errors or threats but, as yet, makes no allowance for unknown events. Using a maturity model provides ongoing monitoring, assessment and improvement to a cyber security system and will help defend against these unknown events.

NIST 5 Function shows keys to developing cybersecurity strategy

To be comprehensive, an evaluation of any system must include the processes used by the technology system owners, designers, users and suppliers, and should consist of active audit and testing of known threats, access points and protection from potential threats such as spoofing and phishing using penetration and scanning tests.

One final consideration is the stage in the lifecycle where these security measures are applied. Ideally, they should be integrated as part of the initial design. Robust security systems are much harder to ensure when viewed as an afterthought and their safety is harder, maybe impossible, to guarantee. Each component of a system, where threat access could occur, should have adequate threat protection designed and built in by the equipment manufacturer.

The London-based Willis Towers Watson consultancy estimates that human errors led to 90% of cyber security claims it has assessed. As shown in the illustration above, high levels of training and competence are both essential for following the Athens Group’s sensible ‘Identify, Detect, Protect, Respond, Recover’ strategy.

Source:
https://www.rivieramm.com/opinion/opinion/cyber-security-concerns-for-autonomous-and-remotely-controlled-systems-59261