There are often more than 150,000 ships at sea over a 24-hour period. To add some perspective, this is three times greater than the average number of airplanes that are tracked by the Federal Aviation Administration on any given day. When combined, all the ships at sea form one of the largest mobile communication networks imaginable. As is often the case with a security mindset, this level of complexity creates great challenges.

A ship is capable of ship-to-shore communication at close range through the use of traditional terrestrial radio, or shore stations, and when far out to sea, satellite communication is used. To add to the complexity, there are more than ten satellite companies that provide maritime communication services. The international scope of sea-based communications is governed by both multinational organizations, as well as advisory organizations, such as the International Telecommunications Union (ITU).

The New Cannonball Vulnerability

It is easy to think that these impenetrable hulls are immune to security problems. After all, they are somewhat akin to a remote island, far removed from our land-locked security concerns. However, there are threats to maritime vessels, both physical, and virtual. In the event that the physical criminals increase their technological competencies, the results to a fleet could be devastating.

Up until a few years ago, the idea of high-sea pirates was something most people thought existed in age-old tales of rum-soaked hooligans. However, when a recent American President ordered the execution of a pirate, we all recognized that this is a problem that exists even today. Maritime pirates remain a threat, and if the pirates join the cybercrime industry, they could use technology to disrupt both normal communications, as well as distress signals from a targeted ship.

Another threat to the maritime industry is drug trafficking. Disruptions in communication can enable the illegal drug trade, and can also interrupt the delicate balance of the supply chain. As was recently demonstrated, a kink in the supply chain can wreak global havoc.

Maritime-based attacks are not new. At least two of the world’s largest shipping organizations have suffered a ransomware attack. These attacks, as well as other cybercrimes, were initiated using phishing scams. While the attacks have been used for compromising on-shore operations, it is not unreasonable to assume that a ship’s on-board network could also be affected, leaving a ship in a dangerous state. However, there is currently no hard evidence that the electronic crippling of a ship has ever occurred. What has happened in some parts of the world is that Global Positioning Systems (GPS) have been tampered with, affecting navigation, as well as communications.

Better Monitoring of All the Ships

Fortunately, proposed improvements in maritime communications protocols, as well as similar technologies to better track ships, are being developed to offer more unified views of locations, and messages. Along with that, regulatory agencies are also working to improve communications by strictly defining maritime communication radio frequencies.

How Tripwire Can Help

The complexity of modern maritime operations makes it vulnerable not only to phishing-based account compromise, but more significantly, unnoticed configuration modifications. Tripwire is uniquely positioned to help secure maritime operations by providing the foundational controls needed to secure communications.

Tripwire helps ensure that all of the IT and OT systems are configured securely. This is done by tracking the configuration baseline of a system, measuring it against a hardening standard, and providing remediation advice to ensure that the system is configured securely. An example of a hardening standard is the Center for Internet Security benchmarks. This process is known as Security Configuration Management. It is commonly practiced on traditional IT networks and is also a good best practice for maritime devices.

Ransomware attacks make changes to critical system files in order to lock the administrators out of those systems. Tripwire monitors for changes in real time and can help differentiate between a good and bad change, or an authorized or unauthorized change. When an unauthorized or malicious change is detected, an alert and an incident workflow can be triggered so that the appropriate actions can be taken to reduce the exposure of the cyber incident.

Finally, attackers are always trying to leverage a vulnerability in the system to gain unauthorized access. Tripwire’s solutions can monitor both IT and OT devices for vulnerabilities, prioritize which vulnerabilities would have the greatest impact to the critical devices on the network, and provide remediation advice to ensure minimal risk exposure to the maritime devices. With these controls in place, Tripwire can help reduce the attack surface.https://www.tripwire.com/state-of-security/topics/ics-security/