MARITIME CYBER SECURITY – DNV GL: The seven phases of a cyber attack

May 15, 2018 MARITIME CYBER SECURITYRansomwareTMSA 3

MARITIME CYBER SECURITY

Changes in the cyber security industry

MARITIME CYBER SECURITY, A recent set of attacks against critical infrastructure entities, such as oil and gas pipeline operators, utilities and even some city and state governments reveal new motives and methods. The attackers were not out to steal data but were looking to disrupt services. The attackers used a new attack vector that has not been seen before. Instead of attacking their primary targets directly, they attacked less secure vendors that those targets use. We will be looking at how they did this and then how it can be prevented.

Step one – Reconnaissance

Before launching an attack, hackers first identify a vulnerable target and explore the best ways to exploit it. The initial target can be anyone in an organization. The attackers simply need a single point of entrance to get started. Targeted phishing emails are common in this step, as an effective method of distributing malware.

The whole point of this phase is getting to know the target.
The questions that hackers are answering at this stage are:

  1. Who are the important people in the company? This can be answered by looking at the company web site or LinkedIn.
  2. Who do they do business with? For this they may be able to use social engineering, by make a few “sales calls” to the company. The other way is good old-fashioned dumpster diving.
  3. What public data is available about the company? Hackers collect IP address information and run scans to determine what hardware and software they are using. They check the ICAAN web registry database.

The more time hackers spend gaining information about the people and systems at the company, the more successful the hacking attempt will be.

Step two – Weaponization

In this phase, the hacker uses the information that they gathered in the previous phase to create the things they will need to get into the network. This could be creating believable Spear Phishing e-mails. These would look like e-mails that they could potentially receive from a known vendor or other business contact. The next is creating Watering Holes, or fake web pages. These web pages will look identical to a vendor’s web page or even a bank’s web page. But the sole purpose is to capture your user name and password, or to offer you a free download of a document or something else of interest. The final thing the attacker will do in this stage is to collect the tools that they plan to use once they gain access to the network so that they can successfully exploit any vulnerabilities that they find.

Step three – Delivery

Now the attack starts. Phishing e-mails are sent, Watering Hole web pages are posted to the Internet and the attacker waits for all the data they need to start rolling in. If the Phishing e-mail contains a weaponized attachment, then the attacker waits for someone to open the attachment and for the malware to call home.

Step four – Exploitation

Now the ‘fun’ begins for the hacker. As user names and passwords arrive, the hacker tries them against web-based e-mail systems or VPN connections to the company network. If malware-laced attachments were sent, then the attacker remotely accesses the infected computers. The attacker explores the network and gains a better idea of the traffic flow on the network, what systems are connected to the network and how they can be exploited.

Step five – Installation

In this phase the attacker makes sure that they continue to have access to the network. They will install a persistent backdoor, create Admin accounts on the network, disable firewall rules and perhaps even activate remote desktop access on servers and other systems on the network. The intent at this point is to make sure that the attacker can stay in the system as long as they need to.

Step six – Command and control

Now they have access to the network, administrator accounts, all the needed tools are in place. They now have unfettered access to the entire network. They can look at anything, impersonate any user on the network, and even send e-mails from the CEO to all employees. At this point they are in control. They can lock you out of your entire network if they want to.

MARITIME CYBER SECURITY.

Step seven – Action on objective

Now that they have total control, they can achieve their objectives. This could be stealing information on employees, customers, product designs, etc. or they can start messing with the operations of the company. Remember, not all hackers are after monetizable data, some are out to just mess things up. If you take online orders, they could shut down your order-taking system or delete orders from the system. They could even create orders and have them shipped to your customers. If you have an Industrial Control System and they gain access to it, they could shut down equipment, enter new set points, and disable alarms. Not all hackers want to steal your money, sell your information or post your incriminating e-mails on WikiLeaks, some hackers just want to cause you pain.

MARITIME CYBER SECURITY

 

SOURCE READ FULL ARTICLE

Cyber Risk And Marine Insurance : Mind The Gap

April 11, 2018 CONSULTANCYCYBER SECURITYIMOMARITIME CYBER SECURITYTMSA 3USCG

MARITIME CYBER RISK !

The insurance losses and liabilities arising from cyber risks is an increasing area of focus for both shipowners and their insurers, argues Mr. Adrian Durkin, Director (Claims) and Mr. Colin Gillespie, Deputy

Potentially owners may be exposed to gaps in cover arising from cyber incidents – an unsatisfactory situation in today’s connected world. For example, an owner’s hull and machinery insurance may contain a cyber risk exclusion which mirrors, or is derived from, institute clause 380.

There are also cyber exclusions in war risk policies that relate to computer viruses. The war risks clause is derived from market clause 3039. Many other market insurance policies specifically exclude losses or liabilities arising as a result of cyber risks.

Why is Cyber Excluded?

Cyber risks present a range of issues for insurers. Cyber risks are relatively new – claims data relating to these risks is quite limited. Another difficulty is that cyber security is not yet well established in the maritime industry. The sheer complexity of the information technology, operational technology and internet available across the industry also presents a challenge, as does the potential for cyber problems to spread quickly across the globe. As a result the likelihood, extent and costs associated with claims involving cyber risks are difficult to calculate and potentially significant, hence the reluctance to offer cover.

It is in an owner’s interests to scrutinise their various policies in order to identify potential gaps in their insurance cover. It is possible to close the gaps by working with insurers and brokers. This may require owners to demonstrate that they have robust cyber risk management practices in place both ashore and afloat. An additional premium may be payable. The market is responding to these risks – albeit slowly.

P&I Cover for Cyber Risks

The International Group of P&I Clubs’ poolable cover does not exclude claims arising from cyber risks.

This means that club members benefit from the same level of P&I cover should a claim arise due to a cyber risk, as they would from such a claim arising from a traditional risk. As always cover is subject to the club rules.

While there are currently no internationally agreed regulations in force as to what constitutes a prudent level of cyber risk management or protection, this does not mean that owners, charterers, managers or operators of ships can ignore the need to take proper steps to protect themselves in the belief that their club cover will always respond.

If a claim with a cyber element arises, an owner may need to demonstrate that they took all obvious steps to prevent foreseeable loss or liability. As more and more potential cyber risks are being identified, clubs will expect to see the operation of sensible and properly managed cyber risk policies and systems both ashore and on vessels.

MARITIME CYBER RISK

Don’t delay – act now

Barely a month goes by without news of a major cyber-attack affecting a large or high profile commercial or government entity. Cybercrime is a rapidly growing global threat in all industries and the maritime supply chain is vulnerable as the problems experienced by Maersk in 2017 have demonstrated. In that incident problems ashore had a knock on effect on vessels, highlighting the fact that as marine transport operations become more connected, the more chance there is of problems impacting across the system both ashore and afloat.

The authorities and large charterers are concerned about the risk to operations ashore and afloat and are taking steps to drive change in the industry. Actively managing cyber risks is now both a commercial and compliance priority.

Cyber Risks & ISM Code

The IMO’s Maritime Safety Committee (MSC) has confirmed that cyber risks should be managed under the ISM Code.

Resolution MSC.428(98) affirms that an approved safety management system should take into account cyber risk management and encourages administrations to ensure that cyber risks are appropriately addressed in safety management systems no later than the first annual verification of the company’s Document of Compliance after 1 January 2021.

TMSA 3

Cyber risk management has been included in TMSA 3 under elements 7 and 13. KPI 7.3.3 includes cyber security as an assigned responsibility for software management in the best practice guidelines. Under element 13 cyber security is specifically identified as a security threat to be managed. It seems clear that the oil industry has recognised the need for action from tanker owners and is encouraging action through commercial pressure via TMSA 3. For tanker operators the time to act is already here.

Rightship Inspections

Cyber risk management now forms part of Rightship inspections and a company’s cyber security maturity may be one aspect dry bulk charterers will take into account.

A Daunting Task?

The prospect of dealing with cyber security will be daunting for many shipping companies. It’s new, involves things that may not be fully understood, and most of us are not likely to have received any formal training in such risks.

What is a definite plus is that shipping companies will be very familiar with the risk management framework suggested by the IMO Guidelines on Cyber Risk Management and industry Guidelines on Cyber Security Onboard Ships. We can also use the experience gained in other sectors of industry that have already put cyber security systems in place.

2021 is not far away, but the potential for cyber risks to result in losses or liabilities is clearly already upon us.

Cyber risks can affect almost every part of a shipping company. There will be lots to do to identify risks and vulnerabilities and to take steps to prepare for, and respond to, cyber threats. It’s time for us all to act.

By Adrian Durkin, Director (Claims) & Colin Gillespie, Deputy Director (Loss Prevention), North P&I Club

Cyber safety, security and autonomous shipping addressed with new Bureau Veritas notations and guidelines

March 26, 2018 CYBER SECURITY

Maritime Cyber Security – Cyber safety, security and autonomous shipping addressed with new Bureau Veritas notations and guidelines

 

Paris – La Défense, France, March 13 2018 – Bureau Veritas has developed a comprehensive approach to support shipowners in addressing maritime cyber risks. A new series of classification notations, guidelines and services enable owners to comply with regulatory requirements, safeguard their crews and protect their assets from both malfunction and malicious attack.

Maritime Cyber Security

Bureau Veritas now offers two cyber notations:

The first, SW-Registry, focuses on software change management ensuring that installations of tested new software versions are properly tracked. It requires the creation and maintenance of a certified register of software used in the ship’s onboard systems. SW-Registry is compulsory for newbuild ships using digital systems and enables owners to comply with IACS UR E22, applicable from 1 July 2017. Existing ships may choose to create their own register and would benefit from the additional class notation to help indicate their cyber safety level.

  • SW-Registry notation meets requirements of IACS revised Unified
  • Requirement (UR E22)
  • SYS-COM notation covers requirements for ship-shore data security
  • Guidelines for Autonomous Shipping now available

A second new notation, SYS-COM, addresses cyber security, and is directed at preventing malicious cyber attacks. SYS-COM is a voluntary notation covering the exchange of data between ship and shore. Bureau Veritas is now the only classification society to offer a notation for this specific risk, identified as a key cyber security threat to digital ship data and systems. The experience from projects with shipowners and providers of ship equipment and technology systems has been vital in developing and testing the Bureau Veritas approach. Recent announcements of projects with Bourbon and Kongsberg are examples.

 

Source BV – Click to Read Full Article

Cyber Risks and P&I Insurance

March 9, 2018 CYBER SECURITY

Cyber Risks and P&I Insurance

The maritime industry’s reliance on computers and its increasing interconnectivity within the sector makes it highly vulnerable to cyber incidents.  Cyber poses a threat to all parts of the shipping sector; Cyber risks can be defined as the risk of loss or damage or disruption from failure of electronic systems and technological networks.How can cyber risks occur in the shipping industry and what is covered under the P&I Rules.

Cyber Risks and P&I Insurance

What are “cyber risks”?

• Cyber risks can be defined as the risk of loss or damage or disruption from failure of electronic systems and
technological networks
• All businesses rely heavily upon computer systems to sustain their operations, but these systems are
vulnerable
• Cyber risks comprise risks related to hacker attacks, virus transmission, cyber extortion, network downtime and data security breaches
• A maritime cyber risk can be defined according to the IMO Interim Guidelines on Cyber Risk Management as “the extent to which
a technology asset is threatened by a potential circumstance or event,which may result in shipping-related operational, safety or security failures as a consequence of information or systems being corrupted, lost or compromised”

How can cyber risks occur in the
shipping industry?

• Commercial ships are increasingly more dependent upon computers and computer software to operate and control various shipboard systems
• Safe ship operations are reliant on bridge systems such as ECDIS (Electronic Chart Display and Information System),AIS (Automatic Identification System) and GPS (Global Positioning System)
• Main and auxiliary propulsion systems rely increasingly on computers to operate efficiently
• Ship networks are connected to the internet As with computers ashore, shipboard
systems are vulnerable to cyber-attacks
• Hackers can take advantage of vulnerabilities in a network to access servers;this can enable hackers to access,remove and manipulate sensitive data
• Even a simple mobile phone charging process using a USB port in the ECDIS system can cause a virus to render a system inoperable
• If ships’ systems are attacked, the effect could be extremely perilous
• A cyber-attack could catastrophically impact the safe navigation of a vessel, both in terms of its ability to avoid hazards and in terms of its stability
and cargo operations
• A cyber-attack could lead to collision, personal injury, property damage, pollution or even to a shipwreck.

Are cyber risks excluded from P&I cover?
• No.As a general rule, P&I liabilities – which are set out in Rule 2 of the
UK Club Rules – are not subject to any exclusion of cyber risks
• Nor is the International Group Pooling Agreement subject to a cyber
risk exclusion
• Some maritime cyber risks, however, don’t come within the scope of P&I because they don’t arise from the
operation of a ship.An example is the risk of monetary loss where a shipping company is blackmailed to pay a ransom for the restoration of IT data
or restoration of IT systems that have been compromised by cyber-attack

Icon

Cyber Risks and P&I Insurance

1 file(s) 7.68 MB
Download

Cyber Risks and P&I Insurance

Source UK P&I CLUB click to download full Q&A

Newer Posts

News

Quick Menu

Company DETAILS

SHIP IP LTD
VAT:BG 202572176
Rakovski STR.145
Sofia,
Bulgaria
Phone ( +359) 24929284
E-mail: sales(at)shipip.com

ISO 9001:2015 CERTIFIED