CYBER SECURITY Archives - Page 9 of 11

The Coronavirus pandemic is leaving the maritime and offshore energy sectors vulnerable to cyber-attack, with Naval Dome citing a massive 400% increase in attempted hacks since February 2020.

While an increase in malware, ransomware and phishing emails exploiting the Covid19 crisis is the primary reason behind the spike, Naval Dome furthers that travel restrictions, social distancing measures and economic recession are beginning to bite into a company’s ability to sufficiently protect itself.

Naval Dome CEO Itai Sela said: “Covid-19 social restrictions and border closures have forced OEMs, technicians, and vendors to connect standalone systems to the internet in order to service them.”

Image Credits: seabornecomms.com

The global crisis and social distancing measures are preventing OEM technicians flying out to ships and rigs to upgrade and service critical OT systems, resulting in operators circumventing established security protocols, leaving them open to attack.

“As budgets are cut and in the absence of service engineers, we are seeing ship and offshore rig staff connecting their OT systems to shoreside networks, at the behest of OEMs, for brief periods of time to carry out diagnostics and upload software updates and patches themselves.

This means that their IT and OT systems are no longer segregated and individual endpoints, critical systems and components may be susceptible. Some of these are legacy systems which have no security update patches and are even more susceptible to cyber attack.

“The increase in OEM personnel working remotely on home networks and personal PCs, which are not well protected, adds to the problem.”

Sela said that during the first three months of 2020, attacks targeting home workers increased tenfold, adding that PC security software provider McAfee has reported that that between January and April cloud-based cyber-attached on all businesses increase by 630%.

He furthered that the economic downturn and the drop in the price of crude oil is also having an effect, with oil companies and contractors being faced with limited budgets available to implement effective cyber security measures.

“Companies are stretched thin and this is benefitting the hacker,” said Sela.

“It is not sufficient to protect only networks from attack,” said Sela. “Each individual system must be protected. If networks are penetrated, then all connected systems will be infected.

“Our philosophy is that all systems must be protected using a risk ranking. If it is, then the entire platform is protected from both internal and external attack vectors. If only the network is protected, then whatever enters the net (such as an unintentional attack from authorised personnel) will infect all connected systems. This philosophy is more cost-effective.”

Naval Dome’s software solutions adhere to the strict cyber security protocols set by the National Institute of Standards and Technology (NIST).

NIST’s Purdue Model for industrial control systems and architecture – an industry adopted reference model that shows the interconnections and interdependencies of all the main components of a typical inter-connected systems – divides ICS architecture into three zones and six levels. Naval Dome protects more deeply embedded systems such as HMIs, alarm/alert and control room workstations to NIST Level 1 and above.

The Purdue Model allows information security professionals and process control engineers that are responsible for protecting an organization’s most valuable assets to visualize how to protect against a security breach, whether involving confidentiality, integrity and/or availability.

Ido Ben-Moshe, Vice President Business Development, said the problem is particularly acute in the marine and offshore oil and gas sectors. “If hackers penetrate networks, and critical equipment is exposed there could be significant safety, downtime, financial and potential reputational damage.

Ben-Moshe added that remote working and the introduction of remotely controlled, autonomous technologies is likely to take place at a faster pace in a post-coronavirus world.

“This will see companies face new cyber security challenges if they fail to implement adequate protective measures,” he said.

Source: https://www.marineinsight.com/

High-profile cyber-attacks on very large shipping companies such as Maersk, COSCO, MSC, Stenna and Svitzer to name but a few have raised awareness of the growing threat of cyber-crime in the shipowner/operator industry sector. If it can happen to these shipping sector goliaths with the budgets they have to defend themselves, it can absolutely happen to you.

However, recent surveys conducted by the U.S. Small Business Administration suggest that many small business owners are still operating under a false sense of cyber security based on their company’s size.

When it comes to cyber-attacks, small does not mean safe. In fact, a cyber-attack could be even more detrimental to a small business than to a large corporation.

The National Cyber Security Alliance reports that 60 percent of small and mid-sized businesses go out of business within six months of an attack.

According to Cybersecurity Ventures, costs related to ransomware demands and damages are estimated to reach $20 billion per year by 2021, with the average breach cost to the SME business running at $500k.

Imagine receiving the call from your head of IT to advise that your defenses have failed and ‘they are in’ and have control of your IT and OT systems. Suddenly it’s happened to you, how you respond matters as time is your enemy. Are you prepared for this inevitability, where most are not?

Don’t leave it to chance. Don’t put off the decision to transfer this risk out of your company any longer, Shoreline can provide an affordable maritime cyber insurance solution. Why continue to run this invasive risk when you don’t have to.

Source: https://www.shoreline.bm/news/maritime-cyber-security-size-matters-small-does-not-mean-safe/

IACS is pleased to announce the publication of its Recommendation on Cyber Resilience (No. 166). This single, standalone Recommendation consolidates IACS’ previous 12 Recommendations related to cyber resilience (Nos. 153 to 164) and applies to the use of computer-based systems which provide control, alarm, monitoring, safety or internal communication functions which are subject to the requirements of a Classification society. Part of the objective in consolidating the 12 Recommendations was to define responsibilities and harmonise and simplify the language used therein. This Recommendation has benefited from the valuable input of a wide range of industry partners contributing via the Joint Industry Working Group on Cyber Systems and covers the constructional aspects of the 12 previously published Recommendations. It provides information on matters such as reference guidelines and standards, terms and definitions, goals for design and construction, functional requirements, technical requirements and verification testing.

IACS Chairman, Arun Sharma, said ‘The publication of this important Recommendation marks a significant milestone in IACS’ work to support the maritime industry in the delivery of cyber resilient ships. I am pleased to note the significant cross-industry cooperation that led to its development and we look forward to maintaining that dialogue as we assess its practical implementation and effectiveness’.

This new recommendation is applicable to a vessel’s network systems using digital communication to interconnect systems within the ship and ship systems which can be accessed by equipment or networks off the ship. Robert Ashdown, IACS Secretary General, added ‘The network design forms the basis for a reliable and robust network. Issues such as compatibility of various devices, communication between devices, communication from various systems and sub systems, need due consideration during design phase. This Recommendation is an important step in addressing cyber resilience from the earliest stages of a vessel’s life.’

Operational aspects that were included in the superseded 12 Recommendations have been identified and grouped under a separate annexure. Following the publication of this consolidated Recommendation the earlier 12 Recommendations have been officially deleted by IACS.

IACS will continue to work with its industry partners and look for their feedback regarding its practical implementation and effectiveness. Based on the experience gained from the practical implementation of this Recommendation IACS will assess the suitability of using it as the basis for a Unified Requirement on Cyber Resilience.

Link for downloading Rec 166 (New Apr 2020): Recommendation on Cyber Resilience

Source: http://www.iacs.org.uk/news/iacs-launches-single-standalone-recommendation-on-cyber-resilience/

The COVID-19 crisis has been testing the foundations of our lives, societies and economies posing huge challenges for the future. Organisations across industries are rightly focusing on their employees’ well-being, whilst making sure that their operations continue undisrupted and at the same time, adapting to the new ways of operating. Inevitably, secondary aspects of day-to-day operations such as cyber security may fall by the wayside, potentially increasing the risk of cyber security attacks. Cyber criminals are cognisant of the change in priorities, making the pandemic an attractive opportunity for them to make their way into corporate networks to steal data, money or cause disruption.

How has this affected the shipping industry?

The shipping industry has already suffered from cyber attacks and some recent examples that have been made public include:

E-mail scams attempting to deliver malware or phishing links to compromise vessels and/or companies. Some of them impersonate the World Health Organisation whilst others use real vessel names and/or COVID-19 to impersonate actual ships and warn of infected crew and vessels through attachments infected with malware.
Mediterranean Shipping Company (MSC) reportedly experiencing a network outage due to a malware attack affecting their primary website and customer portal, which in turn affected online bookings for a number of days (agencies were still functional). Although the incident was not explicitly attributed to an opportunistic attack due to the pandemic, it happened at a time when several other incidents were affecting the industry.
The Danish pump maker DESMI being hit by ransomware with the organisation deciding against paying any ransom to make the compromised data available again. To respond to the attack, the organisation shut down some of their systems including e-mail, affecting their operations for a number of days.

So, what should the shipping sector do to maintain the security of their data and infrastructure?

The pandemic came at a time when shipping organisations have been investing to implement IMO’s “Guidelines on maritime cyber risk management”, in order to be better prepared against cyber security threats both on- and off-shore before 2021. Priorities have had to change in response to the COVID-19 outbreak, but the new reality with its extensive use of technology can still be seen as an opportunity for making sure that parts of the guidelines are implemented in an accelerated manner. Three key actions should be prioritised for shipping organisations to mitigate emerging risks due to the pandemic:

Secure newly implemented remote working practices

Shipping organisations had previously invested in remote working solutions primarily for IT professionals supporting vessels. Therefore, many shipping companies have had to rapidly introduce new remote working tools (e.g. video conferencing, laptops, etc.) that may lack certain security controls or policies resulting either in security gaps or inconsistent application of security protocols. Such solutions will likely be relied upon to a much greater extent as organisations return to business as usual, thus making them more susceptible to cyber attacks due to unpatched or insecurely configured new systems that could affect data confidentiality and integrity. Operations may also be disrupted if these solutions are not resilient to a potential Distributed Denial of Service (DDoS) attack.

Organisations should consider:

Risk assessing existing and new remote access systems to ensure critical security patches have been applied, secure configurations have been used and the solutions are resilient. Particular attention should be paid to systems used for remotely administering and monitoring IT and OT vessel systems. Where possible, these systems should be segregated from the network used by the crew;
Configuring remote access solutions, e-mail and identity management systems to log all authentication events especially those on vessels that were typically not logged in the past. Preserve logs and analyse for anomalous activity;
Reviewing any systems deployed to allow employees to work remotely, and ensure that key security controls are applied (e.g. web filtering, encryption, antimalware protection, data loss prevention, backup solutions and detection and response tooling).

Ensure the continuity of critical security functions

With the majority of employees having to work remotely, including employees responsible for the security functions, productivity is, to some extent, hindered. This is especially true for the monitoring functions that most shipping organisations have outsourced to a third party. Prior to the pandemic, multiple dashboards were used for continuously monitoring on- and off-shore activities, presented on large screens located in dedicated rooms, allowing close collaboration and escalation. Now, employees are limited to small screens for home-use and collaboration is less immediate.

Considerations in this respect include:

(Where outsourced) Ensuring that the third party has enabled their business continuity plan and has sufficient capacity and capability to achieve the agreed SLA;
(Where in-house) Ensuring that monitoring teams have the people, processes and technology necessary to monitor and respond to alerts affecting on-shore and vessel systems. Consider augmenting the teams with additional third-party resources;
Performing continuous vulnerability scanning to confirm patching processes are functioning and all critical vulnerabilities have been patched or mitigated. Make sure this is consistent for on-shore and vessel infrastructure;
Updating incident response plans and continuity playbooks to ensure they function during periods when relevant employees are primarily working remotely. Ensure they are not overly dependent on key members of staff.

Counter opportunistic threats that may be looking to take advantage of the situation

In light of the previously mentioned examples of cyber attacks affecting the shipping industry, organisations should:

Provide specific guidance to vessel crews to be extra vigilant when it comes to email communications relating to COVID-19 infections on specific vessels;
Provide specific guidance to finance teams to ensure they do not respond to email solicitations for personal or financial information, or requests to transfer funds, highlighting increased risks of business email compromise attacks;
Target additional awareness campaigns to both on-shore employees and vessel crews, leveraging phishing campaigns using COVID-19 lures or attempts to exploit different or new ways of working;
Where not already implemented, consider procuring web filtering technology that allows enforcement of web filtering rules on remote infrastructure including on vessels and laptops at home.

It is evident that the pandemic has brought new challenges for shipping organisations. Uncertainty, unprecedented situations, and rapid IT and organisational changes have shifted the nature of cyber threats, making the need for consistency in both on- and off-shore implemented protective and detective measures a ‘must’. We are yet to see how the industry will adapt to the “next day of normality”, but one thing is certain – the cyber security risk landscape has changed and the industry needs to remain vigilant and respond to the situation accordingly and with speed.

See also PwC’s article “Keeping the lights on with a response strategy plan” on what organisations in the shipping sector should do to ensure their continuity of operations.

Source: https://www.hellenicshippingnews.com/cyber-security-in-shipping-during-covid-19-pandemic/

A group of American seaports and maritime stakeholders have decided to address cybersecurity threats by launching a new non-profit, the Maritime Transportation System Information Sharing and Analysis Center (MTS-ISAC).

The new organization’s objective is to promote cybersecurity information sharing throughout the maritime community. A group of leaders from seaports, shipowners and terminal operators recognized the need to improve their own cybersecurity resiliency, and since resources are limited, they realized the best approach was to work with their peers to identify, protect against, and detect cyber threats. Information sharing and analysis efforts will focus on threats to both information technology (IT) and operational technology (OT) systems, which stakeholders can use to prevent or minimize potential cyber incidents.

The MTS-ISAC’s services assist infrastructure stakeholders with compliance requirements, including the 2021 IMO cyber risk management guidelines and the recently-released US Coast Guard Navigation and Vessel Inspection Circular (NVIC) 01-20 This NVIC states that in the Coast Guard’s view, the Maritime Transportation Security Act (MTSA) obligates regulated facilities to “identify, assess, and address the vulnerabilities of their computer systems and networks” when preparing the facility security plan.

The initial board members for the ISAC include the Alabama State Port Authority, Greater Lafourche Port Commission (Port Fourchon), Jacksonville Port Authority (JAXPORT), Port of New Orleans, Port of San Diego, Port Vancouver USA, and six other maritime critical infrastructure stakeholders.

“As the maritime sector continues to rapidly increase its reliance upon and integration of new technologies into operational capabilities, we’re seeing the need for stakeholders to pool limited cybersecurity resources to understand and manage the associated risks in effective ways,” said Scott Dickerson, the MTS-ISAC’s Executive Director. “We’re actively seeing an increase in cyber threat activity, and effective information sharing between our stakeholders has been a force multiplier for their risk management efforts. While IMO 2021 and the USCG NVIC [01-20] help provide guidance to industry, we believe effective maritime public-private partnerships will be a cornerstone for successful maritime cyber risk management efforts moving forward.”

Source: https://maritime-executive.com/article/u-s-maritime-stakeholders-launch-cyber-threat-clearinghouse

The TalTech Center for Digital Forensics and Cyber Security and the Estonian Maritime Academy have received approximately 2.5 million euros from the European Union for the establishment of a center for maritime cybersecurity, informs LETA/BNS.

The objective of the five-year project is to develop the domain of cybersecurity in the maritime field and enhance the competence of TalTech through the involvement of top scientists from all over the world.

Dan Heering, one of the champions of the project at the Estonian Maritime Academy, said that maritime business has not taken cybersecurity seriously for a long time and much remains to be done in said field.

“Since there is little in terms of public information related to ‘successful’ cyberattacks and incidents related to ships, shipping companies are not taking the threat seriously too,” Heering said.

Heering said that when exploring the topic for his master’s thesis, he was surprised at most businesses’ indifference towards the problem. He attributed this to shortcomings in legislation, which does not direct shipowners to protecting themselves against cyber risks and providing training to ship crews.

From January of next year the requirement starts to apply to shipping companies that management of cyber risks must be made part of the company’s system of organization of safety at sea, the project manager said.

Lukewarm interest on the part of shippers to date may be also a result of their ignorance of the attacks committed and the damage caused by them. Also, businesses at present see reducing cyber risks rather as an expense, not an investment.

According to Heering, several incidents related to cyber attacks against ships have become public over the past decade. In 2019, a freight ship headed for New York contacted the US Coast Guard after the ship’s computer systems had suffered damage as a result of getting infected with malware and the vessel’s maneuvrability had deteriorated significantly.

Campbell Murray, expert on cyber crime, demonstrated at a conference on superyachts in 2017 that it is possible to take control of a vessel equipped with modern technology using a laptop computer in a short period of time. It took the specialist just 30 minutes to break into the vessel’s wifi network and get access to e-mails, delete or even alter them. In addition, Murray gained access to the financial data of the yacht’s owner and took control of the vessel’s CCTV cameras, satellite communication and navigation equipment. Technically, it was possible for him to sail the superyacht out of port being not onboard the vessel himself.

Olaf Maennel, professor at the TalTech Center for Digital Forensics and Cyber Security, said that managers of shipping companies are as yet unable to notice the dark clouds gathering over them. He said that ships are increasingly dependent on technology and the internet, as navigation maps and cargo documents need to be updated and satellite communication is used on an ever bigger scale.

“This means that the computer systems of ships are vulnerable to attack, and the damage may amount to hundreds of millions of euros for the bigger companies,” Maennel said.

The Estonian Maritime Academy of TalTech and the TalTech Department of Software Science in fall 2019 filed a joint application for the financing of the project with the Horizon 2020 ERA Chairs program, which received a positive financing decision in March this year.

Source:

http://www.baltic-course.com/

Among these systems are marine autonomous surface systems (MASS), unmanned surface vessels (USVs), remotely operated vessels (ROVs) and autonomous underwater vessels (AUVs) able to operate from remote control centres often referred to as unmanned underwater systems (UUVs); and to unmanned aerial vehicles (UAVs) commonly known as drones.

As information technology (IT) has advanced, the opportunity for cyber crime has also increased. Technological advances now make USVs commonplace with many of these small craft (< 5 m) already in use for survey operations. Future larger systems will have varying levels of autonomy ranging from remotely controlled vessels operated from a shoreside RCC to, eventually, fully autonomous vessels.

These will use situational awareness sensors to assess and decide appropriate courses of action (albeit monitored from shore with a human override/final decision mode). These systems rely on data from sensors on various parameters communicated to the RCC for control and monitoring purposes. Robust and secure communications systems are central to their operation and performance.

IT cyber security remains of prime importance for any USV, UUV or AUV operation but operational technology (OT) must also be incorporated into the cyber security system.

Traditional IT cyber security protects the IT system and data held in it, whereas OT cyber security protects the complete system (vessel, people and environment).

The traditional IT-based definition of cyber security is:

Technologies, processes and practices designed to prevent malware from doing damage or harm to networks, computers, programs, or data.

But modern, distributed, interconnected remote systems demand a more comprehensive and robust OT-based cyber security system defined as:

Technologies, processes and practices designed to prevent the intended or unintended use of a cyber technology system to do damage to the cyber technology (networks, computers, programs, data), and vessel, or harm to people and environment.

To achieve this level of protection we need to be able to verify the satisfactory performance of the OT cyber security system by ensuring correct, safe, efficient and reliable operation through software quality engineering; and also preventing malicious and non-malicious threats through the cyber security system.

Functional testing will help assess a system against known errors or threats but, as yet, makes no allowance for unknown events. Using a maturity model provides ongoing monitoring, assessment and improvement to a cyber security system and will help defend against these unknown events.

NIST 5 Function shows keys to developing cybersecurity strategy

To be comprehensive, an evaluation of any system must include the processes used by the technology system owners, designers, users and suppliers, and should consist of active audit and testing of known threats, access points and protection from potential threats such as spoofing and phishing using penetration and scanning tests.

One final consideration is the stage in the lifecycle where these security measures are applied. Ideally, they should be integrated as part of the initial design. Robust security systems are much harder to ensure when viewed as an afterthought and their safety is harder, maybe impossible, to guarantee. Each component of a system, where threat access could occur, should have adequate threat protection designed and built in by the equipment manufacturer.

The London-based Willis Towers Watson consultancy estimates that human errors led to 90% of cyber security claims it has assessed. As shown in the illustration above, high levels of training and competence are both essential for following the Athens Group’s sensible ‘Identify, Detect, Protect, Respond, Recover’ strategy.

Source:
https://www.rivieramm.com/opinion/opinion/cyber-security-concerns-for-autonomous-and-remotely-controlled-systems-59261