A new U.S. Coast Guard Cyber Command report on cybersecurity trends in the maritime environment said the significance of cyber hygiene, detection, and response “grew exponentially” last year due to a 68 percent increase in reported maritime cyber incidents and USCG efforts to ensure maritime facilities are complying with cyber regulations.

A cyber attack on the port environment can compromise physical facility access control systems, manipulate terminal and gate operating systems for the purpose of leaking sensitive supply chain data or facilitating smuggling or cargo theft, stop port operations by compromising the terminal headquarters, compromise operational technology systems such as cranes in a way that leads to loss of life or property, tamper with PNT so that vessels cannot safely navigate a port, and compromise shipboard systems with impacts to safety or cargo.

U.S. Coast Guard Cyber Command’s (CGCYBER) first Cyber Protection Team — deployable special forces that assess threats and vulnerabilities, identify the presence of adversaries on networks and systems, and respond to cyber incidents — attained full operational capability in May 2021, with the second team following in November 2021. CGCYBER’s Maritime Cyber Readiness Branch, tasked with translating “cybersecurity details into measurable operational risk,” investigated 47 cybersecurity incidents in 2021 “including several large-scale incidents affecting multiple organizations at once.”

“Though the number of reported incidents has increased 68% from 2020 (28 total incidents), MCRB believes many other incidents go undetected or unreported,” the report notes.

The maritime environment incidents reported to the Coast Guard in 2021 included phishing at sectors Guam, Columbia River, Los Angeles/Long Beach, Corpus Christi, Houston/Galveston, Mobile, Charleston, Maryland/NCR, New York, and New England, as well as MSU Port Arthur. Ransomware was reported at sectors Columbia River, Los Angeles/Long Beach, New Orleans, Virginia, Delaware Bay, Maryland/NCR, Long Island Sound, and New England. Sector Puget Sound reported an incident related to authorized access, while Columbia River reported a suspected snitch device. Sector Delaware Bay reported an AIS spoof.

“Cyber-criminals are now using more advanced tactics, techniques, and procedures (TTPs) including focused ransomware attacks in multi-extortion style campaigns with hopes of ensuring a higher, more guaranteed payout,” the report said. “Rather than hitting a broad range of targets, cyber criminals have evolved to focus ransomware attacks on higher value targets.”

The three most popular ransomware-as-a-service variants targeting the maritime transportation system in 2021 were Maze, Sodinokibi, and Ryuk.

“Nation state malicious cyber actors (MCAs) typically abuse zero-day vulnerabilities and known exploitations,” the report continued. “Zero-day vulnerabilities are vulnerabilities disclosed or discovered without an available patch or update to remediate the vulnerability. MCAs often use zero-day vulnerabilities in their initial attack vector to avoid detection. Nation state MCAs abuse Virtual Private Servers (VPS) and web shells to avoid detection and circumvent host system security in order to gain access to the victim networks. MCAs use these techniques within the MTS to increase the probability of successfully exploiting an intended victim.”

Phishing, of which industries within the maritime environment such as logistics and shipping saw “slight increases” last year, “remained the most prevalent means by which MCAs delivered malicious code” in 2021, and both nation-state actors and cyber criminals “will very likely continue to use phishing emails to gain initial access to victim networks.”

As of last October, Maritime Transportation Security Act-regulated facilities are under requirements to address cyber vulnerabilities. “This policy brought with it new cyber competency expectations for industry facility security officers and Coast Guard facility inspectors,” the report noted. “Coast Guard facility inspectors will review cybersecurity plans submitted by facilities. They will also incorporate cybersecurity reviews when conducting security inspections.”

Maritime transportation system partners “fully remediated two-thirds of all exploitable findings on publicly facing systems and 45% of all internally exploitable findings within six months of a CPT Assess mission,” USCG said. “They also partially remediated an additional one-sixth of publicly facing and 43% of internally accessible findings within this 6-month window.”

Out of publicly exploitable findings, 14 had been fully mitigated as of the six-month follow-up, two had accepted the risk of the finding, three were false positives, and three had taken no action to date. Out of internally exploitable findings, 53 had been fully mitigated at the six-month check-in time, 46 had been partially mitigated, five accepted the risk of the findings, and eight had taken no action to date.

Common findings included credentials that were easy to guess — including passwords of “admin,” “PASSWORD,” or “1234” — or easy to crack, such as “123456,” “password1,”  “abc123,” or “iloveyou.” Other issues included weak password policies, use of open mail relay servers, poor patch management, outdated operating systems or applications that did not support updates, elevated service account privileges, and non-essential use of elevated access.

CGCYBER mitigation recommendations to vulnerable entities included changes in password policies, privileged account management, network segmentation, multifactor authentication, vulnerability scanning, software updates, user training, and disabling or removing a feature or program.

The report noted the most user resistance — even though it carried the lowest cost of the mitigations — was seen with the recommendation to change password policies to require more length and complexity.

“Despite widespread frustration with the use of passwords from both a usability and security standpoint, they remain a very widely used form of authentication,” the report stated. “Humans, however, have only a limited ability to memorize complex, arbitrary secrets, so they often choose easily guessed passwords.”

Source: https://www.hstoday.us/featured/maritime-cyber-incidents-increased-at-least-68-percent-in-2021-coast-guard-reports/

 

CREWEXPRESS STCW REST HOURS SOFTWARE - Paris and Tokyo MoU have announced that they will jointly launch a new Concentrated Inspection Campaign (CIC) on Standards of Training, Certification and Watchkeeping for Seafarers (STCW) from 1st September 2022 to 30th November 2022


STM Savunma Teknolojileri Mühendislik ve Ticaret A.Ş., under the leadership of the Defence Industry Agency (SSB), has signed a goodwill protocol with the NATO Maritime Security Centre of Excellence (MARSEC COE), the company announced on 4 July.

The two organisations pledge to work together in the field of maritime security, to which end the involvement of STM ThinkTech, Türkiye’s first technology-based think tank, is planned. The company will provide innovative solutions to NATO MARSEC COE via modelling, simulation, and decision support systems.

Since 2019, STM ThinkTech, as NATO’s solution partner, has been providing state-of-the-art strategic level decision support systems for NATO’s resilience domain […] We will continue to provide our genuine engineering solutions to distinguished institutions such as NATO,” stated STM General Manager, Özgür Güleryüz.

STM ThinkTech has provided a wide range of consultancy services to public and private organisations and has previously exported decision support systems to NATO. The NATO Aggregated Resilience  Decision Support Model, developed by STM ThinkTech, supports the Alliance’s decision-making processes in the face of strategic shocks such as pandemics, large-scale power outages, cyber attacks, and large scale human movement.

STM, which also carries out C2 projects for NATO, has successfully completed the NATO Integration Core (INT-CORE) project, ensuring the provision of significant support to situational awareness across the battlefield. INT-CORE provides accurate information to decision makers at the right time, and incorporates C2 work processes that can support the distribution of information on C2, joint picture, battlefield, missions, etc.

Source: https://monch.com/nato-and-stm-thinktech-collaborate-in-maritime-security/


National Security Advisor Ajit Doval has said that in the current complex and challenging geopolitical situation, it’s necessary to focus on maritime security. He said, “he trajectory of this nation is well defined, we know where we’re going. And when our time comes, India will not be able to become the power it deserves to be unless it has a very strong maritime system. This is perfect timing for it.”

He said, “in the national security discourse importance of land and maritime borders are very different. You cannot fence them, put 24×7 vigilance, the concept of sovereignty in land borders is territorial and well-defined.”

Doval said this on Thursday while addressing the first meeting of the Multi-agency Maritime Security Group to discuss important policy matters affecting maritime security. The meeting was presided over by the National Maritime Security Coordinator, Vice Admiral Retd. Ashok Kumar.

He said, “Indian ocean is a great asset to us. With the cardinal principle of security, our vulnerabilities are directly proportional to our assets. More we develop, the more assets we create; the more prosperous we get, the greater would be vulnerability and greater would be the need for security.

Ajit Doval presiding over the meeting of multi-agency Maritime Security Group

During the meeting, Doval said,” In the changing geopolitical scenario, the Indian ocean which has been an ocean of peace is gradually becoming competitive. We see a potential of having a clash of interest, we need to protect it and be vigilant.”

Ajit Doval said, “We have responsibility towards neighbours be it disaster management or security for them, we’ve been doing it. We recently had an example of countries coming together when Colombo Security Conclave was held to tackle maritime threats in Indian ocean.”

We have a responsibility towards our neighbours, whether it is disaster management or safety for them, we have been doing this. We had an example of countries coming together recently when the Colombo Security Conference was held to deal with maritime threats in the Indian Ocean. We know where we are going… If India does not have a very strong maritime security system, it will not be able to become the power it deserves. This is the perfect time for it. Intelligence agencies provided important information about smuggling, gun running, counter-terrorism, and espionage.”

Source: https://www.awazthevoice.in/india-news/nsa-doval-says-maritime-security-a-priority-area-for-india-13106.html/


The Nigerian Maritime Administration and Safety Agency (NIMASA) has taken delivery of additional mobile assets for enhanced maritime security under the banner of its Deep Blue Project. The main objective of the project is to secure Nigerian waters up to the Gulf of Guinea. The Project has three categories of platforms to tackle maritime security on land, sea, and air.

Two unmanned aircraft systems, nine interceptor patrol boats and 10 armored vehicles have been added to the existing assets earlier procured by the Nigerian Federal Government and commissioned by President Muhammadu Buhari .

Dr. Bashir Jamoh, Director General of NIMASA, thanked President Buhari for his sustained support in the fight against sea piracy and other maritime crimes and said the additional equipment will improve on the gains recorded in securing the Gulf of Guinea and Nigerian maritime domain.

Jamoh also described the recently held Gulf of Guinea Maritime Collaboration Forum in Abuja as a success in rallying international support in the suppression of maritime insecurity. He recommended Nigeria’s Suppression of Piracy and other Maritime Offenses (SPOMO) Act to support maritime law enforcement and said other countries are considering replicating it.

In addition to the new acquisitions, NIMASA’s assets include the Command, Control, Communication, Computer, and Intelligence Center (C4i) for intelligence gathering and data collection, 600 specially trained troops for interdiction, special mission vessels, fast interceptor boats, and surveillance and rescue aircraft.


The invitation for Amos Hochstein, a senior adviser for energy security at the U.S. State Department, came a day after Israel set up a gas rig at its designated location at the Karish field, which Israel says is part of its U.N.-recognized exclusive economic zone. Lebanon insists it is in a disputed area.

The U.S.-mediated indirect talks between Lebanon and Israel have been stalled for months amid disagreement within Lebanon over how big the disputed area is.

Lebanon is home to the heavily armed militant Hezbollah group, which is backed by Iran and has fought several wars with Israel. Hezbollah has also warned it would use its weapons to protect Lebanon’s economic rights.

On Sunday, Lebanon warned Israel not to start drilling in the Karish field and President Michel Aoun said maritime border negotiations have not ended, adding that any move by Israel will be considered “a provocation and hostile act.”

Aoun’s office said Lebanon formally notified the United Nations in February that Karish is part of the disputed area and that the U.N. Security Council should prevent Israel from drilling there in order “to avoid steps that could form a threat to international peace and security.”

The Israeli energy ministry confirmed that the oil rig arrived Sunday, after a five-week sail from Singapore. The ministry said that the Karish field is projected to provide half of Israel’s demand for natural gas and will allow greater exports to neighboring Egypt and Jordan.

Israel’s Energy Minister Karine Elharrar said in an interview on Monday with Army Radio that the field was “entirely in undisputed territory” and called on Lebanon to return to indirect negotiations.

Source: New Haven Register


Iran’s Islamic Revolutionary Guard Corps revealed on Friday that it had seized two oil tankers belonging to Greece, which has accused Tehran of piracy for its taking of Delta Poseidon and Prudent Warrior.

In already-jittery energy markets, the attacks have had a destabilizing effect, at least temporarily, leading to a significant spike in oil prices around the world.

The twin attacks, together with other recent threats to freedom of navigation, have highlighted the need to counter Iran’s disruptive conduct and safeguard trade routes and waterways.

The Gulf Cooperation Council and the US are working together to enhance regional maritime security against such threats. In March, the joint GCC-US maritime security working group met in Riyadh to coordinate the two sides’ response to all types of maritime threats. They are also planning additional policy coordination meetings in the near future, while practical cooperation is ongoing under bilateral and other multilateral frameworks, such as the Combined Maritime Forces, which was set up in 2002.

The CMF is a multinational maritime partnership whose express purpose is to “uphold the international rules-based order by countering illicit nonstate actors on the high seas and promoting security, stability, and prosperity across approximately 3.2 million square miles of international waters, which encompass some of the world’s most important shipping lanes.”

Its main focus is promoting security, stability, and a safe maritime environment. Its mandate also includes combating narcotics, smuggling, and piracy, as well as engaging and cooperating with regional and other partners to strengthen and improve its capabilities to achieve those goals. When requested, the CMF will also respond to environmental and humanitarian incidents.

The CMF has 34 member nations: Australia, Bahrain, Belgium, Brazil, Canada, Denmark, Egypt, France, Germany, Greece, Iraq, Italy, Japan, Jordan, the Republic of Korea, Kuwait, Malaysia, the Netherlands, New Zealand, Norway, Pakistan, the Philippines, Portugal, Qatar, Saudi Arabia, Seychelles, Singapore, Spain, Thailand, Turkey, the UAE, the UK, the US, and Yemen. It is commanded by US Navy Vice Adm. Brad Cooper, who also serves as commander of US Naval Forces Central Command and the US Navy’s Fifth Fleet.

All three commands are co-located at US Naval Support Activity Bahrain. The deputy commander is the British Royal Navy’s Commodore Adrian Fryer. Other senior staff roles at CMF headquarters are filled by personnel from member nations.

It has had three combined task forces under its command for some time: CTF 152 deals with maritime security inside the Arabian Gulf; CTF150 deals with maritime security outside the Arabian Gulf; and CTF 151 deals with countering piracy. CMF last month announced the establishment of a new multinational task force, known as CTF-153, to patrol the Red Sea and the Gulf of Aden.

At any given time, CTF-153 will have two to eight vessels patrolling the waterway between Egypt and Saudi Arabia, through the Bab Al-Mandab Strait to the waters off the Yemen-Oman border, according to Cooper.

He said that the creation of the new task force “reflects a regional consensus on the importance of maritime security.” CTF-153 will first be led by the Fifth Fleet’s Capt. Robert Francis before command rotates to other CMF member countries.

The augmentation of CMF task forces is motivated by a recognition that Iran has been escalating its destabilizing activities over recent months, including missile and drone attacks on land and in the sea, as well as the harassment of oil tankers.

Last July, just a few days before Ebrahim Raisi was sworn in as Iran’s president, there was a brazen drone attack on the Mercer Street tanker off the coast of Oman; it was an early indicator of the new leadership’s direction.

At the time, the foreign ministers of the G7 nations (Canada, France, Germany, Italy, Japan, the UK, and the US), plus the EU, described that attack as “deliberate and targeted” and without justification.

Then-Chief of the British Defense Staff Gen. Nick Carter said that Western powers needed to retaliate for such tanker attacks, “otherwise, Tehran will feel emboldened.” Carter told the BBC that, if a regime of deterrence is not restored in the Gulf, there will be more attacks and a higher risk of “miscalculation” by Iran. “What we need to be doing, fundamentally, is calling out Iran for its very reckless behavior,” he said.

There has been no direct retaliation for the attack on Mercer Street, but significant efforts have been made to restore deterrence through upgrading the capabilities of existing security frameworks, including the CMF.

After the addition of the new CTF-153, the CMF’s framework and mandate is sufficient to deal with many threats to maritime security in the region, especially when working closely with national capabilities. However, with the escalation in the number and sophistication of recent attacks, more needs to be done to restore deterrence. The Red Sea in particular is vast and largely unpatrolled, creating an inviting space for mischief-makers.

A potential source of maritime threats in Yemen. Although there has been a fragile truce in place for the past two months, the Houthis have previously sent many explosives-laden remote-controlled boats into the Red Sea to attack Saudi and other targets. Iran has been the main party responsible for providing the Houthis with drones and missiles.
Last week’s attacks on the Greek oil tankers and the IRGC’s threat to seize more ships should be taken seriously to deter future attacks.

In addition to the close cooperation between CMF partners and the GCC-US coordination bodies, political and diplomatic work needs to be enhanced to put Iran on notice that it should not use the cover of nuclear negotiations to continue to undermine regional maritime security, either directly or through its proxies and allies.

Iran is all for “cooperation among regional states for peace and security,” according to Raisi, but the first step in such cooperation should be for it to stop its disruptive behavior, including its frequent attacks on shipping.

Source: Eurasia Review


At the Posidonia trade fair today, classification society DNV presented Pleiades Shipping with a certificate recognizing their new vessels as the first delivered to a Greek owner with the Cyber secure vessel notation. The presentation was a fitting milestone as DNV also celebrates 100 years of operation in Greece and topping 100 contracted vessels for the Cyber secure notation.

The digitalization of the maritime industry continues to accelerate as new integrated systems, increasing automation, and continuous connectivity are being used to enhance efficiency, boost safety, and improve sustainability. But as the number integrated and connected systems and vessels increase, so too does the threat of remote attacks that can impact critical on-board control systems. These new threats make cyber security a vital tool to reducing risk and led to the release of DNV’s cyber secure class rules and notations. And as recognition of the new risk picture has climbed, more owners and operators are choosing an additional voluntary cyber security verification.

“The mission of Pleiades Shipping is to provide our customers with safe, environmentally sound and efficient services,” says Miltos Synefias, Technical Director at Pleiades Shipping. “We in Pleiades have realised the values of digitalisation since a couple of years ago. Today digital transformation still goes on and opens for new ways to further improve both efficiency and safety. During this time, we have seen the necessity to also set up a robust environment to safeguard the reliability and quality of information, data transfer, and communications, and our IT and HSQE departments have developed our systems and skills accordingly. Today we see Cyber security as a key element to ensure that we can make use of this new technology in a safe and secure way and have taken with pleasure the decision to assign all our four new built vessels with additional voluntary cyber security verification to meet growing requirements of our charterers in this very demanding trading field.”

“For DNV to continue to support the Greek maritime community as we have for the last 100 years, we need to be aware of emerging risks and constantly work to provide solutions to address them,” said Ioannis Chiotopoulos, Regional Manager South-East Europe, Middle East & Africa. “This is why we are so pleased to be able to recognize the foresight of Pleiades Shipping, in opting for the Cyber secure class notation. The notation offers a way for owners and operators to demonstrate that they recognize and are taking steps to improve their cyber resilience, as these threats continue to grow in number and sophistication. Last year, some 20% of DNV classed newbuilds chose to work towards an extra cyber security verification, and with new requirements incoming we expect this will continue to grow.”

While cyber risk regulations like IMO 2021 require owners, operators, and managers, to consider overall cyber risks, to date there have been limited concrete requirements for establishing cyber security barriers in system and vessel design. This will now change as the International Association of Classification Societies (IACS) recently published its new Unified Requirements for cyber security, UR E26 and UR E27, which will become mandatory for classed ships and offshore installations contracted for construction on or after 1 January 2024.

These new requirements will simplify the challenge ship owners and operators face when ordering cyber secure vessels, as the new URs will oblige both yards and system suppliers to proactively address cyber risks in their designs. The new requirements are based on recognized international standards for control system cyber security, IEC 62443, and are fully aligned with DNV’s current class notations for cyber security.


Secretary (East), Saurabh Kumar participated in the meeting (ARF SOM) virtually. The meeting was attended by senior officials of the ARF member states and chaired by Cambodia as the Chairperson of ASEAN.

New Delhi: ASEAN Regional Forum (ARF) in a virtual meeting on Thursday discussed terrorism, maritime and cyber security.

Secretary (East), Saurabh Kumar participated in the meeting (ARF SOM) virtually. The meeting was attended by senior officials of the ARF member states and chaired by Cambodia as the Chairperson of ASEAN.

“The meeting reviewed activities and exchanges of the 27 member ARF over the past year and deliberated on its future plans and activities. Senior Officials exchanged views on regional and international developments, and on COVID-19 pandemic, terrorism, maritime and cyber security,” said a statement.

Secretary (East) appreciated the role of ASEAN-led architecture particularly the ARF in advancing peace, security, and cooperation in the region.

Recognizing the evolving traditional and non-traditional threats in the maritime domain, he emphasised the convergence between the ASEAN Outlook for the Indo-Pacific (AOIP), India’s Indo-Pacific Oceans’ Initiative (IPOI) and Indo-Pacific policies announced by several ARF countries. He also shared our perspectives on the threat posed by terrorism and the challenges of cyber security.

In the current inter-sessional year, Australia, India and Indonesia co-chaired an ARF workshop on “Law of the Sea and Fisheries” on 7-8 December 2021. India, the US, and Indonesia co-chaired the 13th ARF Inter-Sessional Meeting on Maritime Security on 12 May 2022. India seeks to continue to contribute to ARF activities and processes in the next inter-sessional year.

Resource: The Munsif Daily


Bureau Veritas (BV) has awarded type approval certification (TAC) to an IoT solution offered by METIS Cyberspace Technology SA: ‘METIS IoT SYSTEM’. This solution is a combination of two services, ‘METIS SHIP CONNECT’ & ‘METIS SPACE’. It offers data acquisition and analysis through a highly sophisticated AI-based system.

METIS Cyberspace Technology SA specializes in Data Acquisition, Real-time Performance Monitoring and Intelligent Analytics for the Maritime Industry, using Machine Learning and Artificial Intelligence. Its secure digital tools help shipping companies to enhance vessel performance and quantify gains in areas as diverse as route cost optimisation, energy efficiency, fuel efficiency, total emissions management and fulfilment of charter party agreements.

To obtain the type approval certification, METIS has demonstrated to BV cyber security experts that its system ensures the integrity, confidentiality and availability of data collected within a fully secure architecture. The approval follows a series of meetings between METIS and BV experts to verify compliance with all requirements set out in BV Rule Note NR 659. It is based on a review of the METIS system schematics, detailed documentation, security functions and services. BV experts also acknowledged the high level of cyber security practices implemented in the solution examined.

Paillette Palaiologou, Vice President for Southeast Europe, Black Sea & Adriatic Zone at Bureau Veritas Marine & Offshore, commented: “It is always a great pleasure when BV cyber security experts can collaborate effectively with their counterparts at equipment suppliers. The high level of technical expertise that METIS teams have been able to demonstrate shows that some equipment suppliers in the maritime industry have already understood and are even anticipating the formidable challenges brought about by the new IACS URE27 that will come into force on January 1, 2024. We can only be satisfied and proud of that.”

Serafeim Katsikas, CTO, METIS, said: “Today, data itself is a resource but its value depends on the techniques used for acquisition, monitoring and analytics to ensure its cleanliness, security and relevance. Securing BV Type Approval Certification for cyber resilience is a significant milestone for METIS and a key vindication of our approach, expertise and technological competence.”

Bureau Veritas Marine & Offshore is a trusted partner to build and achieve compliance with cyber security best practices for all key stakeholders of the maritime ecosystem, including shipowners, shipyards, equipment integrators and manufacturers, as well as third-party service providers. BV has developed a comprehensive framework based on its NR659 Rules on cyber security for the classification of marine units. This framework outlines comprehensive organizational and technical measures, enabling shipowners to protect their assets, and defining expectations for crews, shipyards and manufacturers.

Sea News,


There are often more than 150,000 ships at sea over a 24-hour period. To add some perspective, this is three times greater than the average number of airplanes that are tracked by the Federal Aviation Administration on any given day. When combined, all the ships at sea form one of the largest mobile communication networks imaginable. As is often the case with a security mindset, this level of complexity creates great challenges.

A ship is capable of ship-to-shore communication at close range through the use of traditional terrestrial radio, or shore stations, and when far out to sea, satellite communication is used. To add to the complexity, there are more than ten satellite companies that provide maritime communication services. The international scope of sea-based communications is governed by both multinational organizations, as well as advisory organizations, such as the International Telecommunications Union (ITU).

The New Cannonball Vulnerability

It is easy to think that these impenetrable hulls are immune to security problems. After all, they are somewhat akin to a remote island, far removed from our land-locked security concerns. However, there are threats to maritime vessels, both physical, and virtual. In the event that the physical criminals increase their technological competencies, the results to a fleet could be devastating.

Up until a few years ago, the idea of high-sea pirates was something most people thought existed in age-old tales of rum-soaked hooligans. However, when a recent American President ordered the execution of a pirate, we all recognized that this is a problem that exists even today. Maritime pirates remain a threat, and if the pirates join the cybercrime industry, they could use technology to disrupt both normal communications, as well as distress signals from a targeted ship.

Another threat to the maritime industry is drug trafficking. Disruptions in communication can enable the illegal drug trade, and can also interrupt the delicate balance of the supply chain. As was recently demonstrated, a kink in the supply chain can wreak global havoc.

Maritime-based attacks are not new. At least two of the world’s largest shipping organizations have suffered a ransomware attack. These attacks, as well as other cybercrimes, were initiated using phishing scams. While the attacks have been used for compromising on-shore operations, it is not unreasonable to assume that a ship’s on-board network could also be affected, leaving a ship in a dangerous state. However, there is currently no hard evidence that the electronic crippling of a ship has ever occurred. What has happened in some parts of the world is that Global Positioning Systems (GPS) have been tampered with, affecting navigation, as well as communications.

Better Monitoring of All the Ships

Fortunately, proposed improvements in maritime communications protocols, as well as similar technologies to better track ships, are being developed to offer more unified views of locations, and messages. Along with that, regulatory agencies are also working to improve communications by strictly defining maritime communication radio frequencies.

How Tripwire Can Help

The complexity of modern maritime operations makes it vulnerable not only to phishing-based account compromise, but more significantly, unnoticed configuration modifications. Tripwire is uniquely positioned to help secure maritime operations by providing the foundational controls needed to secure communications.

Tripwire helps ensure that all of the IT and OT systems are configured securely. This is done by tracking the configuration baseline of a system, measuring it against a hardening standard, and providing remediation advice to ensure that the system is configured securely. An example of a hardening standard is the Center for Internet Security benchmarks. This process is known as Security Configuration Management. It is commonly practiced on traditional IT networks and is also a good best practice for maritime devices.

Ransomware attacks make changes to critical system files in order to lock the administrators out of those systems. Tripwire monitors for changes in real time and can help differentiate between a good and bad change, or an authorized or unauthorized change. When an unauthorized or malicious change is detected, an alert and an incident workflow can be triggered so that the appropriate actions can be taken to reduce the exposure of the cyber incident.

Finally, attackers are always trying to leverage a vulnerability in the system to gain unauthorized access. Tripwire’s solutions can monitor both IT and OT devices for vulnerabilities, prioritize which vulnerabilities would have the greatest impact to the critical devices on the network, and provide remediation advice to ensure minimal risk exposure to the maritime devices. With these controls in place, Tripwire can help reduce the attack surface.https://www.tripwire.com/state-of-security/topics/ics-security/