Commercial Port of Vladivostok in Russia has been announced as the latest supply chain stakeholder to join the TradeLens blockchain platform.

TradeLens was created by Maersk and IBM and launched in late 2018, using blockchain technologies to allow data and digitised documents to be securely exchanged between cargo owners, shipping companies, customs authorities, ports and terminal operators.

The platform can be used to speed up the process of exchanging documents such as bills of lading for cargo, sanitary certificates, or invoices for payment, while still maintaining security and certainty in the chain of ownership across the supply chain in the absence of paper copies by using the blockchain.

“We are now testing the system and transferring information about loading and discharge of cargo, and berthing of vessels to the blockchain platform,” said Anton Popov, director of the IT department at Commercial Port of Vladivostok.

“After complete integration of the system, we will be able to optimise work with regulatory authorities, reduce the time required for processing documents and receive updates from the sea carrier online.”

Source: smartmaritimenetwork

UK-based but globally-minded CyberOwl, a cyber curity startup whose platform helps to safeguard transport and infrastructure systems, has raised a further €2 million to help expand its business in the maritime sector.

CyberOwl, founded in 2016, provides early warning of cyber security breaches in assets such as ships, ports, industrial plants and infrastructure and sets out clear priorities on how to tackle them. Maritime security is a hot topic right now, with the International Maritime Organisation having ordered fleet operators to address their cyber security by 1 January 2021, due to increasing targets by cyber criminals and facing pressure from regulators. The startup, which is Coventry University spinout, has already been working with maritime operators in Greece, Singapore and Asia.

The recent funding round was led by 24 Haymarket, Mercia’s EIS funds, and the MEIF Proof of Concept & Early Stage Fund, which is managed by Mercia as part of the Midlands Engine Investment Fund. The latest investment will allow the company to expand its global client base and establish itself as a leader in cyber security for shipping lines and port operators.

The Midlands Engine Investment Fund project is supported financially by the European Union using funding from the European Regional Development Fund (ERDF) as part of the European Structural and Investment Funds Growth Programme 2014-2020 and the European Investment Bank.

CEO of CyberOwl, Dan Ng, said: “The world may be adjusting to a new reality but cyber attackers have had years of experience in remote working and thrive in chaotic environments like this. The Covid-19 crisis will put even greater pressure on maritime operators to manage their cyber risks. This round of investment puts us in a strong position to help them continue to secure their systems and comply with security standards.”

David Baker, Investment Manager with Mercia, added: “Mercia has supported CyberOwl from the early days and we are pleased to do so once again in this latest funding round. CyberOwl has made real progress in generating interest from businesses in the past year and is emerging as a leader in cybersecurity for the maritime industry. This further investment will allow it to capitalise on the opportunities created to date.”

Pat Hanlon, Board Director for Access to Finance at GBSLEP, said: “CyberOwl is a hugely ambitious business which has developed at an impressively quick rate and it’s fantastic to be able to provide them with this sort of support. At a time when organisations have had to rely on digital technology more than ever, CyberOwl is providing important support across the globe, and we’re excited to see the business go from strength to strength.” 

Source: eu-startups.

Source: Riviera – News Content Hub – Why cyber security should start in the shipyard

According to Naval Dome, the maritime industry has seen a 900% increase in cyber-attacks since 2017

Cyber Risks in the Maritime Industry

• Navigation systems (ECDIS, Radar, GPS, etc.) can be manipulated using jamming and spoofing techniques.
• Communication systems (sat link, AIS, GSM, etc.) can be targeted by attacking the wireless link.
• Loading and stability of the ship can be modified by manipulating the EDIFACT messages to destabilize ships, cause delays at ports, change price details, etc.
• Global Maritime Distress and Safety System (GMDSS) sends or receives distress alerts from ship-to-shore, shore-to-ship, and ship-to-ship. According to IOActive, terminals running on the insecure ThraneLink protocol are prone to attacks.
• Ship and crew networks are often not properly segregated and can be compromised via email, social engineering attacks, malware downloads, etc.
• Sensors (temperature, pressure, level, current, anemometer, etc.) connected to the shipboard LAN, if compromised, can lead to misrepresented data on the ship’s Electronic Chart Display and Information Systems (ECDIS).
• Third-party updates and remote access to service providers on the shoreside can also be one of the attack vectors.

Leveraging OSINT to Gather Ship Data

Wrapping Up

CYBER-attacks on the maritime industry’s operational technology (OT) systems have increased by 900% over the last three years with the number of reported incidents set to reach record volumes by year end. ADVERTISING Addressing port and terminal operators during an online forum last week, Robert Rizika, Naval Dome’s Boston-based Head of North American Operations, explained that in 2017 there were 50 significant OT hacks reported, increasing to 120 in 2018 and more than 310 last year. He said this year is looking like it will end with more than 500 major cyber security breaches, with substantially more going unreported. Speaking during the 2020 Port Security Seminar & Expo, a week-long virtual conference organised by the American Association of Port Authorities, Rizika said that since NotPetya – the virus that resulted in a US$300 million loss for Maersk – “attacks are increasing at an alarming rate”. READ ALSO:Westerhof sues Bonfrere over allegations of match-fixing Recalling recent attacks, he told delegates that in 2018 the first ports were affected, with Barcelona, then San Diego falling under attack. Australian shipbuilder Austal was hit and the attack on COSCO took down half of the shipowner’s US network. He said this year a US-based gas pipeline operator and shipping company MSC have been hit by malware, of which the latter incident shut down the shipowner’s Geneva HQ for five days. A US-based cargo facility’s operating systems were infected with the Ryuk ransomware, and last month the OT systems at Iran’s Shahid Rajee port were hacked, restricting all infrastructure movements, creating a massive back log. Reports of this attack have gone some way in raising public awareness of the potential wider impact of cyber threats on ports around the world. Intelligence from Iran, along with digital satellite imagery, showed the Iranian port in a state of flux for several days. Dozens of cargo ships and oil tankers waiting to offload, while long queues of trucks formed at the entrance to the port stretching for miles, according to Naval Dome. Emphasising the economic impact and ripple effect of a cyber-attack on port infrastructures, Rizika revealed that a report published by Lloyd’s of London indicated that if 15 Asian ports were hacked financial losses would be more than US$110 billion, a significant amount of which would not be recovered through insurance policies, as OT system hacks are not covered. Going on to explain which parts of the OT system – the network connecting RTGs, STS cranes, traffic control and vessel berthing systems, cargo handling and safety and security systems, etc., – are under threat, Rizika said all of them. “Unlike the IT infrastructure, there is no “dashboard” for the OT network allowing operators to see the health of all connected systems. Operators rarely know if an attack has taken place, invariably writing up any anomaly as a system error, system failure, or requiring restart. “They don’t know how to describe something unfamiliar to them. Systems are being attacked but they are not logged as such and, subsequently, the IT network gets infected,” Rizika explained. “What is interesting is that many operators believe they have this protected with traditional cyber security, but the fire walls and software protecting the IT side, do not protect individual systems on the OT network,” he said. An example would be the installation of an antivirus system on a vessel bridge navigation system (ECDIS) or, alternatively, a positioning system in a floating rig DP (Dynamic Positioning), or on one of the dock cranes on the pier side of the port. “The antivirus system would very quickly turn out to be non-essential, impairing and inhibiting system performance. Antivirus systems are simply irrelevant in places where the attacker is anonymous and discreet,” he said. “Operational networks, in contrast to information networks, are measured by their performance level. Their operation cannot be disconnected and stopped. An emergency state in these systems can usually only be identified following a strike and they will be irreparable and irreversible.” Where OT networks are thought to be protected, Rizika said they are often inadequate and based on industrial computerised system, operating in a permanent state of disconnection from the network or, alternatively, connected to port systems and the equipment manufacturer’s offices overseas via RF radio communication (wi-fi) or a cellular network (via SIM). “Hackers can access the cranes, they can access the storage systems, they can penetrate the core operational systems either through cellular connections, wi-fi, and USB sticks. They can penetrate these systems directly.” Rizika said that as the maritime industry moves towards greater digitalisation and increases the use of networked, autonomous systems, moving more equipment and technologies online, more vulnerabilities, more loopholes, will be created. “There will be a whole series of new cyber security openings through which people can attack if systems are not properly protected. “If just one piece of this meticulously-managed operation goes down it will create unprecedented backlog and impact global trade, disrupting operations and infrastructure for weeks if not months, costing tens of millions of dollars in lost revenues.” Naval Dome also predicts that cyber criminals, terrorists and rogue states will at some point begin holding the environment to ransom. “One area we see becoming a major issue is cyber-induced environmental pollution. Think about it: you have all these ships in ports, hackers can easily over-ride systems and valves to initiate leaks and dump hazardous materials, ballast water, fuel oil, etc.,” Rizika warned. Offering advice on the first steps port operators need to take to protect their OT systems, he said a deep understanding of the differences between the two spaces is vital. “There is a disconnect between IT and OT security. There is no real segregation between the networks. People can come in on the OT side and penetrate the IT side. We are actually seeing this now. Successful IT network hacks have their origins in initial penetration of the OT system.” In a pre-recorded message broadcast during Naval Dome’s presentation, Rear Admiral (Retd) Shiko Zana, the CEO of Ashdod Port, said: “We have become more aware of the growing cyber threat to OT systems. Naval Dome has a unique cyber defence solution capable of protecting against both internal and external cyber attack vectors. The solution provides protection for OT systems.” Vanguard

Read more at: https://www.vanguardngr.com/2020/07/maritime-cyber-attacks-increase-by-900-in-three-years/

Ships are increasingly using systems that rely on digitalization, integration, and automation, which call for cyber risk management on board. As technology continues to develop, the convergence of information technology (IT) and operational technology (OT) onboard ships and their connection to the Internet creates an increased attack surface that needs to be addressed.

Challenges in Maritime Cybersecurity

While the IT world includes systems in offices, ports, and oil rigs, OT is used for a multitude of purposes such as controlling engines and associated systems, cargo management, navigational systems, administration, etc. Until recent years, these systems were commonly isolated from each other and from any external shore-based systems. However, the evolution of digital and communications technology has allowed the integration of these two worlds, IT and OT.

The maritime OT world includes systems like:

• Vessel Integrated Navigation System (VINS)
• Global Positioning System (GPS)
• Satellite Communications
• Automatic Identification System (AIS)
• Radar systems and electronic charts

While these technologies and systems provide significant efficiency gains for the maritime industry, they also present risks to critical systems and processes linked to the operation of systems integral to shipping. These risks may result from vulnerabilities arising from inadequate operation, integration, maintenance, and design of cyber-related systems as well as from intentional and unintentional cyberthreats.

When addressing these cyberthreats, it is important to consider the uniqueness of OT systems, as these assets control the physical world. As such, there are certain challenges to consider, such as:

• OT systems are responsible for real-time performance, and response to any incidents is time-critical to ensure the high reliability and availability of the systems.
• Access to OT systems should be strictly controlled without disrupting the required human-machine interaction.
• Safety of these systems is paramount, and fault tolerance is essential. Even the slightest downtime may not be acceptable.
• OT systems present extended diversity with proprietary protocols and operating systems, often without embedded security capabilities.
• They have long lifecycles, and any updates or patches to these systems must be carefully designed and implemented (usually by the vendor) to avoid disrupting reliability and availability.
• The OT systems are designed to support the intended operational process and may not have enough memory and computing resources to support the addition of security capabilities.

Disruption of the operation of OT systems may impose significant risk to the safety of onboard personnel and cargo, cause damage to the marine environment, and impede the ship’s operation.

In addition to the ongoing integration of IT and OT, the future will bring MAS – Maritime Autonomous Systems. Based on artificial intelligence and Internet of Ships and Sea Services, the new generation of ships will be remotely controlled from the shore. MAS has a “disruptive” potential with implications in terms of technical, economic, environmental, legislative and social impacts in the years to come. This development may also provide opportunities and new concepts which could improve logistics and, therefore, also improve the overall environmental impact of transport.

Maritime Cyber Threat Landscape

Completely digitalized shipping means greater reliance on digital, interconnected control and communication systems, says Isidoros Monogioudis, Adjunct Professor at the Hellenic American University.

Maritime digitalization is planned to increase performance, efficacy, and better collaboration within the industry. However, at the same time it means a significant increase of the digital/cyber “attack” surface. Maritime industry, especially through vessels digitalization and with the numerous different Operational Technology devices deployed, creates a digital landscape previously unknown to a big extent due to the specific hardware and software being used. New security risks will be evolved with the impact being very significant mainly due to the direct connection with the physical world and the consequent operational damage.

In fact, it was only last July that the U.S. Coast Guard issued a safety alert warning all shipping companies of maritime cyber-attacks. The incident that led to this warning happened in February 2019 when a large ship on an international voyage bound for the Port of New York and New Jersey reported “a significant cyber incident impacting their shipboard network.”

The Coast Guard led an incident-response team to investigate the issue and found that “although the malware significantly degraded the functionality of the onboard computer system, essential vessel control systems had not been impacted.”

This was not the first time the U.S. Coast Guard had released a cyber safety warning. In May 2019, they published a bulletin to raise the awareness of maritime stakeholders of “email phishing and malware intrusion attempts that targeted commercial vessels.”

A cyber incident in ships might have severe consequences for the crew, the passengers, and the cargo on board. Considering that many ships carry harmful substances, a cyber incident might have severe environmental consequences or might lead to hijacking the ship to steal the cargo.

The Baltic and International Maritime Council (BIMCO) has defined a cyber safety incident any incident that leads to “the loss of availability or integrity of safety critical data and OT.”

Cyber safety incidents can be the result of:

• a cyber security incident, which affects the availability and integrity of OT (for example, corruption of chart data held in an Electronic Chart Display and Information System (ECDIS))
• a failure occurring during software maintenance and patching
• loss or manipulation of external sensor data that’s critical to the operation of a ship including but  not limited to Global Navigation Satellite Systems (GNSS)

With more than 90% of the world’s trade being carried by shipping, according to the United Nations’ International Maritime Organization, the maritime industry is an attractive target for cyber attackers. The European Union has recognized the importance of the maritime sector to the European and global economy and has included shipping in the Network and Information Systems (NIS) Directive, which deals with the protection from cyber threats of national critical infrastructure.

Best Practices for Mitigating Maritime Cyber Threats

In 2017, the International Maritime Organization (IMO) adopted resolution MSC.428(98) on Maritime Cyber Risk Management in Safety Management System (SMS). The Resolution stated that an approved SMS should consider cyber risk management and encourages administrations to ensure that cyber risks are appropriately addressed in safety management systems.

The same year, IMO developed guidelines that provide high-level recommendations on maritime cyber risk management to safeguard shipping from current and emerging cyber threats and vulnerabilities. As also highlighted in the IMO guidelines, effective cyber risk management should start at the senior management level. Senior management should embed a culture of cyber risk awareness into all levels and departments of an organization and ensure a holistic and flexible cyber risk management regime that is in continuous operation and constantly evaluated through effective feedback mechanisms.

In addition, BIMCO has developed the Guidelines on Cyber Security Onboard Ships, which are aligned with the NIST Cybersecurity Framework. The overall goal of these guidelines is the building of a strong operational resilience to cyber-attacks. To achieve this goal, maritime companies should follow these best practices:

• Identify the threat environment to understand external and internal cyber threats to the ship
• Identify vulnerabilities by developing complete and full inventories of onboard systems and understanding the consequences of cyber threats to these systems
• Assess risk exposure by determining the likelihood and impact of a vulnerability exploitation by any external or internal actor
• Develop protection and detection measures to reduce the likelihood and the impact of a potential exploitation of a vulnerability
• Establish prioritized contingency plans to mitigate any potential identified cyber risk
• Respond and recover from cyber incidents using the contingency plan to ensure operational continuity

“Maritime industry and its digital exposure have many similarities with industrial systems and the broader OT,” says Isidoros Monogioudis. “In this context, these companies must move very fast to the direction of protecting their systems, providing a reliable operating environment not only from performance perspective but also from security perspective. Both proactive and reactive measures must be developed and applied with the real-time security awareness and visibility being possibly the most critical solution, since OT environment remains extremely sensitive in providing timely and accurate services.”

“Maintaining effective cybersecurity is not just an IT issue but is rather a fundamental operational imperative in the 21st century maritime environment,” said the U.S. Coast Guard in their July 2019 security warning.

Source: tripwire

The Marine Corps Systems Command has announced that service is updating its tactical satellite system that provides increased communication on the battlefield.

Based on field user evaluations, the upgraded technology is performing beyond expectations.

The Mobile User Objective System is a next-generation, narrowband satellite communication capability that enables Marines to connect to SATCOM networks. It encompasses updated firmware to the AN/PRC-117G radio system and one of three antenna kits that help users simultaneously access these networks.

Initially fielded in March 2019, the system enables mobile or stationary Marines to leverage cellular technology to increase access to voice and data communication. It also improves overall reliability in urban environments.

“MUOS gives us a 3G capability using satellite constellations,” said Lt. Col. Jeff Decker, MCSC’s Ground Radios product manager. “It is similar to a cell phone capability in the sky that covers the entire globe.”

“We try to figure out anything that could be a possible issue for the warfighter. This helps to validate the concept of operations, and it allows us to provide lessons learned to other MEFs,” Lt. Col. Jeff Decker, MCSC’s Ground Radios product manager said.

The 3G networks used with MUOS remain far superior to the Marine Corps’ legacy SATCOM channels, said Decker. He noted that the Ground Radios program office continues to monitor the latest technologies and looks toward working with other services for future incremental improvements to the capability.

“We’re looking to support the warfighter with a lethal and sustainable capability, which is the command’s focus,” said Decker. “The more robust and resilient the capability, the more we can start adding on back-end systems to help Marines. MUOS is changing the way we look at a tactical satellite architecture.”

The importance of evaluations

From March to May 2020, MCSC conducted various field user evaluations with I Marine Expeditionary Force at Twentynine Palms, California, to assess an updated version of MUOS that increases network stability while executing missions.

During the testing, Marines participated in fire support simulation exercises where they employed MUOS for coordinated air strikes and mortar support. They also used the technology during scenario-based exercises that involved rehearsing command and control operations.

“We tested the system through user evaluation exercises to understand not only what the capability can do on paper, but how we can use it to increase lethality and provide redundancy across the [Fleet Marine Forces],” said Decker.

The testing enabled users to grow familiar with the system, ask questions and provide feedback. It allowed MCSC to learn more about MUOS, including the system’s strengths and limitations. Leveraging Marine feedback, the program office can make additional updates to MUOS as needed.

“We try to figure out anything that could be a possible issue for the warfighter,” said Decker. “This helps to validate the concept of operations, and it allows us to provide lessons learned to other MEFs.”

Eddie Young, project officer of Multiband Radio II Family of Systems at MCSC, said the testing helped the Ground Radios Team assess MUOS in combat-operational environments, which will better prepare them to employ the system during real missions.

“We wanted to bring in these units and make sure the system is working as it should,” said Young. “We want to ensure the warfighter’s needs are met.”

‘Exciting’ assessment results

Both Decker and Young said the feedback on the updated MUOS from Marines has been overwhelmingly positive, and that the system has exceeded performance expectations. Decker noted how Marines commended the new waveform for its lack of performance gaps, its adaptability and the absence of any technical difficulties while testing.

“Marines showed no frustration while trying to execute point-to-point calls while employing MUOS in an operational environment,” said Decker. “The system is doing what we expect it to do, and that is exciting.”

Sgt. Mason J. Roy, video chief for Communication Strategy and Operations at I MEF, participated in the communication exercises. He raved about the benefits of the exercises in training Marines for future missions that involve MUOS employment.

“I believe the exercises went really well,” said Roy. “The idea that we can send a video or photo from the field to a command post [using MUOS] shows we can rapidly inform commanders with visual information so that commands could potentially adjust battlespaces to promote mission accomplishment and protect our troops.”

The program office will begin fielding the updated version of MUOS this summer.

Source: defence-blog

Latent cyber risk. That’s what we in the cyber business call a cyber threat that is undetected, unplanned and unanticipated. These are the cyber risks that lurk in the dark places of your networks and the exposures that you didn’t think about that come out when you least expect.

Maritime has a lot of examples of these, such as when companies start connecting systems, devices and networks that were never designed to be connected. As fleets become more automated and digitized, we are connecting all sorts of systems—ones where cyber security was never even a consideration. The legacy networks don’t have the protection, updates or design to make them cyber resilient, because no one thought they would be connected when they were built. Hook up an old system to the internet, and you run the risk of unintentionally exposing it to a whole host of new cyber risks that you never considered.

Snap-back cyber risk

COVID-19 has its own latent cyber risk. With the sudden and unexpected onslaught of the COVID-19 pandemic, companies had precious little time to convert to an almost fully remote working environment. They scramble to adapt expanded and stretched networks way beyond their normal limits. As entire workforces switched to working from home, work networks mingled with home networks, people emailed documents to personal accounts and USB drives were used to help move and share files like never before.

Most IT departments have done a great job reworking their systems and networks to accommodate an immediate and severe shift in how they operate. However, they exchanged a lot of control for operational flexibility. Work offices became home offices, that also became home schools, entertainment centers, online shopping and part of family daily life. For months, work computers have been sitting on home networks and are used to help people cope with the realities of safer-at-home restrictions.
As a result, the attack surface – the exposure points that attackers can exploit – exploded. Add to that the COVID-19 related cyber scams that have employees unintentionally clicking on bad links, and you have a perfect environment for cyber malware and other exploitation to grow.

Now, many organizations are bringing everyone back to the workplace. Most are thoughtfully planning how to bring people back together. Temperatures will be taken, masks will be worn and social distances will be respected. However, few are considering how to reintegrate computers, devices and systems.

As networks snap back from their over-extension, they will bring back the cyber malware and exploits that could be infiltrating their over-extended networks. This is the latent cyber risk of COVID-19 and needs to be addressed.

It’s about safety

The snap-back risk of COVID-19 can have real-world consequences. Attackers are no longer only just interested in stealing data from corporate IT systems. They now are actively trying to understand how to take control of operational networks on-board vessels. This means they now want to take control of navigation systems, engines, valves, and anything else they can get their hands on. The operational networks that control these systems, called operational technology (OT), are uniquely exposed to these kinds of attacks. This is because, as you might guess, they were never designed to have the kind of connectivity we now have.

As attackers target OT systems, cyber security becomes a real-world cyber safety concern. Cyber risk impacts vessel, public, and environmental safety.
You cannot socially distance a network

Once your systems and networks are interconnected, and connected to the Internet, malware and intruders can spread almost instantaneously. The most you can do is segment, protect and monitor those networks. Unfortunately, too many OT networks do none of these.

Contact tracing a cyber attack is very difficult. Once in, it can be extremely hard to see where malware or an attacker has spread. It can spread in nanoseconds and attackers can be very skilled at covering their tracks. This is much harder in the OT environment, where it takes very specialized expertise to even understand how attack could spread.

No system is stand-alone. There is a perception that some systems are not connected to anything, thus they have an “air gap” and are not vulnerable. That is incorrect. From updates to operations, systems will have some form of connectivity, even if it is someone running an update from a disk. The general rule in cyber is, if someone can get to it, they will.

Cyber hyper-mutates

We are hoping the COVID-19 does not significantly mutate. Unfortunately, the nature of cyber is to hyper mutate. Every malware, every attack type and every mutation is being continuously adapted. Attackers are relentless at refining their attacks. Malware strains last months, weeks or days before new iterations come out. As we become more digital, we reshape the environment for cyber attacks. They respond by being in a constant state of change. You can’t only consider the last attack, you need to anticipate the next one.
We change. They change. We change. Constant vigilance, flexibility and adaptation is the nature of cyber.

You need good cyber hygiene

What can you do? First, you need to account and plan for cyber security. It is now a business imperative. It needs to be a daily part of operational and safety risk management. You then need to proactively manage it. This means that you need to create a cyber program that accounts for the assessment, planning, protection, defense, detection and response needed to minimize your cyber risks.

There are a number of cyber technologies, services and solutions that can help you protect your networks. Find the right partners who have the deep expertise in IT and OT environments, and work with them to build the program that fits your specific situation. Strong cyber hygiene can prevent most cyber infections. It can also help you handle a critical exploitation, if you are unfortunate enough to have to face one.

As for the COVID-19 snap back. You need to make it an integral part of your restart program. This could mean everything from new policies and education, to enhanced scanning, monitoring and management of IT and OT networks.

Remember that COVID-19 is not the only virus that your employees can bring back into your work place.
Source: ABS Group