SlideShare una empresa de Scribd logo

Maritime Cyber Security Education

Descargar como PPTX, PDF
Valentin Bañaco
Valentin Bañaco

Education for Cyber Security Onboard ships

Software
1 de 53
CYBER SECURITY ONBOARD SHIPS
CYBER SECURITY ONBOARD SHIPS In reference to IMO resolution: 1. MSC.428(98) – Maritime Cyber Risk Management in SMS 2. MSC-FAL. 1/Circ. 3 - Guidelines On Maritime Cyber Risk Management And BIMCO’s - The Guidelines on Cyber Security Onboard Ships INTRODUCTION • Ships are increasingly using systems that rely on digitization, digitalization, integration, and automation, which call for cyber risk management on board. • As technology continues to develop, information technology (IT) and operational technology (OT) onboard ships are being networked together – and more frequently connected to the internet. • This brings the greater risk of unauthorized access or malicious attacks to ship’s systems and networks. • Risks may also occur from personnel accessing systems on board, for example by introducing malware via removable media. • Whilst the causes of a cyber safety incident may be different from a cyber security incident, the effective response to both is based upon training and awareness. • Both cyber security and cyber safety are important because of their potential effect on personnel, the ship, environment, company and cargo. • Cyber security is concerned with the protection of IT, OT, Information and data from unauthorized access, manipulation and disruption. • Cyber safety covers the risks from the loss of availability or integrity of safety critical data and OT.
MARITIME CYBER SECURITY INCIDENTS 9.00% 5.00% 7.00% 9.00% 9.00% 9.00% 12.00% 12.00% 12.00% 19.00% 21.00% 23.00% 28.00% 30.00% 44.00% 49.00% 0.00% 10.00% 20.00% 30.00% 40.00% 50.00% 60.00% Other Honeytrap/Honeypot Loss of op. control Data Manipulation Network protocol Brute force Vulnerability exploitation Procedure breach Application level Data theft Man in the middle Ransomware Credential theft Spear phishing Malware Phishing Percentage Nature of attack within the past 12 months • 2018 IHS Market Source: IHS Market • Phishing, Spear phishing, and Malware continue to rank highest. • Theft of credentials climbed the list from just a 2% response rate in 2017 to 28% in 2018, moving ahead of ransom ware, at 23%. Source: Fairplay/BIMCO Maritime Cyber Security Survey
• A ship is an independent unit and a cyber attack may compromise the safety of that ship, the marine environment and to some extent, the business continuity and reputation of the owner. • In June 2017, A.P. Moller – Maersk fell victim to a major cyber attack caused by the Not Petya malware, which also affected may organizations globally. • As a result, Maersk’s operations in transport and logistics businesses were disrupted, leading to unwarranted impact. Impact of Cyber Attack 49,000 ALL LAPTOPS INFECTED PRINT CAPABILITY INACCESSIBLE 1200 APPLICATIONS WERE INACCESSIBLE 1000 APPLICATIONS WERE DESTROYED FILE SHARES UNAVAILABLE
• A ship with an integrated navigation bridge suffered a failure of nearly all navigation systems at sea, in a high traffic area and reduced visibility. • The ship had to navigate by one radar and backup paper charts for two days before arriving in port for repairs. The cause of the failure of all ECDIS computers was determined to be attributed to the outdated operating systems. • During the previous port call, a producer technical representative performed a navigation software update on the ship’s navigation computers. However, the outdated operating systems were incapable of running the software and crashed. • The Ship was required to remain in port until new ECDIS computers could be installed, classification surveyors could attend, and a near miss notification had been issued as required by the company. • The costs of the delays were extensive and incurred by the shipowner. • This incident emphasized that not all computer failures are a result of a deliberate attack and that outdated software is prone to failure. • More proactive software maintenance to the ship may have prevented this incident from occurring. Corruption of Chart Data Virus Intrusion • Ship communication equipment is not only a communication tool between ship and shore, but also essential equipment for current navigation, such as weather routing, chart correction and PMS(Planned Maintenance System). • Along with the volume increase in ship communications, the number of ship systems that are prone to being infected with a virus are also occurring more frequently, and the way in which viruses infect systems are now more varied
0 20 40 60 80 100 120 140 160 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 8 15 20 24 36 48 53 61 65 76 126 144 Volume of ship communications (e-mail) Graph 1 Volume of ship communications via e-mail by month over the last 12 years
Around year 2000 • Most vessels were not initially connected to an external network, potential virus blocked by the electric mail provider. • Source of potential virus are people or crew boarding the ship. Updating definition files Ship’s local network Virus from crew E-mail with virus Server scanning
Around year 2010 • Cases of virus intrusion, disrupting e-mail system. • Result of crew members using 3G/4G when calling at port. • Use of illegally copied software and from illegal download sites. Ship’s local network E-mail with virus Server scanning Updating definition files Virus from crew Private 3G/4G connection by crew
Types of Cyber Risk • External factors such as unauthorized access and system hacking are mainly the focus when it comes to cyber risk; • It is important to consider internal factors, such as the existence of operation mistake and general system failure. External factors Internal factors Unauthorized access VIRUSES Social Engineering Abuse Operation Mistake General System Failure Cyber Security Attributes Confidentiality Possession (for Control) Safety Resilience Availability (Including Reliability) Authenticity Utility Integrity Information quality & validity Ship system configuration Continuity Of ship’s operations Safety of people & assets Controlling access to ship & ship systems operations
Confidentiality • The control of access and prevention of unauthorized access to ship data, which might be sensitive in isolation or in aggregate. • The ship systems and associated processes should be designed, implemented, operated and maintained to prevent unauthorized access, for example, sensitive financial, security, commercial or personal data. • The design, implementation, operation and maintenance of ship systems and associated processes to prevent unauthorized control, manipulation or interference. • An example would be the loss of an encrypted storage device – there is no loss of confidentiality as the information is inaccessible without the encryption key, but the owner or user is deprived of its contents. Possession and Control
Integrity • Maintaining the consistency, coherence and configuration of information and systems, and preventing unauthorized changes to them. • Prevent unauthorized changes being made to assets, processes, system state or the configuration of the system itself. • A loss of system integrity could occur through physical changes to a system. Authenticity • Ensuring that inputs to, and outputs from, ship systems, the state of the systems and any associated processes and ship data, are genuine and have not been tampered with or modified. • It should also be possible to verify the authenticity of components, software and data within the systems and any associated processes. • Authenticity issues could relate to data such as a forged security certificate or to hardware such as a cloned device.
Utility • Asset information and systems remain usable and useful across the lifecycle of the ship asset. • An example of loss of utility would be a situation where a ship system has been changed or upgraded and the file format of historic data is no longer intelligible to the system. There has been no loss of availability, but the data is unusable. Safety • The design, implementation, operation, and maintenance of ship systems and related processes to prevent the creation of harmful states which may lead to injury or loss of life, or unintentional physical or environmental damage. • A safety issue could arise through malware causing a failure to display or communicate ship systems alarm states. • For example, the failure of a motion or proximity detector or other sensors could result in damage to property or loss of life. Resilience • The ability of the asset information and systems to transform, renew and recover in a timely way in response to adverse events. • In the event that either a system or associated process suffers disruption, impairment or an outage occurs, it should be possible to recover a normal operating state, or acceptable business continuity state, in a timely manner.
Guidelines on Maritime Cyber Risk Management Safety Management System • MSC. 428(98) encourages administrations to ensure that cyber risks are appropriately addressed in SMS no later than the first annual verification of the company’s Document of Compliance after 01 January 2021. Maritime Cyber Risk Management • In 2017, the IMO adopted resolution MSC. 428(98) on Maritime Cyber Risk Management • The Resolution stated that an approved SMS should be take into account cyber risk management in accordance with the objectives and functional requirements of the ISM Code.
Guidelines on Cyber Security Onboard Ships • Aligned with IMO resolution MSC.428(98) • Designed to assist companies in formulating their own approaches to cyber risk management onboard ships. • Provide practical recommendations on maritime cyber risk management covering both cyber security and cyber safety. • International shipping organizations, with support from a wide range of stakeholders have participated in the development of these guidelines. Guidelines on Cyber Security Onboard Ships
Ship Assets and Common Vulnerabilities Communication System • Integrated communication system • Satellite communication equipment • Voice over Internet Protocols equipment • Wireless networks • Public address and general alarm systems • System used for reporting mandatory information to public authorities Bridge System • Integrated Navigation System • Positioning System, ECDIS, DP • AIS, GMDSS, RADAR, VDR • System that interface with electronic navigation system and propulsion/maneuvering system • Other monitoring and data collection systems
Access control System • Surveillance systems such as CCTV network • Bridge Navigational Watch Alarm System (BNWAS) • Shipboard Security Alarm System (SSAS) Propulsion and machinery management and power control systems • Engine governor • Power management • Integrated control system • Alarm system • Emergency response system
Administrative and crew welfare system • Administrative systems • Crew Wi-fi or LAN internet access, for example where onboard personnel can connect their own devices Cargo Management Systems • Cargo Control room and it’s equipment • On board loading computers and computers used for exchange of loading information and load plan updates with the marine terminal and stevedoring company • Remote cargo and container sensing system • Ballast water system • Water Ingress alarm system
Common vulnerabilities • Obsolete and unsupported operating systems • Outdated or missing antivirus software and protection from malware • Inadequate security configurations and best practices, including ineffective network management and the use of default administrator accounts and passwords • Shipboard computer networks, which lack boundary protection measures and segmentation of networks • Safety critical equipment or system always connected with the shore side • In adequate access controls for third parties including contractors and service providers
Threats and Potential Consequences Group Motivation Objective Activist (Including disgruntled employees) Reputational damage Disruption of Operation Media attention Denial of access to the service or system targeted Criminals Financial gain Commercial espionage Industrial espionage Selling stolen data Ransoming stolen data Ransoming system Operability Arranging fraudulent transportation of cargo Gathering intelligence for more sophisticated crime, exact cargo location, ship transportation and handling plans etc.
Threats and Potential Consequences Group Motivation Objective Opportunists The challenge Getting through cyber security defenses Financial gain States State sponsored organizations Terrorist Political gain Espionage Gaining knowledge Disruption to economies and critical national infastructure
• Connecting a personal wireless router or PC to the isolated network reserved for operational equipment is a major security risk. CYBER ATTACK – TOOLS AND TECHNIQUES MIXING ISOLATED AND OPEN NETWORKS • Hackers can invade your systems by exploiting an open wireless network or one with low level security. • They can literally sit outside your ship’s physical location and access critical onboard systems through wireless networks
• Connecting Personal Device to Official System • Opening Phishing E-mail/SMS in personal device • Transfer of Virus to shore based systems • Transfer of Virus to shore based server • Hacking data from shore office servers
Removable Media / External Hardware • External hard drives such as USB sticks, camera memory cards and smart phones: perfect storage tools for anyone to spread their malware and virus making it possible to physically cross network barriers that are otherwise protected by network firewalls. Ransomware • Ransomware encrypts files on a computer and demands that you pay to unlock your files. Once the malicious software has infected one computer, be it a personal or company computers it may spread to others connected to the same network, quickly making it impossible to perform common tasks.
Untargeted attacks • Where a company or a ship’s systems and data are one of many potential targets • Untargeted attacks are likely to use tools and techniques available on the internet, which can be used to locate, discover and exploit widespread vulnerabilities that may also exist in a company and onboard a ship Targeted attacks • Targeted attacks, where a company or a ship’s systems and data are the intended target. • Targeted attacks may be more sophisticated and use tools and techniques specifically created for targeting a company or ship.
Malware • Malicious software which is designed to access or damage a computer without the knowledge of the owner. • There are various types of malware including Trojans, ransomware, spyware, viruses, and worms. • Ransomware encrypts data on systems until a ransom has been paid. Malware may also exploit known deficiencies and problems in outdated/unpatched business software. • A piece of malicious code may often be executed by the user, sometimes via links distributed in email attachments or through malicious websites. Phishing • Sending emails to a large number of potential targets asking for particular pieces of sensitive or confidential information. • Such an email may also request that a person visits a fake website to exploit visitors.
Water holing • Establishing a fake website or compromising a genuine website to exploit visitors.
• Unauthorized access and manipulation of operational systems can create dangerous situations. • The navigation system can also be manipulated by electronic GPS spoofing devices sending incorrect GPS signals, telling you that you are in a different position than what is the actual case. • This Type of attack does not require access to the vessel’s network or internal systems. Tampering with Navigation System • When an individual’s or company’s data is copied, transferred, or retrieved from a computer or server without authorization. • Attack mimics normal data traffic and can be very difficult to detect. • Data theft is achieved by hackers when systems rely on vendor-set, common, or easy-to-crack passwords. Data Theft
• One of the most common forms of cyber crime is social engineering. • This is the art of manipulating people by using methods like urgency, fear, and curiosity. • Reveals confidential information that can be used to gain unauthorized access to personal or company systems. Social Engineering/Phishing Brute Force • An attack trying many passwords with the hope of eventually guessing correctly. • The attacker systematically checks all possible passwords until the correct one is found.
• A distributed denial of service (DDoS) attack is when an attacker, attempts to make it impossible for a service to be delivered. • DoS/DDoS attacks work by drowning a system with data request. • The result is unavailable internet bandwidth, and CPU and RAM capacity becomes overwhelmed/unavailable. Denial of Service (DoS/DDoS Spear-phishing • Like phishing but the individuals are targeted with personal emails, often containing malicious software or links that automatically download malicious software. Subverting the supply chain • Attacking a company or ship by compromising equipment, software or supporting services being delivered to the company or ship.
Stages of Cyber Attack • In 2018, it took on average 140 days between time of infection of a victim’s network and discovery of a cyber attack, intrusion can go undetected for years. • This figure is down from 205 days in 2015 and continues to drop because detection is getting better. Time of infection and discovery Cyber attack stages • The length of time to prepare a cyber attack can be determined by: - the motivations and objectives of the attacker; - the resilience of technical and procedural cyber risk controls implemented by the company including those onboard its ships.
• Open/public sources are used to gain information about a company, ship or seafarer in preparation for a cyber attack. • Social media, technical forums and hidden properties in websites documents and publications may be used to identify technical, procedural and physical vulnerabilities. • The use of open/public sources may be complemented by monitoring (analyzing- sniffing) the actual data flowing into and from a company or a ship. Survey/Reconnaissance Delivery • Attackers may attempt to access the company’s and ship’s systems and data. • This may be done from either within the company or ship or remotely through connectivity with the internet.
• Company online services, including cargo or container tracking systems. • Sending emails containing malicious files or links to malicious websites. • Personnel providing infected removable media, for example as part of a software update to an onboard system • Creating false or misleading websites, which encourage the disclosure of user account information by personnel. Examples of methods used to obtain access: Breach • The extent to which an attacker can breach a company’s or ship’s system will depend on the significance of the vulnerability found by an attacker and the method chosen to deliver an attack. • It should be noted that a breach might not result in any obvious changes to the status of the equipment. • Depending on the significance of the breach, an attacker may be able to: - make changes that affect the system’s operation, for example interrupt or manipulate information used by navigation equipment, or alter operationally important information such as loading lists.
- gain access to commercially sensitive data such as cargo manifests and/or crew and passenger/visitor lists. - Achieve full control of a system, for example a machinery management system Pivot • Pivoting is the technique of using an instance already exploited to be able to “move” and perform activities. • During this phase of an attack, an attacker uses the first compromised system to attack otherwise inaccessible systems. • An attacker will usually target the most vulnerable part of the victim’s system with the lowest level of security. Once access is gained then the attacker will try to exploit the rest of the system.
Usually, in the Pivot phase, the attacker may try to: - upload tools, exploit and scripts in the system to support the attacker in the new attack phase. - execute a discovery of neighbor systems with scanning or network mapping tools. - install permanent tools or a key logger to keep and maintain access to the system. - execute new attacks on the system. Cyber Security Protection Measures Threats • Malicious actions (e.g. hacking or introduction of malware). • Unintended consequences of benign actions (e.g. software maintenance or user permissions). • In general, these actions expose vulnerabilities (e.g. outdated software or ineffective firewalls) or exploit a vulnerability in operational or information technology. • Effective cyber risk management should consider both kinds of threat.
Cyber Security Protection • The collection of tools, policies, security concepts, security safeguards, guidelines, risk management approaches, actions, training, best practices, assurance and technologies that can be used to protect the cyber environment and organization and user’s assets. What to protect? Ship, platform, organization, people What to Protect against? Terrorists, cyber crime How to protect? People, Processes and Technology Assets Threats Protective measures Vulnerability and Risk assessment Probability Detection, testing, monitoring, review Acceptable risk?
Lack of access control to computers and networks Networks not Segregated Lack of intrusion detection Low quality hardware used to construct networks Outdated/unpatched software Lack of cyber security and safety policies Obsolete Operating Systems
Elements of Cyber Risk Management 1. Identify: Define personnel roles and responsibilities for cyber risk management and identify the systems, assets, data and capabilities that, when disrupted, pose risks to ship operations. 2. Protect: Implement risk control processes and measures 3. Detect: Develop and implement activities necessary to detect a cyber-event in a timely manner. 4. Respond: Develop and implement activities and plans to provide resilience and to restore systems necessary for shipping operations or services impaired due to a cyber-event. 5. Recover: Identify measures to back-up and restore cyber systems necessary for shipping operations impacted by a cyber-event.
Procedural Controls Procedural controls are focused on how personnel use the onboard systems. • Plans and procedures that contain sensitive information should be kept confidential and handled according to company policies • Personnel have a key role in protecting IT and OT systems but can also be careless • For example by using removable media to transfer data between systems without taking precautions against the transfer of malware. Training and Awareness Limiting Access for Visitors • Visitors such as authorities, technicians, agents, port and terminal officials, and owner representatives should be restricted with regards to computer access while on board. • Unauthorized access to sensitive OT network computers should be prohibited. • If access to a network by a visitor is required and allowed, then it should be restricted in terms of user privileges.
• Access to certain networks for maintenance reasons should be approved and coordinated following appropriate procedures as outlined by the company/ship operator. • If a visitor requires computer and printer access, an independent computer, which is air- gapped from all controlled from all controlled networks, should be used. • To avoid unauthorized access, removable media blockers should be used on all other physically accessible computers and network ports. Upgrades and Software Maintenance Hardware or software that is no longer supported by tis producer or software developer will not receive updates to address potential vulnerabilities, should be carefully evaluated by the company. • Relevant hardware and software installations should be updated. • Procedures for timely updating of software. • Software includes computer operating systems. • Routers, switches and firewalls, and various OT devices may require regular updates.
Anti-virus and anti-malware tool updates • In order for scanning software tools to detect and deal with malware, they need to be updated. • Procedural requirements should be established to ensure updates are distributed to ships on a timely basis and that all relevant computers on board are updated. Control over remote access Policy and procedures should be established for control over remote access to onboard IT and OT systems. • Who has permission to access • When they can access • What they can access • Co-ordination with the ship’s master and other key senior ship personnel • Remote access occurrence should be recorded for review
Limit of administrator privileges Access to information should only be allowed to relevant authorized personnel. • Appropriately trained personnel • Limited to functions requiring such access • Expiration of user privileges • Change user account name when for each change of authorized personnel Physical and removable media controls • When transferring data from uncontrolled systems to controlled systems, there is a risk of introducing malware. • Removable media can be used to bypass layers of defenses and attack systems that are otherwise not connected to the internet. • A clear policy for the use of such media devices is important.
Equipment disposal, including destruction • Obsolete equipment can contain data which is commercially sensitive or confidential. • Prior to disposal of the equipment, the company should have a procedure in place to ensure that the data held in obsolete equipment is properly destroyed and cannot be retrieved. Shore support and contingency plans • Ships should have access to technical support in the event of a cyber attack. • Details of this support and associated procedures should be available on board.
• When travelling around with the WiFi turned on but disconnected from a network, it will broadcast a list of access points it has previously been connected to. • In the possibility of an attacker intercepting the broadcast, it will be easy for them to connect to the device, monitor traffic and collect data. WiFi • Free wifi in airports, public places, shipping ports etc. are not secure and can be accessed by anyone. • There is always a danger of cyber attacks in such open and vulnerable systems. Personal Cyber Security Free WiFi
• Although Bluetooth attacks are a rare case, they can easily occur. • The majority of Bluetooth attacks steal information from the device, such as files or contacts or monitoring your communications through a headset or microphone. • Keep Bluetooth off when not used. Bluetooth • Camera is commonly used in penetration testing to demonstrate how invasive malware can be controlled by a human attacker. • A quick solution is a small square piece of opaque sticky tape. It’s also easy to remove if you want to have a video chat and replace when you’re done. Cameras
• In some past incidences, free pen-drives/flash drives were offered to seafarers by unknown people as gifts when crew members visited seafarer clubs. • It is natural not to be suspicious in such places/institutions; however, seafarers have been taken advantage of during such visits. Free gadgets • Your whole drive should be encrypted, and most popular operating systems now provide this feature. • In this case where your computer physically fall into the wrong hands, information cannot simply be copied from the hard drive. Drive Encryption
• The files run in a computer could be stored locally on a drive, on a USB key, a mobile device or on a cloud drive. • The solution is the same at the Drive Encryption. Meaning that one should better encrypt the files with something strong enough that, if they ever lose the key, the files are gone forever. File Encryption Email Encryption • Personal email encryption is generally beyond what the average user is willing to do • Yet, the user benefits from having their email encrypted at rest. Therefore, even if the email server gets attacked, the email is unreadable to the attacker.
• Shor Messaging Service or SMS is also a popular way to infect the mobile device of seafarers. • The message may contain a free or lucrative offer along with a link which will lure the reader to click it. Once the link is clicked, a malicious virus will get installed on the mobile phone. • If the same phone is connected to another device (e.g. seafarer’s personal computer), it will get transferred to it; whereas, if the seafarer uses a pen drive to copy an important file to the ship’s computer, the virus will get into the pen drive and then to the ship’s computer without the seafarers knowing about it. Short Messaging Service
• Scan for viruses and malware before you connect authorized USB memory sticks to onboard OT and other networked systems. • Personal laptops, tablets USB memory sticks or phones must not be connected to onboard operational system. Keep Unauthorized Software away from ship systems! POTENTIAL THREATS
• Keep your crew and any passengers safe- train for what to do if important OT systems do not work. • Know where to get IT and OT assistance. • Report suspicious or unusual problems experienced on IT and OT systems. BE PREPARED! INCIDENTS
• Use new passwords every time you sign on to a ship • Choose complex passwords with Numbers, Symbols, and some Capital letters. Be careful, you have to be able to remember them. • Keep your user names and passwords to yourself • Change default user passwords and delete user accounts of colleagues who have left the ship. BE IN CONTROL! PASSWORD PROTECTION ***** PASSWORD
BE VIGILANT WHEN YOU COMMUNICATE! SUSPICIOUS ACTIVITY • Only open emails or open attachments from senders that you know and trust. • Know what to do with suspicious emails. • Think before you share information on social media or personal email about your company, job, ship or the crew.
“This bulletin is to inform the maritime industry of recent email phishing and malware intrusion attempts that targeted commercial vessels. Cyber adversaries are attempting to gain sensitive information including the content of an official Port State Control(PSC) authority such as: port@ pscgov.org. Additionally, the Coast Guard has received reports of malicious software designed to disrupt shipboard computer systems. Vessel masters have diligently reported suspicious activity to the Coast Guard National Response Center (NRC) in accordance with Title 33 Code of Federal Regulations (CFR)101.305 – Reporting, enabling the Coast Guard and other federal agencies to counter cyber threats across the global maritime network. Suspicious activity and breaches of security must be reported to the NRC at (800) 424-8802.” Source: U.S.C.G. MARINE SAFETY INFORMATION BULLETIN, 24 MAY 2019 MARINE SAFETY INFORMATION BULLETIN Cyber Adversaries Targeting Commercial Vessels
“ In February 2019, a deep draft vessel on an international voyage bound for the Port of New York and New Jersey reported that they were experiencing a significant cyber incident impacting their shipboard network. An interagency team of cyber experts, led by the Coast Guard, responded and conducted an analysis of the vessel’s network and essential control systems. The team concluded that although the malware significantly degraded the functionality of the onboard computer system, essential vessel control systems had not been impacted. Nevertheless, the interagency response found that the vessel was operating without effective cybersecurity measures in place, exposing critical vessel control systems to significant vulnerabilities.” SOURCE:U.S.C.G. MARINE SAFETY INFORMATION BULLETIN, 08 JULY 2019 Marine Safety Alert Cyber Incident Exposes Potential Vulnerabilities Onboard Commercial Vessels Inspections and Compliance Directorate

Recomendados

Maritime Cyber Security
Maritime Cyber SecurityMaritime Cyber Security
Maritime Cyber Security
Dimitris Chalambalis
 
ISPS REVIVE
ISPS REVIVEISPS REVIVE
ISPS REVIVE
Pat Cabangis
 
Maritime Cyber Security-Κυβερνοασφάλεια και Ναυτιλία
Maritime Cyber Security-Κυβερνοασφάλεια και ΝαυτιλίαMaritime Cyber Security-Κυβερνοασφάλεια και Ναυτιλία
Maritime Cyber Security-Κυβερνοασφάλεια και Ναυτιλία
Papadakis K.-Cyber-Information Warfare Analyst & Cyber Defense/Security Consultant-Hellenic MoD
 
Ship Security Training Manual (Sample)
Ship Security Training Manual (Sample)Ship Security Training Manual (Sample)
Ship Security Training Manual (Sample)
Pawanexh Kohli
 
ISM Code
ISM CodeISM Code
ISM Code
Yasser B. A. Farag
 
COLREGS 1972 (Understandable Version)
COLREGS 1972 (Understandable Version) COLREGS 1972 (Understandable Version)
COLREGS 1972 (Understandable Version)
Gian Gabriel Ibo
 
A Short Note on ISPS Code
A Short Note on ISPS CodeA Short Note on ISPS Code
A Short Note on ISPS Code
Mohammud Hanif Dewan M.Phil.
 
What is ism code
What is ism codeWhat is ism code
What is ism code
juneshwe
 

Recomendados

Maritime Cyber Security
Maritime Cyber SecurityMaritime Cyber Security
Maritime Cyber Security
Dimitris Chalambalis
 
ISPS REVIVE
ISPS REVIVEISPS REVIVE
ISPS REVIVE
Pat Cabangis
 
Maritime Cyber Security-Κυβερνοασφάλεια και Ναυτιλία
Maritime Cyber Security-Κυβερνοασφάλεια και ΝαυτιλίαMaritime Cyber Security-Κυβερνοασφάλεια και Ναυτιλία
Maritime Cyber Security-Κυβερνοασφάλεια και Ναυτιλία
Papadakis K.-Cyber-Information Warfare Analyst & Cyber Defense/Security Consultant-Hellenic MoD
 
Ship Security Training Manual (Sample)
Ship Security Training Manual (Sample)Ship Security Training Manual (Sample)
Ship Security Training Manual (Sample)
Pawanexh Kohli
 
ISM Code
ISM CodeISM Code
ISM Code
Yasser B. A. Farag
 
COLREGS 1972 (Understandable Version)
COLREGS 1972 (Understandable Version) COLREGS 1972 (Understandable Version)
COLREGS 1972 (Understandable Version)
Gian Gabriel Ibo
 
A Short Note on ISPS Code
A Short Note on ISPS CodeA Short Note on ISPS Code
A Short Note on ISPS Code
Mohammud Hanif Dewan M.Phil.
 
What is ism code
What is ism codeWhat is ism code
What is ism code
juneshwe
 
MOORING STATIONS - FOR MARITIME CADETS
MOORING STATIONS - FOR MARITIME CADETSMOORING STATIONS - FOR MARITIME CADETS
MOORING STATIONS - FOR MARITIME CADETS
Capt.Vivek Trivedi
 
Safety in mooring Operations
Safety in mooring OperationsSafety in mooring Operations
Safety in mooring Operations
ASK EHS Engineering & Consultants
 
Lecture maritime ict - salwa
Lecture maritime ict - salwaLecture maritime ict - salwa
Lecture maritime ict - salwa
Universiti Utara Malaysia
 
Fire Fighting system on ship
Fire Fighting system on shipFire Fighting system on ship
Fire Fighting system on ship
Vasan Selvendran N
 
Personal safety on deck
Personal safety on deckPersonal safety on deck
Personal safety on deck
Universidad Maritima del Caribe
 
Rule 05 look-out
Rule 05 look-outRule 05 look-out
Rule 05 look-out
LeandroVillosillo
 
Anti ship piracy training
Anti ship piracy trainingAnti ship piracy training
Anti ship piracy training
Noel Tan
 
Emsa advanced ship security training 18 20 may 2016 web (1)
Emsa advanced ship security training 18 20 may 2016 web (1)Emsa advanced ship security training 18 20 may 2016 web (1)
Emsa advanced ship security training 18 20 may 2016 web (1)
🇫🇷 Π P. DΣBIΕN ©
 
IMO's Ballast Water Management Convention 2004
IMO's Ballast Water Management Convention 2004IMO's Ballast Water Management Convention 2004
IMO's Ballast Water Management Convention 2004
Abdulla Wanis
 
ECDIS TEST
ECDIS TESTECDIS TEST
ECDIS TEST
MrisCrulis2
 
Marine communication
Marine communicationMarine communication
Marine communication
sagun subedi
 
Maritime Security and Security Responsibilities
Maritime Security and Security ResponsibilitiesMaritime Security and Security Responsibilities
Maritime Security and Security Responsibilities
Mohammud Hanif Dewan M.Phil.
 
The Ism Code
The Ism CodeThe Ism Code
The Ism Code
Robert Maluya
 
Psc
PscPsc
Psc
jabbar2002pk200
 
Ism cbt
Ism cbtIsm cbt
Ism cbt
Abner_Llenos
 
MARPOL Annex VI Chapter 4
MARPOL Annex VI Chapter 4MARPOL Annex VI Chapter 4
MARPOL Annex VI Chapter 4
Mohammud Hanif Dewan M.Phil.
 
Intro to basic safety and seamanship2
Intro to basic safety and seamanship2Intro to basic safety and seamanship2
Intro to basic safety and seamanship2
Pat Cabangis
 
ISM CODE
ISM CODE ISM CODE
ISM CODE
Kamal Vashisht
 
Navigation Rules (Basic)
Navigation Rules (Basic)Navigation Rules (Basic)
Navigation Rules (Basic)
NASBLA
 
MANEUVERING & COLLISION AVOIDANCE
MANEUVERING & COLLISION AVOIDANCEMANEUVERING & COLLISION AVOIDANCE
MANEUVERING & COLLISION AVOIDANCE
Learnmarine
 
ADAM ADLER FLORIDA
ADAM ADLER FLORIDA ADAM ADLER FLORIDA
ADAM ADLER FLORIDA
AdamAdler10
 
Information and Communication technology
Information and Communication technologyInformation and Communication technology
Information and Communication technology
JamesRoyBacolinaDuga
 

Más contenido relacionado

La actualidad más candente

Anti ship piracy training
Anti ship piracy trainingAnti ship piracy training
Anti ship piracy training
Noel Tan
 
Intro to basic safety and seamanship2
Intro to basic safety and seamanship2Intro to basic safety and seamanship2
Intro to basic safety and seamanship2
Pat Cabangis
 

La actualidad más candente (20)

MOORING STATIONS - FOR MARITIME CADETS
MOORING STATIONS - FOR MARITIME CADETSMOORING STATIONS - FOR MARITIME CADETS
MOORING STATIONS - FOR MARITIME CADETS
 
Safety in mooring Operations
Safety in mooring OperationsSafety in mooring Operations
Safety in mooring Operations
 
Lecture maritime ict - salwa
Lecture maritime ict - salwaLecture maritime ict - salwa
Lecture maritime ict - salwa
 
Fire Fighting system on ship
Fire Fighting system on shipFire Fighting system on ship
Fire Fighting system on ship
 
Personal safety on deck
Personal safety on deckPersonal safety on deck
Personal safety on deck
 
Rule 05 look-out
Rule 05 look-outRule 05 look-out
Rule 05 look-out
 
Anti ship piracy training
Anti ship piracy trainingAnti ship piracy training
Anti ship piracy training
 
Emsa advanced ship security training 18 20 may 2016 web (1)
Emsa advanced ship security training 18 20 may 2016 web (1)Emsa advanced ship security training 18 20 may 2016 web (1)
Emsa advanced ship security training 18 20 may 2016 web (1)
 
IMO's Ballast Water Management Convention 2004
IMO's Ballast Water Management Convention 2004IMO's Ballast Water Management Convention 2004
IMO's Ballast Water Management Convention 2004
 
ECDIS TEST
ECDIS TESTECDIS TEST
ECDIS TEST
 
Marine communication
Marine communicationMarine communication
Marine communication
 
Maritime Security and Security Responsibilities
Maritime Security and Security ResponsibilitiesMaritime Security and Security Responsibilities
Maritime Security and Security Responsibilities
 
The Ism Code
The Ism CodeThe Ism Code
The Ism Code
 
Psc
PscPsc
Psc
 
Ism cbt
Ism cbtIsm cbt
Ism cbt
 
MARPOL Annex VI Chapter 4
MARPOL Annex VI Chapter 4MARPOL Annex VI Chapter 4
MARPOL Annex VI Chapter 4
 
Intro to basic safety and seamanship2
Intro to basic safety and seamanship2Intro to basic safety and seamanship2
Intro to basic safety and seamanship2
 
ISM CODE
ISM CODE ISM CODE
ISM CODE
 
Navigation Rules (Basic)
Navigation Rules (Basic)Navigation Rules (Basic)
Navigation Rules (Basic)
 
MANEUVERING & COLLISION AVOIDANCE
MANEUVERING & COLLISION AVOIDANCEMANEUVERING & COLLISION AVOIDANCE
MANEUVERING & COLLISION AVOIDANCE
 

Similar a Maritime Cyber Security Education

ADAM ADLER FLORIDA
ADAM ADLER FLORIDA ADAM ADLER FLORIDA
ADAM ADLER FLORIDA
AdamAdler10
 
ADVANCEMENT IN SENSOR TECHNOLOGY IN SHIPPING.pptx
ADVANCEMENT IN SENSOR TECHNOLOGY IN SHIPPING.pptxADVANCEMENT IN SENSOR TECHNOLOGY IN SHIPPING.pptx
ADVANCEMENT IN SENSOR TECHNOLOGY IN SHIPPING.pptx
NoomanShaikh
 
Gramax-Cybersec-Role of Cybersecurity in Maritime A high-risk sector.pdf
Gramax-Cybersec-Role of Cybersecurity in Maritime A high-risk sector.pdfGramax-Cybersec-Role of Cybersecurity in Maritime A high-risk sector.pdf
Gramax-Cybersec-Role of Cybersecurity in Maritime A high-risk sector.pdf
Gramax Cybersec
 
Unit 7 Assignment Group Assignment – Risk Analysis and Ident
Unit 7 Assignment Group Assignment – Risk Analysis and IdentUnit 7 Assignment Group Assignment – Risk Analysis and Ident
Unit 7 Assignment Group Assignment – Risk Analysis and Ident
corbing9ttj
 
Airport security 2013 john mc carthy
Airport security 2013 john mc carthyAirport security 2013 john mc carthy
Airport security 2013 john mc carthy
Russell Publishing
 
Cyber Security for SCADA
Cyber Security for SCADACyber Security for SCADA
Cyber Security for SCADA
Richard Umbrino
 

Similar a Maritime Cyber Security Education (20)

ADAM ADLER FLORIDA
ADAM ADLER FLORIDA ADAM ADLER FLORIDA
ADAM ADLER FLORIDA
 
Information and Communication technology
Information and Communication technologyInformation and Communication technology
Information and Communication technology
 
USN IT Transcript
USN IT TranscriptUSN IT Transcript
USN IT Transcript
 
ADVANCEMENT IN SENSOR TECHNOLOGY IN SHIPPING.pptx
ADVANCEMENT IN SENSOR TECHNOLOGY IN SHIPPING.pptxADVANCEMENT IN SENSOR TECHNOLOGY IN SHIPPING.pptx
ADVANCEMENT IN SENSOR TECHNOLOGY IN SHIPPING.pptx
 
Critical Infrastructure and Cybersecurity
Critical Infrastructure and Cybersecurity Critical Infrastructure and Cybersecurity
Critical Infrastructure and Cybersecurity
 
Critical Infrastructure and Cybersecurity Transportation Sector
Critical Infrastructure and Cybersecurity Transportation SectorCritical Infrastructure and Cybersecurity Transportation Sector
Critical Infrastructure and Cybersecurity Transportation Sector
 
Maritime Cybersecurity Developments maritimeoutlook.wordpress.com
Maritime Cybersecurity Developments maritimeoutlook.wordpress.comMaritime Cybersecurity Developments maritimeoutlook.wordpress.com
Maritime Cybersecurity Developments maritimeoutlook.wordpress.com
 
Gramax-Cybersec-Role of Cybersecurity in Maritime A high-risk sector.pdf
Gramax-Cybersec-Role of Cybersecurity in Maritime A high-risk sector.pdfGramax-Cybersec-Role of Cybersecurity in Maritime A high-risk sector.pdf
Gramax-Cybersec-Role of Cybersecurity in Maritime A high-risk sector.pdf
 
Marlink IMO 2021 Guide to Cyber Risk Management
Marlink IMO 2021 Guide to Cyber Risk ManagementMarlink IMO 2021 Guide to Cyber Risk Management
Marlink IMO 2021 Guide to Cyber Risk Management
 
Security & control in management information system
Security & control in management information systemSecurity & control in management information system
Security & control in management information system
 
Innovations for safety at sea monitoring and conservation of Aquatic resource...
Innovations for safety at sea monitoring and conservation of Aquatic resource...Innovations for safety at sea monitoring and conservation of Aquatic resource...
Innovations for safety at sea monitoring and conservation of Aquatic resource...
 
20220613_CYBER SECURITY THEORETICAL TRAINING_rev8.pptx
20220613_CYBER SECURITY THEORETICAL TRAINING_rev8.pptx20220613_CYBER SECURITY THEORETICAL TRAINING_rev8.pptx
20220613_CYBER SECURITY THEORETICAL TRAINING_rev8.pptx
 
Unit 7 Assignment Group Assignment – Risk Analysis and Ident
Unit 7 Assignment Group Assignment – Risk Analysis and IdentUnit 7 Assignment Group Assignment – Risk Analysis and Ident
Unit 7 Assignment Group Assignment – Risk Analysis and Ident
 
Network security
Network securityNetwork security
Network security
 
Airport security 2013 john mc carthy
Airport security 2013 john mc carthyAirport security 2013 john mc carthy
Airport security 2013 john mc carthy
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
 
Internet safety and security strategies for building an internet safety wall
Internet safety and security strategies for building an internet safety wallInternet safety and security strategies for building an internet safety wall
Internet safety and security strategies for building an internet safety wall
 
Information Security in Schools - Recommended Practice (January 2019)
Information Security in Schools - Recommended Practice (January 2019)Information Security in Schools - Recommended Practice (January 2019)
Information Security in Schools - Recommended Practice (January 2019)
 
Evolutionary ATM & Cyber Security - Selex ES - Angeloluca Barba
Evolutionary ATM & Cyber Security - Selex ES - Angeloluca BarbaEvolutionary ATM & Cyber Security - Selex ES - Angeloluca Barba
Evolutionary ATM & Cyber Security - Selex ES - Angeloluca Barba
 
Cyber Security for SCADA
Cyber Security for SCADACyber Security for SCADA
Cyber Security for SCADA
 

Más de Valentin Bañaco

Más de Valentin Bañaco (9)

Harmful effects of plastics in our marine environment
Harmful effects of plastics in our marine environmentHarmful effects of plastics in our marine environment
Harmful effects of plastics in our marine environment
 
Mlc and food management
Mlc and food managementMlc and food management
Mlc and food management
 
Global arc
Global arcGlobal arc
Global arc
 
TST SMS familiarization & education
TST SMS familiarization & educationTST SMS familiarization & education
TST SMS familiarization & education
 
Si visitation machinery education
Si visitation machinery educationSi visitation machinery education
Si visitation machinery education
 
TST management procedures
TST management proceduresTST management procedures
TST management procedures
 
Global symphony
Global symphonyGlobal symphony
Global symphony
 
SI visitation machinery education
SI visitation machinery educationSI visitation machinery education
SI visitation machinery education
 
TST SI visitation crew education
TST SI visitation crew educationTST SI visitation crew education
TST SI visitation crew education
 

Último

Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the past
Papp Krisztián
 
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
masabamasaba
 
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
masabamasaba
 
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Medical / Health Care (+971588192166) Mifepristone and Misoprostol tablets 200mg
 

Último (20)

Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the past
 
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
 
%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
 
WSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go Platformless
 
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?
 
WSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaSWSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaS
 
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
 
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
 
tonesoftg
tonesoftgtonesoftg
tonesoftg
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learn
 
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
 
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto
 
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
 
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
 
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park %in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
 
WSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
WSO2Con2024 - Enabling Transactional System's Exponential Growth With SimplicityWSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
WSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
 

Maritime Cyber Security Education

  • 2. CYBER SECURITY ONBOARD SHIPS In reference to IMO resolution: 1. MSC.428(98) – Maritime Cyber Risk Management in SMS 2. MSC-FAL. 1/Circ. 3 - Guidelines On Maritime Cyber Risk Management And BIMCO’s - The Guidelines on Cyber Security Onboard Ships INTRODUCTION • Ships are increasingly using systems that rely on digitization, digitalization, integration, and automation, which call for cyber risk management on board. • As technology continues to develop, information technology (IT) and operational technology (OT) onboard ships are being networked together – and more frequently connected to the internet. • This brings the greater risk of unauthorized access or malicious attacks to ship’s systems and networks. • Risks may also occur from personnel accessing systems on board, for example by introducing malware via removable media. • Whilst the causes of a cyber safety incident may be different from a cyber security incident, the effective response to both is based upon training and awareness. • Both cyber security and cyber safety are important because of their potential effect on personnel, the ship, environment, company and cargo. • Cyber security is concerned with the protection of IT, OT, Information and data from unauthorized access, manipulation and disruption. • Cyber safety covers the risks from the loss of availability or integrity of safety critical data and OT.
  • 3. MARITIME CYBER SECURITY INCIDENTS 9.00% 5.00% 7.00% 9.00% 9.00% 9.00% 12.00% 12.00% 12.00% 19.00% 21.00% 23.00% 28.00% 30.00% 44.00% 49.00% 0.00% 10.00% 20.00% 30.00% 40.00% 50.00% 60.00% Other Honeytrap/Honeypot Loss of op. control Data Manipulation Network protocol Brute force Vulnerability exploitation Procedure breach Application level Data theft Man in the middle Ransomware Credential theft Spear phishing Malware Phishing Percentage Nature of attack within the past 12 months • 2018 IHS Market Source: IHS Market • Phishing, Spear phishing, and Malware continue to rank highest. • Theft of credentials climbed the list from just a 2% response rate in 2017 to 28% in 2018, moving ahead of ransom ware, at 23%. Source: Fairplay/BIMCO Maritime Cyber Security Survey
  • 4. • A ship is an independent unit and a cyber attack may compromise the safety of that ship, the marine environment and to some extent, the business continuity and reputation of the owner. • In June 2017, A.P. Moller – Maersk fell victim to a major cyber attack caused by the Not Petya malware, which also affected may organizations globally. • As a result, Maersk’s operations in transport and logistics businesses were disrupted, leading to unwarranted impact. Impact of Cyber Attack 49,000 ALL LAPTOPS INFECTED PRINT CAPABILITY INACCESSIBLE 1200 APPLICATIONS WERE INACCESSIBLE 1000 APPLICATIONS WERE DESTROYED FILE SHARES UNAVAILABLE
  • 5. • A ship with an integrated navigation bridge suffered a failure of nearly all navigation systems at sea, in a high traffic area and reduced visibility. • The ship had to navigate by one radar and backup paper charts for two days before arriving in port for repairs. The cause of the failure of all ECDIS computers was determined to be attributed to the outdated operating systems. • During the previous port call, a producer technical representative performed a navigation software update on the ship’s navigation computers. However, the outdated operating systems were incapable of running the software and crashed. • The Ship was required to remain in port until new ECDIS computers could be installed, classification surveyors could attend, and a near miss notification had been issued as required by the company. • The costs of the delays were extensive and incurred by the shipowner. • This incident emphasized that not all computer failures are a result of a deliberate attack and that outdated software is prone to failure. • More proactive software maintenance to the ship may have prevented this incident from occurring. Corruption of Chart Data Virus Intrusion • Ship communication equipment is not only a communication tool between ship and shore, but also essential equipment for current navigation, such as weather routing, chart correction and PMS(Planned Maintenance System). • Along with the volume increase in ship communications, the number of ship systems that are prone to being infected with a virus are also occurring more frequently, and the way in which viruses infect systems are now more varied
  • 6. 0 20 40 60 80 100 120 140 160 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 8 15 20 24 36 48 53 61 65 76 126 144 Volume of ship communications (e-mail) Graph 1 Volume of ship communications via e-mail by month over the last 12 years
  • 7. Around year 2000 • Most vessels were not initially connected to an external network, potential virus blocked by the electric mail provider. • Source of potential virus are people or crew boarding the ship. Updating definition files Ship’s local network Virus from crew E-mail with virus Server scanning
  • 8. Around year 2010 • Cases of virus intrusion, disrupting e-mail system. • Result of crew members using 3G/4G when calling at port. • Use of illegally copied software and from illegal download sites. Ship’s local network E-mail with virus Server scanning Updating definition files Virus from crew Private 3G/4G connection by crew
  • 9. Types of Cyber Risk • External factors such as unauthorized access and system hacking are mainly the focus when it comes to cyber risk; • It is important to consider internal factors, such as the existence of operation mistake and general system failure. External factors Internal factors Unauthorized access VIRUSES Social Engineering Abuse Operation Mistake General System Failure Cyber Security Attributes Confidentiality Possession (for Control) Safety Resilience Availability (Including Reliability) Authenticity Utility Integrity Information quality & validity Ship system configuration Continuity Of ship’s operations Safety of people & assets Controlling access to ship & ship systems operations
  • 10. Confidentiality • The control of access and prevention of unauthorized access to ship data, which might be sensitive in isolation or in aggregate. • The ship systems and associated processes should be designed, implemented, operated and maintained to prevent unauthorized access, for example, sensitive financial, security, commercial or personal data. • The design, implementation, operation and maintenance of ship systems and associated processes to prevent unauthorized control, manipulation or interference. • An example would be the loss of an encrypted storage device – there is no loss of confidentiality as the information is inaccessible without the encryption key, but the owner or user is deprived of its contents. Possession and Control
  • 11. Integrity • Maintaining the consistency, coherence and configuration of information and systems, and preventing unauthorized changes to them. • Prevent unauthorized changes being made to assets, processes, system state or the configuration of the system itself. • A loss of system integrity could occur through physical changes to a system. Authenticity • Ensuring that inputs to, and outputs from, ship systems, the state of the systems and any associated processes and ship data, are genuine and have not been tampered with or modified. • It should also be possible to verify the authenticity of components, software and data within the systems and any associated processes. • Authenticity issues could relate to data such as a forged security certificate or to hardware such as a cloned device.
  • 12. Utility • Asset information and systems remain usable and useful across the lifecycle of the ship asset. • An example of loss of utility would be a situation where a ship system has been changed or upgraded and the file format of historic data is no longer intelligible to the system. There has been no loss of availability, but the data is unusable. Safety • The design, implementation, operation, and maintenance of ship systems and related processes to prevent the creation of harmful states which may lead to injury or loss of life, or unintentional physical or environmental damage. • A safety issue could arise through malware causing a failure to display or communicate ship systems alarm states. • For example, the failure of a motion or proximity detector or other sensors could result in damage to property or loss of life. Resilience • The ability of the asset information and systems to transform, renew and recover in a timely way in response to adverse events. • In the event that either a system or associated process suffers disruption, impairment or an outage occurs, it should be possible to recover a normal operating state, or acceptable business continuity state, in a timely manner.
  • 13. Guidelines on Maritime Cyber Risk Management Safety Management System • MSC. 428(98) encourages administrations to ensure that cyber risks are appropriately addressed in SMS no later than the first annual verification of the company’s Document of Compliance after 01 January 2021. Maritime Cyber Risk Management • In 2017, the IMO adopted resolution MSC. 428(98) on Maritime Cyber Risk Management • The Resolution stated that an approved SMS should be take into account cyber risk management in accordance with the objectives and functional requirements of the ISM Code.
  • 14. Guidelines on Cyber Security Onboard Ships • Aligned with IMO resolution MSC.428(98) • Designed to assist companies in formulating their own approaches to cyber risk management onboard ships. • Provide practical recommendations on maritime cyber risk management covering both cyber security and cyber safety. • International shipping organizations, with support from a wide range of stakeholders have participated in the development of these guidelines. Guidelines on Cyber Security Onboard Ships
  • 15. Ship Assets and Common Vulnerabilities Communication System • Integrated communication system • Satellite communication equipment • Voice over Internet Protocols equipment • Wireless networks • Public address and general alarm systems • System used for reporting mandatory information to public authorities Bridge System • Integrated Navigation System • Positioning System, ECDIS, DP • AIS, GMDSS, RADAR, VDR • System that interface with electronic navigation system and propulsion/maneuvering system • Other monitoring and data collection systems
  • 16. Access control System • Surveillance systems such as CCTV network • Bridge Navigational Watch Alarm System (BNWAS) • Shipboard Security Alarm System (SSAS) Propulsion and machinery management and power control systems • Engine governor • Power management • Integrated control system • Alarm system • Emergency response system
  • 17. Administrative and crew welfare system • Administrative systems • Crew Wi-fi or LAN internet access, for example where onboard personnel can connect their own devices Cargo Management Systems • Cargo Control room and it’s equipment • On board loading computers and computers used for exchange of loading information and load plan updates with the marine terminal and stevedoring company • Remote cargo and container sensing system • Ballast water system • Water Ingress alarm system
  • 18. Common vulnerabilities • Obsolete and unsupported operating systems • Outdated or missing antivirus software and protection from malware • Inadequate security configurations and best practices, including ineffective network management and the use of default administrator accounts and passwords • Shipboard computer networks, which lack boundary protection measures and segmentation of networks • Safety critical equipment or system always connected with the shore side • In adequate access controls for third parties including contractors and service providers
  • 19. Threats and Potential Consequences Group Motivation Objective Activist (Including disgruntled employees) Reputational damage Disruption of Operation Media attention Denial of access to the service or system targeted Criminals Financial gain Commercial espionage Industrial espionage Selling stolen data Ransoming stolen data Ransoming system Operability Arranging fraudulent transportation of cargo Gathering intelligence for more sophisticated crime, exact cargo location, ship transportation and handling plans etc.
  • 20. Threats and Potential Consequences Group Motivation Objective Opportunists The challenge Getting through cyber security defenses Financial gain States State sponsored organizations Terrorist Political gain Espionage Gaining knowledge Disruption to economies and critical national infastructure
  • 21. • Connecting a personal wireless router or PC to the isolated network reserved for operational equipment is a major security risk. CYBER ATTACK – TOOLS AND TECHNIQUES MIXING ISOLATED AND OPEN NETWORKS • Hackers can invade your systems by exploiting an open wireless network or one with low level security. • They can literally sit outside your ship’s physical location and access critical onboard systems through wireless networks
  • 22. • Connecting Personal Device to Official System • Opening Phishing E-mail/SMS in personal device • Transfer of Virus to shore based systems • Transfer of Virus to shore based server • Hacking data from shore office servers
  • 23. Removable Media / External Hardware • External hard drives such as USB sticks, camera memory cards and smart phones: perfect storage tools for anyone to spread their malware and virus making it possible to physically cross network barriers that are otherwise protected by network firewalls. Ransomware • Ransomware encrypts files on a computer and demands that you pay to unlock your files. Once the malicious software has infected one computer, be it a personal or company computers it may spread to others connected to the same network, quickly making it impossible to perform common tasks.
  • 24. Untargeted attacks • Where a company or a ship’s systems and data are one of many potential targets • Untargeted attacks are likely to use tools and techniques available on the internet, which can be used to locate, discover and exploit widespread vulnerabilities that may also exist in a company and onboard a ship Targeted attacks • Targeted attacks, where a company or a ship’s systems and data are the intended target. • Targeted attacks may be more sophisticated and use tools and techniques specifically created for targeting a company or ship.
  • 25. Malware • Malicious software which is designed to access or damage a computer without the knowledge of the owner. • There are various types of malware including Trojans, ransomware, spyware, viruses, and worms. • Ransomware encrypts data on systems until a ransom has been paid. Malware may also exploit known deficiencies and problems in outdated/unpatched business software. • A piece of malicious code may often be executed by the user, sometimes via links distributed in email attachments or through malicious websites. Phishing • Sending emails to a large number of potential targets asking for particular pieces of sensitive or confidential information. • Such an email may also request that a person visits a fake website to exploit visitors.
  • 26. Water holing • Establishing a fake website or compromising a genuine website to exploit visitors.
  • 27. • Unauthorized access and manipulation of operational systems can create dangerous situations. • The navigation system can also be manipulated by electronic GPS spoofing devices sending incorrect GPS signals, telling you that you are in a different position than what is the actual case. • This Type of attack does not require access to the vessel’s network or internal systems. Tampering with Navigation System • When an individual’s or company’s data is copied, transferred, or retrieved from a computer or server without authorization. • Attack mimics normal data traffic and can be very difficult to detect. • Data theft is achieved by hackers when systems rely on vendor-set, common, or easy-to-crack passwords. Data Theft
  • 28. • One of the most common forms of cyber crime is social engineering. • This is the art of manipulating people by using methods like urgency, fear, and curiosity. • Reveals confidential information that can be used to gain unauthorized access to personal or company systems. Social Engineering/Phishing Brute Force • An attack trying many passwords with the hope of eventually guessing correctly. • The attacker systematically checks all possible passwords until the correct one is found.
  • 29. • A distributed denial of service (DDoS) attack is when an attacker, attempts to make it impossible for a service to be delivered. • DoS/DDoS attacks work by drowning a system with data request. • The result is unavailable internet bandwidth, and CPU and RAM capacity becomes overwhelmed/unavailable. Denial of Service (DoS/DDoS Spear-phishing • Like phishing but the individuals are targeted with personal emails, often containing malicious software or links that automatically download malicious software. Subverting the supply chain • Attacking a company or ship by compromising equipment, software or supporting services being delivered to the company or ship.
  • 30. Stages of Cyber Attack • In 2018, it took on average 140 days between time of infection of a victim’s network and discovery of a cyber attack, intrusion can go undetected for years. • This figure is down from 205 days in 2015 and continues to drop because detection is getting better. Time of infection and discovery Cyber attack stages • The length of time to prepare a cyber attack can be determined by: - the motivations and objectives of the attacker; - the resilience of technical and procedural cyber risk controls implemented by the company including those onboard its ships.
  • 31. • Open/public sources are used to gain information about a company, ship or seafarer in preparation for a cyber attack. • Social media, technical forums and hidden properties in websites documents and publications may be used to identify technical, procedural and physical vulnerabilities. • The use of open/public sources may be complemented by monitoring (analyzing- sniffing) the actual data flowing into and from a company or a ship. Survey/Reconnaissance Delivery • Attackers may attempt to access the company’s and ship’s systems and data. • This may be done from either within the company or ship or remotely through connectivity with the internet.
  • 32. • Company online services, including cargo or container tracking systems. • Sending emails containing malicious files or links to malicious websites. • Personnel providing infected removable media, for example as part of a software update to an onboard system • Creating false or misleading websites, which encourage the disclosure of user account information by personnel. Examples of methods used to obtain access: Breach • The extent to which an attacker can breach a company’s or ship’s system will depend on the significance of the vulnerability found by an attacker and the method chosen to deliver an attack. • It should be noted that a breach might not result in any obvious changes to the status of the equipment. • Depending on the significance of the breach, an attacker may be able to: - make changes that affect the system’s operation, for example interrupt or manipulate information used by navigation equipment, or alter operationally important information such as loading lists.
  • 33. - gain access to commercially sensitive data such as cargo manifests and/or crew and passenger/visitor lists. - Achieve full control of a system, for example a machinery management system Pivot • Pivoting is the technique of using an instance already exploited to be able to “move” and perform activities. • During this phase of an attack, an attacker uses the first compromised system to attack otherwise inaccessible systems. • An attacker will usually target the most vulnerable part of the victim’s system with the lowest level of security. Once access is gained then the attacker will try to exploit the rest of the system.
  • 34. Usually, in the Pivot phase, the attacker may try to: - upload tools, exploit and scripts in the system to support the attacker in the new attack phase. - execute a discovery of neighbor systems with scanning or network mapping tools. - install permanent tools or a key logger to keep and maintain access to the system. - execute new attacks on the system. Cyber Security Protection Measures Threats • Malicious actions (e.g. hacking or introduction of malware). • Unintended consequences of benign actions (e.g. software maintenance or user permissions). • In general, these actions expose vulnerabilities (e.g. outdated software or ineffective firewalls) or exploit a vulnerability in operational or information technology. • Effective cyber risk management should consider both kinds of threat.
  • 35. Cyber Security Protection • The collection of tools, policies, security concepts, security safeguards, guidelines, risk management approaches, actions, training, best practices, assurance and technologies that can be used to protect the cyber environment and organization and user’s assets. What to protect? Ship, platform, organization, people What to Protect against? Terrorists, cyber crime How to protect? People, Processes and Technology Assets Threats Protective measures Vulnerability and Risk assessment Probability Detection, testing, monitoring, review Acceptable risk?
  • 36. Lack of access control to computers and networks Networks not Segregated Lack of intrusion detection Low quality hardware used to construct networks Outdated/unpatched software Lack of cyber security and safety policies Obsolete Operating Systems
  • 37. Elements of Cyber Risk Management 1. Identify: Define personnel roles and responsibilities for cyber risk management and identify the systems, assets, data and capabilities that, when disrupted, pose risks to ship operations. 2. Protect: Implement risk control processes and measures 3. Detect: Develop and implement activities necessary to detect a cyber-event in a timely manner. 4. Respond: Develop and implement activities and plans to provide resilience and to restore systems necessary for shipping operations or services impaired due to a cyber-event. 5. Recover: Identify measures to back-up and restore cyber systems necessary for shipping operations impacted by a cyber-event.
  • 38. Procedural Controls Procedural controls are focused on how personnel use the onboard systems. • Plans and procedures that contain sensitive information should be kept confidential and handled according to company policies • Personnel have a key role in protecting IT and OT systems but can also be careless • For example by using removable media to transfer data between systems without taking precautions against the transfer of malware. Training and Awareness Limiting Access for Visitors • Visitors such as authorities, technicians, agents, port and terminal officials, and owner representatives should be restricted with regards to computer access while on board. • Unauthorized access to sensitive OT network computers should be prohibited. • If access to a network by a visitor is required and allowed, then it should be restricted in terms of user privileges.
  • 39. • Access to certain networks for maintenance reasons should be approved and coordinated following appropriate procedures as outlined by the company/ship operator. • If a visitor requires computer and printer access, an independent computer, which is air- gapped from all controlled from all controlled networks, should be used. • To avoid unauthorized access, removable media blockers should be used on all other physically accessible computers and network ports. Upgrades and Software Maintenance Hardware or software that is no longer supported by tis producer or software developer will not receive updates to address potential vulnerabilities, should be carefully evaluated by the company. • Relevant hardware and software installations should be updated. • Procedures for timely updating of software. • Software includes computer operating systems. • Routers, switches and firewalls, and various OT devices may require regular updates.
  • 40. Anti-virus and anti-malware tool updates • In order for scanning software tools to detect and deal with malware, they need to be updated. • Procedural requirements should be established to ensure updates are distributed to ships on a timely basis and that all relevant computers on board are updated. Control over remote access Policy and procedures should be established for control over remote access to onboard IT and OT systems. • Who has permission to access • When they can access • What they can access • Co-ordination with the ship’s master and other key senior ship personnel • Remote access occurrence should be recorded for review
  • 41. Limit of administrator privileges Access to information should only be allowed to relevant authorized personnel. • Appropriately trained personnel • Limited to functions requiring such access • Expiration of user privileges • Change user account name when for each change of authorized personnel Physical and removable media controls • When transferring data from uncontrolled systems to controlled systems, there is a risk of introducing malware. • Removable media can be used to bypass layers of defenses and attack systems that are otherwise not connected to the internet. • A clear policy for the use of such media devices is important.
  • 42. Equipment disposal, including destruction • Obsolete equipment can contain data which is commercially sensitive or confidential. • Prior to disposal of the equipment, the company should have a procedure in place to ensure that the data held in obsolete equipment is properly destroyed and cannot be retrieved. Shore support and contingency plans • Ships should have access to technical support in the event of a cyber attack. • Details of this support and associated procedures should be available on board.
  • 43. • When travelling around with the WiFi turned on but disconnected from a network, it will broadcast a list of access points it has previously been connected to. • In the possibility of an attacker intercepting the broadcast, it will be easy for them to connect to the device, monitor traffic and collect data. WiFi • Free wifi in airports, public places, shipping ports etc. are not secure and can be accessed by anyone. • There is always a danger of cyber attacks in such open and vulnerable systems. Personal Cyber Security Free WiFi
  • 44. • Although Bluetooth attacks are a rare case, they can easily occur. • The majority of Bluetooth attacks steal information from the device, such as files or contacts or monitoring your communications through a headset or microphone. • Keep Bluetooth off when not used. Bluetooth • Camera is commonly used in penetration testing to demonstrate how invasive malware can be controlled by a human attacker. • A quick solution is a small square piece of opaque sticky tape. It’s also easy to remove if you want to have a video chat and replace when you’re done. Cameras
  • 45. • In some past incidences, free pen-drives/flash drives were offered to seafarers by unknown people as gifts when crew members visited seafarer clubs. • It is natural not to be suspicious in such places/institutions; however, seafarers have been taken advantage of during such visits. Free gadgets • Your whole drive should be encrypted, and most popular operating systems now provide this feature. • In this case where your computer physically fall into the wrong hands, information cannot simply be copied from the hard drive. Drive Encryption
  • 46. • The files run in a computer could be stored locally on a drive, on a USB key, a mobile device or on a cloud drive. • The solution is the same at the Drive Encryption. Meaning that one should better encrypt the files with something strong enough that, if they ever lose the key, the files are gone forever. File Encryption Email Encryption • Personal email encryption is generally beyond what the average user is willing to do • Yet, the user benefits from having their email encrypted at rest. Therefore, even if the email server gets attacked, the email is unreadable to the attacker.
  • 47. • Shor Messaging Service or SMS is also a popular way to infect the mobile device of seafarers. • The message may contain a free or lucrative offer along with a link which will lure the reader to click it. Once the link is clicked, a malicious virus will get installed on the mobile phone. • If the same phone is connected to another device (e.g. seafarer’s personal computer), it will get transferred to it; whereas, if the seafarer uses a pen drive to copy an important file to the ship’s computer, the virus will get into the pen drive and then to the ship’s computer without the seafarers knowing about it. Short Messaging Service
  • 48. • Scan for viruses and malware before you connect authorized USB memory sticks to onboard OT and other networked systems. • Personal laptops, tablets USB memory sticks or phones must not be connected to onboard operational system. Keep Unauthorized Software away from ship systems! POTENTIAL THREATS
  • 49. • Keep your crew and any passengers safe- train for what to do if important OT systems do not work. • Know where to get IT and OT assistance. • Report suspicious or unusual problems experienced on IT and OT systems. BE PREPARED! INCIDENTS
  • 50. • Use new passwords every time you sign on to a ship • Choose complex passwords with Numbers, Symbols, and some Capital letters. Be careful, you have to be able to remember them. • Keep your user names and passwords to yourself • Change default user passwords and delete user accounts of colleagues who have left the ship. BE IN CONTROL! PASSWORD PROTECTION ***** PASSWORD
  • 51. BE VIGILANT WHEN YOU COMMUNICATE! SUSPICIOUS ACTIVITY • Only open emails or open attachments from senders that you know and trust. • Know what to do with suspicious emails. • Think before you share information on social media or personal email about your company, job, ship or the crew.
  • 52. “This bulletin is to inform the maritime industry of recent email phishing and malware intrusion attempts that targeted commercial vessels. Cyber adversaries are attempting to gain sensitive information including the content of an official Port State Control(PSC) authority such as: port@ pscgov.org. Additionally, the Coast Guard has received reports of malicious software designed to disrupt shipboard computer systems. Vessel masters have diligently reported suspicious activity to the Coast Guard National Response Center (NRC) in accordance with Title 33 Code of Federal Regulations (CFR)101.305 – Reporting, enabling the Coast Guard and other federal agencies to counter cyber threats across the global maritime network. Suspicious activity and breaches of security must be reported to the NRC at (800) 424-8802.” Source: U.S.C.G. MARINE SAFETY INFORMATION BULLETIN, 24 MAY 2019 MARINE SAFETY INFORMATION BULLETIN Cyber Adversaries Targeting Commercial Vessels
  • 53. “ In February 2019, a deep draft vessel on an international voyage bound for the Port of New York and New Jersey reported that they were experiencing a significant cyber incident impacting their shipboard network. An interagency team of cyber experts, led by the Coast Guard, responded and conducted an analysis of the vessel’s network and essential control systems. The team concluded that although the malware significantly degraded the functionality of the onboard computer system, essential vessel control systems had not been impacted. Nevertheless, the interagency response found that the vessel was operating without effective cybersecurity measures in place, exposing critical vessel control systems to significant vulnerabilities.” SOURCE:U.S.C.G. MARINE SAFETY INFORMATION BULLETIN, 08 JULY 2019 Marine Safety Alert Cyber Incident Exposes Potential Vulnerabilities Onboard Commercial Vessels Inspections and Compliance Directorate