Presentation is loading. Please wait.

Presentation is loading. Please wait.

Maritime Cyber Risks – What is real, what is fiction?

Similar presentations


Presentation on theme: "Maritime Cyber Risks – What is real, what is fiction?"— Presentation transcript:

1 Maritime Cyber Risks – What is real, what is fiction?
CyberKeel Maritime Cyber Risks – What is real, what is fiction? April 9th 2015 Lars Jensen CEO CyberKeel

2 Current state of affairs
The level of cyber security currently is at a very low level in the maritime industry State-of-the-art firewall and anti-virus software is ineffective in keeping out dedicated attacks Social engineering tactics work very well When we ask about cyber security protection, almost all answer in terms of their technology to keep intruders out. Very few can answer the questions: “How do you detect the ones who are already inside?” and “How do we operate given the knowledge that we may at any time be compromised?” ©2015 CyberKeel

3 But is there a problem – in reality?
©2015 CyberKeel

4 A carrier losing track of all containers
CyberKeel recently released a whitepaper as well a new monthly newsletter focused specifically on cyber threats. Key focus: what is real and what is fiction. 2011: Cyber attack on Iranian container carrier IRISL Attacks damages all data related to: Rates Cargo number Date Place Compounding the problem was a simultaneous elimination of the company’s internal communication network ©2015 CyberKeel

5 A brief look at actual maritime incidents
Stealing money through man-in-the-middle attack Smuggling drugs and deleting containers from a port Zombie Zero: Using barcode scanners to gain entry to financial systems Icefog: backdoor access to Japanese and Korean companies (extract documents, gain access, obtain passwords) Bypassing Australian customs Destabilization of drilling platform Shutting down a drilling platform by malware infection Complete compromise and spoofing of AIS GPS Jamming Manipulation of ECDIS data Remote navigation of an 80 million dollar yacht using 3000 USD worth of equipment Facebook as pirate intelligence source ©2015 CyberKeel

6 Helpful examples from other industries
Shamoon attack on Saudi Aramco – wiping all computers Stuxnet virus targeting industrial control systems in Iran which were not online Successful hacking of cars ©2015 CyberKeel

7 Current security is low
CyberKeel evaluated the top-50 container carriers’ websites in Q4 2014 37 of 50 appear completely open to simple attacks towards back-end systems 6 allow harvesting of usernames 8 carriers, controlling 38% of global trade, allow “password” as a password to access sensitive eCommerce applications 2 carriers allow “x” as password Spoof domains are in place vis-à-vis 10 out of top-20 carriers ©2015 CyberKeel

8 Current security is low
CyberKeel evaluated a range of maritime companies for “misspelled” domain names in Q1 2015 A large range of companies we seen to be potential targets A few examples just for illustration: gearbulk.com -> gearrbulk.com arkasbunker.com -> arkasbunkers.com monjasa.com -> m0njasa.com 10 out of top-20 container carriers had such “misspelled” domains Further testing shows that 18 out of the top-20 container carriers have nt prevented simple click-jacking via iFrame attacks – an attack particularly suitable for exploiting misspelled domain names ©2015 CyberKeel

9 Current security is low
Organizational issues, and understanding, is a major bottleneck Often IT departments are only in charge of land-based IT systems – a technical organization is in charge of vessel IT Awareness of the implications that a vessel – and its equipment ! – has to be considered as being just accessible as any landbased computer being online When chartering vessels, the operating company is often see not to have specific cyber security requirements The usage of agencies, many of which are 3rd party, leads to multiple entries into the company’s back-end systems with limited control over cyber security aspects Physical security officers are often unaware of the role they need to take in terms of cyber security Non-IT staff have a very low level of awareness in relation to cyber risk behavior Awareness that theft of information is a key element in fraud ©2015 CyberKeel

10 Who are the attackers? ©2015 CyberKeel 3 main groupings: Criminals
Motive: make money Current prime tools: steal money through fraud, facilitate smuggling, ransomware Hacktivists Motive: make a political statement, create destruction Current prime tools: destroy/impede infrastructure, publicize sensitive information, take over communication channels Governments (or government affiliated entities) Motive: Espionage, create the ability to influence critical infrastructure Current prime tools: APT attacks aimed at remaining undetected ©2015 CyberKeel

11 What should be done? Increase awareness of the realistic threat picture Maritime companies need to develop contingency plans as well as counter-measure plans Improved training & awareness at all levels from board and C-Level to regular staff Development of industry-wise cyber security standards Establishment of a trusted environment in which maritime companies can share cyber attack information If you cannot answer the question: “How do you detect the unauthorized people within your system” you have a problem ! ©2015 CyberKeel


Download ppt "Maritime Cyber Risks – What is real, what is fiction?"

Similar presentations


Ads by Google