Cyber Security in the Maritime SectorThreats, Trends and Reality

*Fear, Uncertainty, Doubt

FUD

1st ever Maritime Cyber Security Incident was documented thoroughly in 1997

A computer hacker breaks into the computer system of the Seabourn Legend cruise liner and

sets it speeding on a collision course into a

gigantic oil tanker.Source: IMDB

•ECDIS Tampering & GPS Spoofing

•Malware Infections (Mostly unintentional)

•Ransomware

•Phishing Attacks / email fraud for money transfers (Biggest case World Fuel Services @ US$15mil)

•Penalties from lack of compliance with legislation (Network Information Security Directive etc)

Threats

Maritime Cyber Threats Who is behind of the mask?

Disgruntled employeeHacktivist

CompetitionIncompetence

Nations

Maritime Cyber Threats Who is behind of the mask?

Willem Dafoe in Speed 2

$3 trillioncost of a cyber attack to the world economy

43%of crew have sailed on a vessel that had been compromised

by a cyber incident

95%of breaches were caused by human error

90%of crew had never received any cyber security training or guidelines

World Economic Forum, Davos 2015 Crew Connectivity Survey, 2015

Crew Connectivity Survey, 2015 IBM’s 2015 Cyber Security Intelligence Index

Todd James Double AK's, 2015 Lazarides

“Contrary to popular belief, Somali pirates aren’t going to hijack your vessel using cyber

attacks anytime soon”

• As vessels rely more on Automation systems, and as vessels become more connected, the number of attacks WILL increase.

• Most attacks are kept secret from victims in an effort to avoid reputation problems and potential loss of income.

• There is an increasing trend in uncovering incidents`

• “Maritime Cyber Security” is the new eldorado for PMSCs and Cyber security corporations. Big influx of cyber security firms in the shipping sector inexperienced in the realities of shipping.

Trends

We are having a deja vu of the 2008 maritime Security Market. However this time all stakeholders are more proactive.

Reality..

All major shipping associations and organizations, Classification societies, the flags, the insurance market are all proactive in assisting shipowners.

IMO Published draft guidelines in MSC 1/Circ 1526 BIMCO issued Cyber Security guidelines in January

Reality..

BIMCO’s guidelines focus on seven critical aspects of maritime cyber security:

1. Identifying and understanding cyber security threats to the vessel 2. Assessing risk exposure and the likelihood of being exploited by external

threats 3. Developing protection and detection measures in order to minimize

impact 4. Establishing contingency plans to counter the threat’s impacts 5. Responding to cyber security incidents. 6. Identifying vulnerabilities within the ship’s cyber security measures 7. Creating a Cyber Security Culture through Training

Reality..

vessel

TIPS

•Audit ISecGrade Methodology ISO 27001:2013•Vulnerability Assessment•Penetration Test White Box Black Box (Social Engineering – Phishing Attacks) Network / Web / Wireless Penetration Test Mobile Devices Penetration Test

RISK ASSESSMENT

• Network Security Plan• Secure Server Configuration - Windows - Linux - MacOS• Deploying Policies (ISO 27001 compliant)• Security Plan Implementation

SECURITY PLAN

• Containment• Eradication & Recovery• Forensics• Reputation Management

INCIDENT RESPONSE

•Cyber Security Awareness•Hacker Detection for IT Administrators•Emergency Response for IT Administrators•Secure Coding

TRAINING

Security information and event management (SIEM) is an approach to security management that seeks to provide a holistic view of an

organization’s information technology (IT) security.

SIEM

Aspida is first to develop a Vessel Security Information and Event Management System. This service is addressed to shipowners and

management companies wishing to protect their vessels from cyber attacks

VSIEM

CERTIFICATIONS

Thank you