Cyber Security in the Maritime Sector Threats, Trends and...
Transcript of Cyber Security in the Maritime Sector Threats, Trends and...
Cyber Security in the Maritime SectorThreats, Trends and Reality
*Fear, Uncertainty, Doubt
FUD
1st ever Maritime Cyber Security Incident was documented thoroughly in 1997
A computer hacker breaks into the computer system of the Seabourn Legend cruise liner and
sets it speeding on a collision course into a
gigantic oil tanker.Source: IMDB
•ECDIS Tampering & GPS Spoofing
•Malware Infections (Mostly unintentional)
•Ransomware
•Phishing Attacks / email fraud for money transfers (Biggest case World Fuel Services @ US$15mil)
•Penalties from lack of compliance with legislation (Network Information Security Directive etc)
Threats
Maritime Cyber Threats Who is behind of the mask?
Disgruntled employeeHacktivist
CompetitionIncompetence
Nations
Maritime Cyber Threats Who is behind of the mask?
Willem Dafoe in Speed 2
$3 trillioncost of a cyber attack to the world economy
43%of crew have sailed on a vessel that had been compromised
by a cyber incident
95%of breaches were caused by human error
90%of crew had never received any cyber security training or guidelines
World Economic Forum, Davos 2015 Crew Connectivity Survey, 2015
Crew Connectivity Survey, 2015 IBM’s 2015 Cyber Security Intelligence Index
Todd James Double AK's, 2015 Lazarides
“Contrary to popular belief, Somali pirates aren’t going to hijack your vessel using cyber
attacks anytime soon”
• As vessels rely more on Automation systems, and as vessels become more connected, the number of attacks WILL increase.
• Most attacks are kept secret from victims in an effort to avoid reputation problems and potential loss of income.
• There is an increasing trend in uncovering incidents`
• “Maritime Cyber Security” is the new eldorado for PMSCs and Cyber security corporations. Big influx of cyber security firms in the shipping sector inexperienced in the realities of shipping.
Trends
We are having a deja vu of the 2008 maritime Security Market. However this time all stakeholders are more proactive.
Reality..
All major shipping associations and organizations, Classification societies, the flags, the insurance market are all proactive in assisting shipowners.
IMO Published draft guidelines in MSC 1/Circ 1526 BIMCO issued Cyber Security guidelines in January
Reality..
BIMCO’s guidelines focus on seven critical aspects of maritime cyber security:
1. Identifying and understanding cyber security threats to the vessel 2. Assessing risk exposure and the likelihood of being exploited by external
threats 3. Developing protection and detection measures in order to minimize
impact 4. Establishing contingency plans to counter the threat’s impacts 5. Responding to cyber security incidents. 6. Identifying vulnerabilities within the ship’s cyber security measures 7. Creating a Cyber Security Culture through Training
Reality..
vessel
TIPS
•Audit ISecGrade Methodology ISO 27001:2013•Vulnerability Assessment•Penetration Test White Box Black Box (Social Engineering – Phishing Attacks) Network / Web / Wireless Penetration Test Mobile Devices Penetration Test
RISK ASSESSMENT
• Network Security Plan• Secure Server Configuration - Windows - Linux - MacOS• Deploying Policies (ISO 27001 compliant)• Security Plan Implementation
SECURITY PLAN
• Containment• Eradication & Recovery• Forensics• Reputation Management
INCIDENT RESPONSE
•Cyber Security Awareness•Hacker Detection for IT Administrators•Emergency Response for IT Administrators•Secure Coding
TRAINING
Security information and event management (SIEM) is an approach to security management that seeks to provide a holistic view of an
organization’s information technology (IT) security.
SIEM
Aspida is first to develop a Vessel Security Information and Event Management System. This service is addressed to shipowners and
management companies wishing to protect their vessels from cyber attacks
VSIEM
CERTIFICATIONS
Thank you