maritime cyber risks – what is real, what is fiction? april 9th 2015 lars jensen ceo cyberkeel...
TRANSCRIPT
![Page 1: Maritime Cyber Risks – What is real, what is fiction? April 9th 2015 Lars Jensen CEO CyberKeel CyberKeel](https://reader035.vdocument.in/reader035/viewer/2022072011/56649e005503460f94aea24e/html5/thumbnails/1.jpg)
Maritime Cyber Risks – What is real, what is fiction?
April 9th 2015
Lars JensenCEO
CyberKeel
CyberKeel
![Page 2: Maritime Cyber Risks – What is real, what is fiction? April 9th 2015 Lars Jensen CEO CyberKeel CyberKeel](https://reader035.vdocument.in/reader035/viewer/2022072011/56649e005503460f94aea24e/html5/thumbnails/2.jpg)
Current state of affairs
• The level of cyber security currently is at a very low level in the maritime industry
• State-of-the-art firewall and anti-virus software is ineffective in keeping out dedicated attacks
• Social engineering tactics work very well
• When we ask about cyber security protection, almost all answer in terms of their technology to keep intruders out. Very few can answer the questions: “How do you detect the ones who are already inside?” and “How do we operate given the knowledge that we may at any time be compromised?”
©2015 CyberKeel
![Page 3: Maritime Cyber Risks – What is real, what is fiction? April 9th 2015 Lars Jensen CEO CyberKeel CyberKeel](https://reader035.vdocument.in/reader035/viewer/2022072011/56649e005503460f94aea24e/html5/thumbnails/3.jpg)
But is there a problem – in reality?
©2015 CyberKeel
![Page 4: Maritime Cyber Risks – What is real, what is fiction? April 9th 2015 Lars Jensen CEO CyberKeel CyberKeel](https://reader035.vdocument.in/reader035/viewer/2022072011/56649e005503460f94aea24e/html5/thumbnails/4.jpg)
A carrier losing track of all containers
CyberKeel recently released a whitepaper as well a new monthly newsletter focused specifically on cyber threats. Key focus: what is real and what is fiction.
2011: Cyber attack on Iranian container carrier IRISL
Attacks damages all data related to:- Rates- Cargo number- Date- Place
Compounding the problem was a simultaneous elimination of the company’s internal communication network
©2015 CyberKeel
![Page 5: Maritime Cyber Risks – What is real, what is fiction? April 9th 2015 Lars Jensen CEO CyberKeel CyberKeel](https://reader035.vdocument.in/reader035/viewer/2022072011/56649e005503460f94aea24e/html5/thumbnails/5.jpg)
A brief look at actual maritime incidents
• Stealing money through man-in-the-middle attack
• Smuggling drugs and deleting containers from a port
• Zombie Zero: Using barcode scanners to gain entry to financial systems
• Icefog: backdoor access to Japanese and Korean companies (extract documents, gain email access, obtain passwords)
• Bypassing Australian customs
• Destabilization of drilling platform
• Shutting down a drilling platform by malware infection
• Complete compromise and spoofing of AIS
• GPS Jamming
• Manipulation of ECDIS data
• Remote navigation of an 80 million dollar yacht using 3000 USD worth of equipment
• Facebook as pirate intelligence source
©2015 CyberKeel
![Page 6: Maritime Cyber Risks – What is real, what is fiction? April 9th 2015 Lars Jensen CEO CyberKeel CyberKeel](https://reader035.vdocument.in/reader035/viewer/2022072011/56649e005503460f94aea24e/html5/thumbnails/6.jpg)
Helpful examples from other industries
• Shamoon attack on Saudi Aramco – wiping all computers
• Stuxnet virus targeting industrial control systems in Iran which were not online
• Successful hacking of cars
©2015 CyberKeel
![Page 7: Maritime Cyber Risks – What is real, what is fiction? April 9th 2015 Lars Jensen CEO CyberKeel CyberKeel](https://reader035.vdocument.in/reader035/viewer/2022072011/56649e005503460f94aea24e/html5/thumbnails/7.jpg)
Current security is low
CyberKeel evaluated the top-50 container carriers’ websites in Q4 2014
• 37 of 50 appear completely open to simple attacks towards back-end systems
• 6 allow harvesting of usernames• 8 carriers, controlling 38% of global trade, allow “password” as a
password to access sensitive eCommerce applications• 2 carriers allow “x” as password• Spoof domains are in place vis-à-vis 10 out of top-20 carriers
©2015 CyberKeel
![Page 8: Maritime Cyber Risks – What is real, what is fiction? April 9th 2015 Lars Jensen CEO CyberKeel CyberKeel](https://reader035.vdocument.in/reader035/viewer/2022072011/56649e005503460f94aea24e/html5/thumbnails/8.jpg)
Current security is low
CyberKeel evaluated a range of maritime companies for “misspelled” domain names in Q1 2015
• A large range of companies we seen to be potential targets• A few examples just for illustration:
• gearbulk.com -> gearrbulk.com• arkasbunker.com -> arkasbunkers.com• monjasa.com -> m0njasa.com
10 out of top-20 container carriers had such “misspelled” domains
Further testing shows that 18 out of the top-20 container carriers have nt prevented simple click-jacking via iFrame attacks – an attack particularly suitable for exploiting misspelled domain names
©2015 CyberKeel
![Page 9: Maritime Cyber Risks – What is real, what is fiction? April 9th 2015 Lars Jensen CEO CyberKeel CyberKeel](https://reader035.vdocument.in/reader035/viewer/2022072011/56649e005503460f94aea24e/html5/thumbnails/9.jpg)
Current security is low
Organizational issues, and understanding, is a major bottleneck
• Often IT departments are only in charge of land-based IT systems – a technical organization is in charge of vessel IT
• Awareness of the implications that a vessel – and its equipment ! – has to be considered as being just accessible as any landbased computer being online
• When chartering vessels, the operating company is often see not to have specific cyber security requirements
• The usage of agencies, many of which are 3rd party, leads to multiple entries into the company’s back-end systems with limited control over cyber security aspects
• Physical security officers are often unaware of the role they need to take in terms of cyber security
• Non-IT staff have a very low level of awareness in relation to cyber risk behavior
• Awareness that theft of information is a key element in fraud
©2015 CyberKeel
![Page 10: Maritime Cyber Risks – What is real, what is fiction? April 9th 2015 Lars Jensen CEO CyberKeel CyberKeel](https://reader035.vdocument.in/reader035/viewer/2022072011/56649e005503460f94aea24e/html5/thumbnails/10.jpg)
Who are the attackers?
3 main groupings:
• Criminals• Motive: make money• Current prime tools: steal money through fraud, facilitate smuggling, ransomware
• Hacktivists• Motive: make a political statement, create destruction• Current prime tools: destroy/impede infrastructure, publicize sensitive information, take over
communication channels
• Governments (or government affiliated entities)• Motive: Espionage, create the ability to influence critical infrastructure• Current prime tools: APT attacks aimed at remaining undetected
©2015 CyberKeel
![Page 11: Maritime Cyber Risks – What is real, what is fiction? April 9th 2015 Lars Jensen CEO CyberKeel CyberKeel](https://reader035.vdocument.in/reader035/viewer/2022072011/56649e005503460f94aea24e/html5/thumbnails/11.jpg)
What should be done?
• Increase awareness of the realistic threat picture
• Maritime companies need to develop contingency plans as well as counter-measure plans
• Improved training & awareness at all levels from board and C-Level to regular staff
• Development of industry-wise cyber security standards
• Establishment of a trusted environment in which maritime companies can share cyber attack information
If you cannot answer the question: “How do you detect the unauthorized people within your system” you have a problem !
©2015 CyberKeel