maritime cyber security

Cyber Security

in Maritime

Environment

George PouraimisCyber Security Analyst

2nd ICT Security World Conference

Contents

1. Need for defense

2. Know your enemy

3. Cyber kill chain

4. How to defend2nd ICT Security World Conference

Need for defense


Cyber attacks in UK oil and gas industry cost about 400 million pounds ($672 million) / year

Awareness on cyber security in maritime sector is low to non-existent.

Data Source: www.reuters.com

Need for defense


In maritime industry attacks often remain in secret

Critical infrastructure & Cybersecurity (HORIZON 2020)

Blue

Economy

90 %Europe’s external

trade is carried

out at sea

2nd ICT Security World ConferenceData Source: ec.europa.eu

…some statistics

89%of breaches had a financial

or espionage motive

2nd ICT Security World ConferenceData Source: Symantec ISTR 2016Data Source: Verizon DBIR Report 2016

…some statistics

50%of incidents related to

errors by admins


…some statistics

23%of people open and

click on phishing emails


Know your enemy

Activists and insiders

Criminals for ransom and espionage

Opportunists for financial gain

Terrorists for (geo)political reasons2nd ICT Security World Conference

How hackers attack?


Un-Targeted

1. Social engineering

2. Phishing

3. Water holing

4. Ransomware

5. Scanning

Targeted

1. Spear-phishing

2. Using botnets

3. Compromising supply chain

Cyber Kill Chain


Reconnaissance

Weaponization

DeliveryCompromise /

Exploit

C2

Exfiltration

Data Source: digital-forensics.sans.orgData Source: BIMCO

SurveyReconnaissance

Delivery Breach

Affect

Case Study


Phishing

Emaillink

Emailattachment

Malware Stealcredentials

Backdoor C2

Cyber threats onboard

ships


Communication systems (SATCOM, VOIP, WLAN)

Navigation systems (GPS, ECDIS, AIS, Radar)

Propulsion & power control systems

Access control systems (CCTV, BNWAS, SSAS)

Cyber threats onboard

ships


Cargo management systems (CCR)

Passenger servicing & management systems

Passenger and crew networks (WiFi, LAN)

Core infrastructure systems (Router, FW, VPN)

How to defend?

Assess the risk 1. Risk assessment by internal IT admins

2. Risk assessment by specialists (Pen Testers)

Reduce the risk 1. Address cyber security vulnerabilities

2. Follow the procedures


Internal Risk

Assessment

1. Define technical audits and procedures

2. Identify systems that are vulnerable

3. Evaluate main operations that are vulnerable to

cyber attacks

4. Identify the impact of cyber incidents2nd ICT Security World Conference

Vulnerability

Assessment

1. Scoping and Planning

2. Execution (Reconnaissance -> Mapping ->

Discovery -> Exploit )

3. Vulnerability review/reporting

4. Debriefing2nd ICT Security World Conference

Manage procedures

TrainingOnboard ships (officers and staff)

Ashore (managers and personnel)

Security Awareness Emails, Internet use, Devices, Software, Passwords, non-company personnel, Reports, Maintenance


Incidence Response


Identify incident

Limit damage

Prevent further damage

Isolate and

restore affected systems

Recover systems

Lessons Learned

Maritime Cyber Security

Guides

IMO: Guidelines on the facilitation aspects of protecting the maritime transport network from cyber threats (2016)

BIMCO: Guidelines on Cyber Security onboard Ships (2016)

ENISA: Analysis of cyber security aspects in the maritime sector (2011)


Cyber Security Guides

ISO/IEC 27000-2016: Security techniques --Information security management systems NIST: Framework for Improving Critical Infrastructure Cybersecurity (2014)

Executive Order 13636: Improving Critical Infrastructure Cybersecurity (2013)


Thank you for your

attention

George PouraimisCyber Security Analyst


maritime cyber security

Presentations & Public Speaking