Marine Cyber Risks
INSERT PARTNER LOGO CyberKeel Lars Jensen, CEO, CyberKeel CONNECT. COLLABORATE. INNOVATE. Marine Cyber Risks INSERT PARTNER LOGO A scenario to kick-start you….. You are in charge of a major container terminal • The three most senior IT people in your terminal are arrested charged with child pornography found on their personal computers…… • All your systems seize to work…. • The system malfunctions are because all your data have been encrypted – you receive a phone call asking for a 1 million USD ransom to provide the decryption key….. • You try to re-install from backups, but all your back-ups for the past 6 months are also encrypted – effectively you have no backup…… How much time would it take you to recover if you had to manually account for all containers in your yard? What if this happened to 10 major terminals at the same time….? CyberKeel INSERT PARTNER LOGO What is cyber security ? • Prevention of unintentional disruption or alteration to electronic information flow or information handling • Can be split into 3 main parts: Natural causes (such as extreme space weather) Unintentional (such as equipment malfunction, erroneous command entry) Intentional (such as deliberate hacking, deliberate jamming) CyberKeel INSERT PARTNER LOGO Current state of affairs • The level of cyber security currently is at a very low level in the maritime industry • State-of-the-art firewall and anti-virus software is ineffective in keeping out dedicated attacks • Social engineering tactics work very well • When we ask about cyber security protection, almost all answer in terms of their technology to keep intruders out. Very few can answer the questions: “How do you detect the ones who are already inside?” and “How do we operate given the knowledge that we may at any time be compromised?” CyberKeel INSERT PARTNER LOGO But is there a problem – in reality? INSERT PARTNER LOGO Actual examples – part 1 CyberKeel recently released a whitepaper as well a new monthly newsletter focused specifically on cyber threats. • Stealing money through man-in-the-middle attack • Deleting all operational data in a shipping line • Smuggling drugs and deleting containers from a port • Zombie Zero: Using barcode scanners to gain entry to financial systems • Icefog: backdoor access to Japanese and Korean companies (extract documents, gain email access, obtain passwords) • Bypassing Australian customs CyberKeel INSERT PARTNER LOGO Actual examples – part 2 • Destabilization of drilling platform • Shutting down a drilling platform by malware infection • Fun with AIS • GPS Jamming • Manipulation of ECDIS data • Remote navigation of an 80 million dollar yacht using 3000 USD worth of equipment • Facebook as pirate intelligence source • 37 out of top-50 container carriers were found to be vulnerable CyberKeel INSERT PARTNER LOGO Learning from other industries Many examples can be found, but let us look at 3 with telling implications also for the maritime & port industry: • • • Shamoon virus infection of Saudi Aramco Stuxnet Virus Hacking of cars CyberKeel INSERT PARTNER LOGO Terminal risks? Many scenarios can be contemplated, but you should at least contemplate the following: • • • Ransomware attacks on your key data such as containers on site Data compromises to smuggle or steal cargo Attacks directed at disrupting automated terminals CyberKeel INSERT PARTNER LOGO The ‘Who’ and the ‘Why’ INSERT PARTNER LOGO Motivation and actors are linked Essentially 3 main types of actors: Criminals Hacktivists Motivation: Money Targets: Companies with money and low security Motivation: Destruction, Publicity Targets: High-profile companies or industries, countries, NGOs Government organizations Motivation: Espionage, creating capabilities for future usage Targets: Critical infrastructure components CyberKeel INSERT PARTNER LOGO How easy is it to do? Hacking can be bought as a service. Examples: • • • DDOS attack bringing a site down: 3-5 USD/hour. 400-600 USD/week Website hack: 100-300 USD Credit card details: 4-18 USD/card depending on card type. • • Another 10 USD will further include a dossier of info to complete identity theft matching the card Botnet of 15.000 infected computers: 250 USD CyberKeel INSERT PARTNER LOGO Standard tools CyberKeel Pwn phone, $1295,‐ USB Rubber Ducky, $39,95 Keylogger, $144,99 INSERT PARTNER LOGO GPS Jammers 60 GBP. Range 10 meters. Jams GPS 179 GBP. Range 20 meters. Jams GPS, Wi‐Fi, Cellphone 228 USD. Range 40 meters. Jams GPS Online purchase possible for jammers with ranges up to 600m – longer range if placed high. Man‐portable jammer device, range 200meter seen at 15.000EUR CyberKeel INSERT PARTNER LOGO Key elements of defense INSERT PARTNER LOGO Start at the top Cyber security does not start with IT, it starts with the C-Level Assess the realistic threat picture Make a deliberate decision weighting business needs vs cyber security Make an implementation plan for the prioritized means IT tools IT policies versus employees IT policies versus customers and suppliers Make a robust contingency plan Perform penetration testing using both IT tools and social engineering Basic awareness training for all staff Include cyber security aspects in the physical security organization CyberKeel INSERT PARTNER LOGO People & physical access Typical pathways for cyber attacks: - Phone calls Phishing emails Planting hardware or virus while physically visiting premises Break-in to insert e.g. keyloggers or cardreaders CyberKeel INSERT PARTNER LOGO What to do when you get back? If you believe you need to address the issue, what should you do right now? - Take a 1-day workshop for the C-Level to discuss matters and agree on high level priorities Develop robust contingency plans Perform a penetration test using both IT and social engineering to identify issues, and prioritize those Institute basic awareness training for all employees CyberKeel
© Copyright 2024