Cyber Keel Maritime Cyber Risks What is real
Cyber. Keel Maritime Cyber Risks – What is real, what is fiction? April 9 th 2015 Lars Jensen CEO Cyber. Keel
Current state of affairs • The level of cyber security currently is at a very low level in the maritime industry • State-of-the-art firewall and anti-virus software is ineffective in keeping out dedicated attacks • Social engineering tactics work very well • When we ask about cyber security protection, almost all answer in terms of their technology to keep intruders out. Very few can answer the questions: “How do you detect the ones who are already inside? ” and “How do we operate given the knowledge that we may at any time be compromised? ” © 2015 Cyber. Keel
But is there a problem – in reality? © 2015 Cyber. Keel
A carrier losing track of all containers Cyber. Keel recently released a whitepaper as well a new monthly newsletter focused specifically on cyber threats. Key focus: what is real and what is fiction. 2011: Cyber attack on Iranian container carrier IRISL Attacks damages all data related to: - Rates - Cargo number - Date - Place Compounding the problem was a simultaneous elimination of the company’s internal communication network © 2015 Cyber. Keel
A brief look at actual maritime incidents • Stealing money through man-in-the-middle attack • Smuggling drugs and deleting containers from a port • Zombie Zero: Using barcode scanners to gain entry to financial systems • Icefog: backdoor access to Japanese and Korean companies (extract documents, gain email access, obtain passwords) • Bypassing Australian customs • Destabilization of drilling platform • Shutting down a drilling platform by malware infection • Complete compromise and spoofing of AIS • GPS Jamming • Manipulation of ECDIS data • Remote navigation of an 80 million dollar yacht using 3000 USD worth of equipment • Facebook as pirate intelligence source © 2015 Cyber. Keel
Helpful examples from other industries • Shamoon attack on Saudi Aramco – wiping all computers • Stuxnet virus targeting industrial control systems in Iran which were not online • Successful hacking of cars © 2015 Cyber. Keel
Current security is low Cyber. Keel evaluated the top-50 container carriers’ websites in Q 4 2014 • 37 of 50 appear completely open to simple attacks towards back-end systems • 6 allow harvesting of usernames • 8 carriers, controlling 38% of global trade, allow “password” as a password to access sensitive e. Commerce applications • 2 carriers allow “x” as password • Spoof domains are in place vis-à-vis 10 out of top-20 carriers © 2015 Cyber. Keel
Current security is low Cyber. Keel evaluated a range of maritime companies for “misspelled” domain names in Q 1 2015 • A large range of companies we seen to be potential targets • A few examples just for illustration: • • • gearbulk. com -> gearrbulk. com arkasbunker. com -> arkasbunkers. com monjasa. com -> m 0 njasa. com 10 out of top-20 container carriers had such “misspelled” domains Further testing shows that 18 out of the top-20 container carriers have nt prevented simple click-jacking via i. Frame attacks – an attack particularly suitable for exploiting misspelled domain names © 2015 Cyber. Keel
Current security is low Organizational issues, and understanding, is a major bottleneck • Often IT departments are only in charge of land-based IT systems – a technical organization is in charge of vessel IT • Awareness of the implications that a vessel – and its equipment ! – has to be considered as being just accessible as any landbased computer being online • When chartering vessels, the operating company is often see not to have specific cyber security requirements • The usage of agencies, many of which are 3 rd party, leads to multiple entries into the company’s back-end systems with limited control over cyber security aspects • Physical security officers are often unaware of the role they need to take in terms of cyber security • Non-IT staff have a very low level of awareness in relation to cyber risk behavior • Awareness that theft of information is a key element in fraud © 2015 Cyber. Keel
Who are the attackers? 3 main groupings: • Criminals • • • Hacktivists • • • Motive: make money Current prime tools: steal money through fraud, facilitate smuggling, ransomware Motive: make a political statement, create destruction Current prime tools: destroy/impede infrastructure, publicize sensitive information, take over communication channels Governments (or government affiliated entities) • • Motive: Espionage, create the ability to influence critical infrastructure Current prime tools: APT attacks aimed at remaining undetected © 2015 Cyber. Keel
What should be done? • Increase awareness of the realistic threat picture • Maritime companies need to develop contingency plans as well as countermeasure plans • Improved training & awareness at all levels from board and C-Level to regular staff • Development of industry-wise cyber security standards • Establishment of a trusted environment in which maritime companies can share cyber attack information If you cannot answer the question: “How do you detect the unauthorized people within your system” you have a problem ! © 2015 Cyber. Keel
- Slides: 11