Maritime cyber security: Threats & Opportunities. Andy Davis, Research Director Yevgen Dyryavyy, Security Consultant

Transcription

1 Maritime cyber security: Threats & Opportunities Andy Davis, Research Director Yevgen Dyryavyy, Security Consultant

2 Agenda Cyber threats to the marine industry Attack surface overview (harbour / ships / navigation / rigs) Impact: Some unconfirmed cyber security anecdotes Security assessment toolkit Solutions (short, medium, longer term) Security awareness Conclusions Q&A

3 The threats Control systems are becoming more complex Older, less secure control protocols are being Internet-connected There is more of an expectation of remote access Attackers are becoming more interested in non-conventional IT and RF technologies The technical competence of attackers is increasing Image:

4 Attack surface overview: Harbour AIS (Automatic Identification System) gateways VTS (Vessel Traffic Services) Office IT systems Connected to the Internet ICS (Industrial Control Systems)

5 Attack surface overview: Ships AIS transceivers, LRIT (Long-range Identification and Tracking ) IT systems connected to the Internet DSC (Digital Selective Calling), Man-in-water beacons Data sharing between systems via USB Memory sticks Lack of segregation between systems

6 Attack surface overview: Navigation GNSS (Global Navigation Satellite System) data ECDIS (Electronic Chart Display Information System) Electronic chart data eloran

7 Attack surface overview: Rigs DP (Dynamic Positioning) systems Malware inadvertently introduced via Internet browsing and USB memory sticks

8 Impact: Some reported incidents In 2012 it was revealed that crime syndicates had penetrated the cargo systems operated by the Australian Customs and Border protection. The penetration of the systems allowed the criminals to check whether their shipping containers were regarded as suspicious by the police or customs authorities. Drug traffickers hacked into the computer controlling the location and movement of shipping containers at the port of Antwerp North Korea uses lorry-mounted devices to block GPS signals in South Korea. In early 2012 the attacks ran for 16 days, causing 1,016 aircraft and 254 ships to report disruption Image: gcaptain.com

9 Security assessment toolkit Security Assessment!= Security Audit Image: 4.bp.blogspot.com

10 Image: Some solutions

11 Short term solutions The active threats to marine systems should be identified through threat modelling If software/firmware can easily be fixed to mitigate vulnerabilities this should be done More complex design-related vulnerabilities need to be contained using segregation technologies Image:

12 Medium term solutions Standards documentation IEC Standards and Guidance development :2011 in particular provides good guidelines on how to implement security into shipboard network infrastructure. DNV Classification society documentation and DNV Nautical Safety (Network Based Integration of Navigation Systems (ICS)). IEC TC80 standard contributions ( )

13 Longer term solutions Marine systems developers need to implement an SDL (Secure Development Lifecycle) System components and fully integrated solutions should be security regularly tested The bigger picture should be considered when remote connectivity to any component is required Image: msdn.microsoft.com

14 Raising security awareness Effective cyber security starts with security awareness Understanding the fundamentals can make a huge difference: You don t need to be an expert to spot potential security risks Processes need to be implemented to enable people to raise potential security issues/risks from systems development through to operations. Image:

15 Conclusions Faster internet connections will facilitate cyber attacks against marine systems The potential impact of marine cyber attacks includes potential revenue loss, environmental damage and loss of life. Adherence to existing standards and guidelines is required More security testing of marine systems, networks, hardware devices and any associated software is required The ultimate solution is to embed security into the development lifecycle of products and systems The most important step is to ensure staff are aware of cyber security threats through appropriate training so that they can be identified and reported

16 Questions? UK Offices Manchester - Head Office Cheltenham Edinburgh Leatherhead London Milton Keynes European Offices Amsterdam - Netherlands Munich Germany Zurich - Switzerland North American Offices San Francisco Atlanta New York Seattle Australian Offices Sydney