Cyber Security in the Maritime Sector Threats, Trends and Reality

Transcription

1 Cyber Security in the Maritime Sector Threats, Trends and Reality

2 FUD *Fear, Uncertainty, Doubt

3 1st ever Maritime Cyber Security Incident was documented thoroughly in 1997

4 A computer hacker breaks into the computer system of the Seabourn Legend cruise liner and sets it speeding on a collision course into a gigantic oil tanker. Source: IMDB

5 Threats ECDIS Tampering & GPS Spoofing Malware Infections (Mostly unintentional) Ransomware Phishing Attacks / fraud for money transfers (Biggest case World Fuel US$15mil) Penalties from lack of compliance with legislation (Network Information Security Directive etc)

6 Maritime Cyber Threats Who is behind of the mask? Competition Nations Hacktivist Incompetence Disgruntled employee

7 Maritime Cyber Threats Who is behind of the mask? Willem Dafoe in Speed 2

8 90% $3 trillion cost of a cyber attack to the world economy World Economic Forum, Davos 2015 of crew had never received any cyber security training or guidelines Crew Connectivity Survey, % of crew have sailed on a vessel that had been compromised by a cyber incident Crew Connectivity Survey, % of breaches were caused by human error IBM s 2015 Cyber Security Intelligence Index

9 Contrary to popular belief, Somali pirates aren t going to hijack your vessel using cyber attacks anytime soon Todd James Double AK's, 2015 Lazarides

10 Trends As vessels rely more on Automation systems, and as vessels become more connected the number of attacks WILL increase. Most attacks are kept secret from victims in an effort to avoid reputation problems and potential loss of income. There is an increasing trend in uncovering incidents` Maritime Cyber Security is the new eldorado for PMSCs and Cyber security corporations. Big influx of cyber security firms in the shipping sector inexperienced in the realities of shipping.

11 Reality.. We are having a deja vu of the 2008 maritime Security Market. However this time all stakeholders are more proactive.

12 Reality.. All major shipping associations and organizations, Classification societies, the flags, the insurance market are all proactive in assisting shipowners. IMO Published draft guidelines in MSC 1/Circ 1526 BIMCO issued Cyber Security guidelines in January

13 Reality.. BIMCO s guidelines focus on seven critical aspects of maritime cyber security: 1. Identifying and understanding cyber security threats to the vessel 2. Assessing risk exposure and the likelihood of being exploited by external threats 3. Developing protection and detection measures in order to minimize impact 4. Establishing contingency plans to counter the threat s impacts 5. Responding to cyber security incidents. 6. Identifying vulnerabilities within the ship s cyber security measures 7. Creating a Cyber Security Culture through Training

14 vessel

15

16 TIPS

17 RISK ASSESSMENT Audit ISecGrade Methodology ISO 27001:2013 Vulnerability Assessment Penetration Test White Box Black Box (Social Engineering Phishing Attacks) Network / Web / Wireless Penetration Test Mobile Devices Penetration Test

18 SECURITY PLAN Network Security Plan Secure Server Configuration - Windows - Linux - MacOS Deploying Policies (ISO compliant) Security Plan Implementation

19 INCIDENT RESPONSE Containment Eradication & Recovery Forensics Reputation Management

20 TRAINING Cyber Security Awareness Hacker Detection for IT Administrators Emergency Response for IT Administrators Secure Coding

21 SIEM Security information and event management (SIEM) is an approach to security management that seeks to provide a holistic view of an organization s information technology (IT) security.

22 VSIEM Aspida is first to develop a Vessel Security Information and Event Management System. This service is addressed to shipowners and management companies wishing to protect their vessels from cyber attacks

23 CERTIFICATIONS

24 Thank you