Port Facility Cyber Security

Transcription

1 International Port Security Program Port Facility Cyber Security Cyber Risk in the Marine Transportation System MAR'01 1

2 Objectives IDENTIFY motivations behind a cyber attack. IDENTIFY various types of cyber incidents. DESCRIBE the relationship between cyber risk and the MTS. STATE why cyber security is important to ports and what steps should be taken.

3 Topics Why is cyber security important to ports? What are motivations behind a cyber-attack? What are various cyber threats that the MTS faces? Cyber security assessment. Cyber security plan. Managing cyber security at a port facility. Understand countermeasures

4 What is cyber security?

5 Cyber security defined Cyber security can be defined as: the collection of tools, policies, security concepts, security safeguards, guidelines, risk management approaches, actions, training, best practices, assurance and technologies that can be used to protect the cyber environment and organization and user s assets.

6 Impacts of Exploiting Cyber in MTS Financial loss Terminal and / or port shutdowns Economic disaster Environmental catastrophes Loss of life 6

7 Cyber Examples 7

8 Hackers Used Cyber to Facilitate Drug Smuggling By breaking into the offices of a harbor company, the criminals could install key-loggers to take control of computers Computers of container terminal were hacked so the containers that contained drugs could be monitored 1044 kilos cocaine/1099 kilos heroin By means of false papers and a hacked pin code, the drivers were able to pick up the container at a location and time of their choosing 8

9 Electronic Chart Display and Information System (ECDIS) Used for ship navigation ECDIS Vulnerabilities Interconnected with numerous shipboard systems and sensors (AIS, NAVTEX, Speed Log, fathometer) Chart updates loaded via internet or CD/USB 9

10 Cyber Attack Cargo Data Target: Iranian Shipping Line (IRISL) Major data and communications loss Significant disruptions in operations Severe financial losses Cargo sent to incorrect destinations 10

11 Oil Rig Loss of Stability Semi-submersible drilling rig experienced power management system problems Power outage Loss of station Emergency disconnect 14 different viruses Significant safety concern 11

12 WiFi Devices Recent studies have shown major vulnerabilities in 20% of identified control system networks Digital surveillance networks also have vulnerabilities Powerful WiFi devices detected on foreign flag ships Many antennas have a range of several miles Several antennas connected to computers running password cracking software

13 Russia Hacked natural gas pipeline flow control system Largest non-nuclear explosion and fire 3 kiloton explosion (WTC on 9/11 ~ 0.1kiloton)

14 Texas Revenge hack Port's web service inaccessible Crucial data for shipping pilots, mooring companies and support firms

15 Cyber is an issue, what s next? Levels of interaction/interest have varied throughout the world. Cyber should be a topic in security discussions/interactions with industry, particularly during facility/vessel visits and meetings. Everyone must get familiar with the resources that are available. Cyber isn t going away; we all need to be conversant. This isn t just an IT issue anymore. 15

16 Authority & Jurisdiction Cyber is another operational domain. Cyber is just an additional risk factor we must take into account when ensuring a safe and secure marine transportation system. 16

17 Cyber Threat Sources Espionage National Governments Attack Motivators Terrorists Hactivists Criminal

18 Threat actors and vectors

19 Cyber security standards, guidance and best practices There is a wide range of security-related standards and best practice guidance available that apply to IT and industrial control systems.

20 Cyber security assessment In compliance with the port security standards, security assessments are conducted for ports and port facilities. The purpose of these assessments are to identify vulnerabilities that may lead to a security incident. It is intended that wherever appropriate the CSA should build upon the existing security assessments.

21 Cyber security plan Security assessments form the basis of the security plans for the port and port facilities. Plans should address the issues identified in the relevant assessment through the establishment of appropriate security measures designed to minimize the likelihood of a breach of security and the consequences of potential risks. It is intended that wherever appropriate the CSP will build upon the existing port facility security plan (PFSP).

22 Cyber security training When employees aren t involved in cybersecurity, not only can vulnerabilities and threats go unnoticed but employees can become conduits through which attacks are executed. Employees should receive initial and periodic cybersecurity training, helping to maintain the security of the organization as a whole. While cybersecurity is an expansive field, there are certain topics that should be emphasized for general awareness. Social engineering - continues to be a popular means for cyber criminals to prey upon unsuspecting employees.

23 Cyber security training Methods involve s ( phishing ), phone calls, or other types of personal interactions in which malicious actors attempt to entice employees into providing sensitive personal or corporate information, such as account passwords or details about information technology infrastructure. Actors might attempt to make employees perform specific actions, such as pay for alleged services, download infected attachments, or visit malicious websites. Unsolicited s, phone calls, and other correspondence from unknown senders should be viewed with particular caution.

24 Questions to consider Was cyber security considered when conducting the port facility security assessment (PFSA)? Does the port facility security plan (PFSP) address cyber security? Does the port facility test its IT system for weaknesses? Does the port facility conduct cyber security training for all facility personnel?

25 Basic Security Measures 1 Conduct a cyber security assessment Assessments should identify: Important cyber assets and infrastructure. Risks arising from possible threats and the likelihood of their occurrence. Prioritized countermeasures. Weaknesses, including human factors, in the infrastructure, policies and procedures. Reference sources Cyber Security Assessments Control System Internet Accessibility Increasing Threat to Industrial Control Systems

26 Basic Security Measures 2 Develop a cyber security plan Similar to the PFSA and PFSP the plan should include: Measures to secure cargo and ships stores data. Methods of testing for weaknesses. A schedule of drills and exercises. A list of hardware, networks and personnel that have access to them. Standard operating procedures. Reference sources Beginners Guide to Firewalls: A Non-Technical Guide Library/Firewall%20Guide.p df Improving Industrial Control Systems Cybersecurity with Defense-In-Depth Strategies Targeted Cyber Intrusion Detection and Mitigation Strategies

27 Basic Security Measures 3 Conduct cyber security training Employees should receive initial and periodic cyber security training, helping to maintain the security of the organization as a whole. Reference sources Five Tips to Help Execute an Employee Training Program Cybersecurity Questions for CEOs Cybersecurity-Questions-for-CEOs.pdf Choosing and Protecting Passwords

28 Lesson Summary Question: What are some of the impacts of a cyber attack in the maritime transportation system?

29 Impacts of Exploiting Cyber in MTS Financial loss Terminal and / or port shutdowns Economic disaster Environmental catastrophes Loss of life 29

30 Lesson Summary Question: Who are the threat actors and how can they attack our systems?

31 Threat actors and vectors

32 Lesson Summary Question: What are important steps that a port facility can take to improve their cyber security?

33 Questions