Presentation is loading. Please wait.

Presentation is loading. Please wait.

Maritime Cyber Risks – What is real, what is fiction?

Published byNatalie Garrett Modified over 8 years ago

Similar presentations

Presentation on theme: "Maritime Cyber Risks – What is real, what is fiction?"— Presentation transcript:

1 Maritime Cyber Risks – What is real, what is fiction?
CyberKeel Maritime Cyber Risks – What is real, what is fiction? April 9th 2015 Lars Jensen CEO CyberKeel

2 Current state of affairs
The level of cyber security currently is at a very low level in the maritime industry State-of-the-art firewall and anti-virus software is ineffective in keeping out dedicated attacks Social engineering tactics work very well When we ask about cyber security protection, almost all answer in terms of their technology to keep intruders out. Very few can answer the questions: “How do you detect the ones who are already inside?” and “How do we operate given the knowledge that we may at any time be compromised?” ©2015 CyberKeel

3 But is there a problem – in reality?
©2015 CyberKeel

4 A carrier losing track of all containers
CyberKeel recently released a whitepaper as well a new monthly newsletter focused specifically on cyber threats. Key focus: what is real and what is fiction. 2011: Cyber attack on Iranian container carrier IRISL Attacks damages all data related to: Rates Cargo number Date Place Compounding the problem was a simultaneous elimination of the company’s internal communication network ©2015 CyberKeel

5 A brief look at actual maritime incidents
Stealing money through man-in-the-middle attack Smuggling drugs and deleting containers from a port Zombie Zero: Using barcode scanners to gain entry to financial systems Icefog: backdoor access to Japanese and Korean companies (extract documents, gain access, obtain passwords) Bypassing Australian customs Destabilization of drilling platform Shutting down a drilling platform by malware infection Complete compromise and spoofing of AIS GPS Jamming Manipulation of ECDIS data Remote navigation of an 80 million dollar yacht using 3000 USD worth of equipment Facebook as pirate intelligence source ©2015 CyberKeel

6 Helpful examples from other industries
Shamoon attack on Saudi Aramco – wiping all computers Stuxnet virus targeting industrial control systems in Iran which were not online Successful hacking of cars ©2015 CyberKeel

7 Current security is low
CyberKeel evaluated the top-50 container carriers’ websites in Q4 2014 37 of 50 appear completely open to simple attacks towards back-end systems 6 allow harvesting of usernames 8 carriers, controlling 38% of global trade, allow “password” as a password to access sensitive eCommerce applications 2 carriers allow “x” as password Spoof domains are in place vis-à-vis 10 out of top-20 carriers ©2015 CyberKeel

8 Current security is low
CyberKeel evaluated a range of maritime companies for “misspelled” domain names in Q1 2015 A large range of companies we seen to be potential targets A few examples just for illustration: gearbulk.com -> gearrbulk.com arkasbunker.com -> arkasbunkers.com monjasa.com -> m0njasa.com 10 out of top-20 container carriers had such “misspelled” domains Further testing shows that 18 out of the top-20 container carriers have nt prevented simple click-jacking via iFrame attacks – an attack particularly suitable for exploiting misspelled domain names ©2015 CyberKeel

9 Current security is low
Organizational issues, and understanding, is a major bottleneck Often IT departments are only in charge of land-based IT systems – a technical organization is in charge of vessel IT Awareness of the implications that a vessel – and its equipment ! – has to be considered as being just accessible as any landbased computer being online When chartering vessels, the operating company is often see not to have specific cyber security requirements The usage of agencies, many of which are 3rd party, leads to multiple entries into the company’s back-end systems with limited control over cyber security aspects Physical security officers are often unaware of the role they need to take in terms of cyber security Non-IT staff have a very low level of awareness in relation to cyber risk behavior Awareness that theft of information is a key element in fraud ©2015 CyberKeel

10 Who are the attackers? ©2015 CyberKeel 3 main groupings: Criminals
Motive: make money Current prime tools: steal money through fraud, facilitate smuggling, ransomware Hacktivists Motive: make a political statement, create destruction Current prime tools: destroy/impede infrastructure, publicize sensitive information, take over communication channels Governments (or government affiliated entities) Motive: Espionage, create the ability to influence critical infrastructure Current prime tools: APT attacks aimed at remaining undetected ©2015 CyberKeel

11 What should be done? Increase awareness of the realistic threat picture Maritime companies need to develop contingency plans as well as counter-measure plans Improved training & awareness at all levels from board and C-Level to regular staff Development of industry-wise cyber security standards Establishment of a trusted environment in which maritime companies can share cyber attack information If you cannot answer the question: “How do you detect the unauthorized people within your system” you have a problem ! ©2015 CyberKeel

Download ppt "Maritime Cyber Risks – What is real, what is fiction?"

Similar presentations

© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
 Someone who exercises playful ingenuity  Misusers of the internet who try to obtain or corrupt information; people who try to prevent it.

 Someone who exercises playful ingenuity  Misusers of the internet who try to obtain or corrupt information; people who try to prevent it.
The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.

The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.
7 Effective Habits when using the Internet Philip O’Kane 1.

7 Effective Habits when using the Internet Philip O’Kane 1.
English Arabic Cyber Security: Implications of recent breaches MENOG April 2015.

English Arabic Cyber Security: Implications of recent breaches MENOG April 2015.
© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.

© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.
SECURITY AND SOCIAL ENGINEERING US Department of Commerce Office of Security Updated 09/26/11 Security is Everyone's Responsibility – See Something, Say.

SECURITY AND SOCIAL ENGINEERING US Department of Commerce Office of Security Updated 09/26/11 Security is Everyone's Responsibility – See Something, Say.
STOP.THINK.CONNECT™ NATIONAL CYBERSECURITY AWARENESS CAMPAIGN SMALL BUSINESS PRESENTATION.

STOP.THINK.CONNECT™ NATIONAL CYBERSECURITY AWARENESS CAMPAIGN SMALL BUSINESS PRESENTATION.
Cyber Crime Game Players By Marharyta Abreu & Iwona Sornat.

Cyber Crime Game Players By Marharyta Abreu & Iwona Sornat.
AVG- Protecting those who are vulnerable.  Free Anti-Virus Software ◦ J.R. Smith President of AVG oversees a lineup of antivirus products used by 110.

AVG- Protecting those who are vulnerable.  Free Anti-Virus Software ◦ J.R. Smith President of AVG oversees a lineup of antivirus products used by 110.
Malicious Attacks By Chris Berg-Jones, Ethan Ungchusri, and Angela Wang.

Malicious Attacks By Chris Berg-Jones, Ethan Ungchusri, and Angela Wang.
Cyber X-Force-SMS alert system for E-mail threats.

Cyber X-Force-SMS alert system for threats.
Global Information Security Issues According to the E&Y Global Survey, Managers Say the Right Thing… –90% of 1400 companies surveyed in 66 countries say.

Global Information Security Issues According to the E&Y Global Survey, Managers Say the Right Thing… –90% of 1400 companies surveyed in 66 countries say.
Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services

Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services
What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:

What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:
Lecture 11 Reliability and Security in IT infrastructure.

Lecture 11 Reliability and Security in IT infrastructure.
IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.

IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.
Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer

Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer
The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions 631-692-5175 Steve Katz, CISSP Security.

The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions Steve Katz, CISSP Security.
COMPUTER CRIME AND TYPES OF CRIME Prepared by: NURUL FATIHAH BT ANAS.

COMPUTER CRIME AND TYPES OF CRIME Prepared by: NURUL FATIHAH BT ANAS.

Similar presentations

Ads by Google