Cyber Operators Course (Op) – Module 3
A skilled social engineer will probably observe vessels operations in port for some time to understand how security procedures work. Ask yourself if you would challenge a suitably dressed professional when on board. They look the part and appear to be busy with a purpose.
All appropriate clothing for maritime operations is easily available online.
ID cards can be easy to recreate or clone.
Cyber Operators Course (Op) – Module 1
When we talk about Cyber Security, we are ultimately talking about technology infrastructure, applications, data, and human interaction. But these are no longer limited to the “wired” net. It has now overcome this and works with almost all IP-based communications.
IP: Internet Protocol
We have established that the cyber industry is bigger than perhaps expected. Your Vessel is vulnerable and potentially the next target… assuming you have not been targeted already.
Incident: Worm* attack on maritime IT and OT
The company asked Cyber Security professionals to conduct forensic analysis and remediation. It was determined that all servers associated with the equipment were infected and that the virus had been in the system undiscovered for 875 days.
*Worms infect computer systems by exploiting software vulnerabilities. Worms are most commonly found attached to emails. This could be a link to a malicious website, an instant download, or a file/folder attached to the email. Once the worm has been activated, it will silently start to infect your computer systems. Worms can be transmitted like a disease with devices such as USB.
Cyber Operators Course (Op) – Module 3
When challenged, a competent social engineer will be able to answer questions to appear that their purpose is legitimate.
“I was sent by the operator to fix a problem with the ballast control system, can you direct me to it”
“I’m here to update the security software on the Wi-Fi network”
“We’ve had a report that the ECDIS is playing up”
Most crew will be helpful. They inadvertently escort the hacker to the system on the vessel and probably leave them alone to get on with their work.
Expert social engineers will be confident enough to aggressively challenge back, for example:
“How dare you challenge me, I’ll report you for disobedience!”
Crew need to feel able to challenge personnel without fear of risking their jobs. If they don’t feel able to do so, at the very least they should be able to quickly report concerns to the master or operator.
Cyber Operators Course (Op) – Module 1
In 2017, the International Maritime Organization (IMO) adopted resolution MSC.428(98) on Maritime Cyber Risk Management in Safety Management System (SMS). The Resolution stated that an approved SMS should take into account cyber risk management in accordance with the objectives and functional requirements of the ISM Code.
It further encourages administrations to ensure that cyber risks are appropriately addressed in safety management systems no later than the first annual verification of the company’s Document of Compliance after 1 January 2021.
The same year, IMO developed guidelines that provide high-level recommendations on maritime cyber risk management to safeguard shipping from current and emerging cyber threats and vulnerabilities. As also highlighted in the IMO guidelines, effective cyber risk management should start at the senior management level.
Cyber Operators Course (Op) – Module 3
Fortunately, crews are familiar with preventing stowaways from boarding. This same degree of alertness should be applied to social engineers. The social engineer may not fit with the appearance of a stowaway, but similar defences can be applied.
Cyber Operators Course (Op) – Module 1
Organisations that have to consider measures against cyber war or cyber terror include governments, those within the critical national infrastructure, and very high-profile institutions. It is unlikely that most organisations will face the threat of cyber war or cyber terror.
Cyber Operators Course (Op) – Module 2
If you turn off your system incorrectly, any files that were being saved may be incomplete or not saved at all. This can then go ahead and create corrupt data due to the fact you didn’t allow the computer to finish writing to the disk correctly. Your Computer could now also permanently damage the hard drive due to not being turned off correctly. This is due to the actuator arm unable to park its self by the side of the disk. Instead, it may come to a slow stop and park itself upon the disk and scratch it, therefore damaging the disk and making it unusable.
The consequences of this can be that for a long time you might get lucky and the data corruption may be in an area of the disk that you don’t notice, or a file that you can do without. But after much time or even after very little time you will probably, when you need your computer most, find that one of your important programs no longer works because an important file is corrupt. Or worse, Windows will no longer boot because the registry has become corrupt.
(Have you ever seen this screen before?)
Cyber Operators Course (Op) – Module 3
Internet crime pays dividends. You would do well to forget the term ‘cyber’ at this point and think about what valuable data and commodities you transport.
Cyber crime is well funded and generates significant returns.
Consider delaying a vessel containing a commodity such as oil or LNG. Delaying the vessel through a cyber attack could move a spot price on the market, particularly at a time of high demand.
Crippling of a port could also create significant issues for shipping. Issues of this nature have already occurred to Maersk and COSCO. Theft of cargo can also be facilitated through hacks.
There is no one solution to defending against the cyber criminal. Following internationally recognised guidance from IMO, BIMCO and ISO27001 will better prepare a business.
One would also be well advised to carry out a role playing session with senior executives, simulating a cyber incident. From this, an incident response ‘playbook’ can be created that will significantly help in the management of an unfolding breach. Again, specialists can assist with this.
Cyber Operators Course (Op) – Module 3
In order to understand the threat, we need to understand a little about the motivations of a hacker in the maritime context.
First and most importantly, plenty of hackers need no motivation. They’re exploring the internet to see what they can find and discover interesting systems to play with. They may not understand the significance of the buttons they’re pushing, but they will push them all the same. That your DP was unintentionally on the public internet through a misconfiguration in your satcom terminal and has just gone offline is of no consequence to them. Their view is that they shouldn’t be able to access it.
The law is of no interest – they will be hidden behind a TOR exit node and you’ll never be able to trace them. Even if you could get law enforcement to trace them, they may be too young to prosecute.
Cyber Operators Course (Op) – Module 3
The white hat. You might engage an ethical hacker or penetration tester to evaluate the security of your vessels. That’s the best way to be certain of your security.
Pen Test Partners LLP is a very well respected provider of this, who have spent significant time in the Maritime Industry understanding how modern vessels work. There are many other providers, but it may be worth considering them: [email protected]
Sometimes, white hats will find security flaws in your systems. They will want to disclose these to you privately in an effort to help you out. Operators often struggle to deal with this altruism and unintentionally annoy the researcher. This sometimes leads to critical vulnerabilities in your systems being splattered across the public internet. This isn’t the outcome that anyone wanted and can easily be avoided:
Set up an email address for researchers to contact you on, typically security@, e.g. [email protected]