Marine Cyber Risks

INSERT PARTNER LOGO
CyberKeel
Lars Jensen, CEO, CyberKeel
CONNECT.
COLLABORATE.
INNOVATE.
Marine Cyber Risks
INSERT PARTNER LOGO
A scenario to kick-start you…..
You are in charge of a major container terminal
•
The three most senior IT people in your terminal are arrested charged with child pornography found on
their personal computers……
•
All your systems seize to work….
•
The system malfunctions are because all your data have been encrypted – you receive a phone call
asking for a 1 million USD ransom to provide the decryption key…..
•
You try to re-install from backups, but all your back-ups for the past 6 months are also encrypted –
effectively you have no backup……
How much time would it take you to recover if you had to manually account for all containers in your yard?
What if this happened to 10 major terminals at the same time….?
CyberKeel
INSERT PARTNER LOGO
What is cyber security ?
• Prevention of unintentional disruption or alteration to electronic
information flow or information handling
• Can be split into 3 main parts:
 Natural causes (such as extreme space weather)
 Unintentional (such as equipment malfunction, erroneous command entry)
 Intentional (such as deliberate hacking, deliberate jamming)
CyberKeel
INSERT PARTNER LOGO
Current state of affairs
• The level of cyber security currently is at a very low level in the maritime
industry
• State-of-the-art firewall and anti-virus software is ineffective in keeping out
dedicated attacks
• Social engineering tactics work very well
• When we ask about cyber security protection, almost all answer in terms
of their technology to keep intruders out. Very few can answer the
questions: “How do you detect the ones who are already inside?” and
“How do we operate given the knowledge that we may at any time be
compromised?”
CyberKeel
INSERT PARTNER LOGO
But is there a problem – in reality?
INSERT PARTNER LOGO
Actual examples – part 1
CyberKeel recently released a whitepaper as well a new monthly newsletter focused
specifically on cyber threats.
•
Stealing money through man-in-the-middle attack
•
Deleting all operational data in a shipping line
•
Smuggling drugs and deleting containers from a port
•
Zombie Zero: Using barcode scanners to gain entry to financial systems
•
Icefog: backdoor access to Japanese and Korean companies (extract documents, gain
email access, obtain passwords)
•
Bypassing Australian customs
CyberKeel
INSERT PARTNER LOGO
Actual examples – part 2
•
Destabilization of drilling platform
•
Shutting down a drilling platform by malware infection
•
Fun with AIS
•
GPS Jamming
•
Manipulation of ECDIS data
•
Remote navigation of an 80 million dollar yacht using 3000 USD worth of equipment
•
Facebook as pirate intelligence source
•
37 out of top-50 container carriers were found to be vulnerable
CyberKeel
INSERT PARTNER LOGO
Learning from other industries
Many examples can be found, but let us look at 3 with telling implications also for
the maritime & port industry:
•
•
•
Shamoon virus infection of Saudi Aramco
Stuxnet Virus
Hacking of cars
CyberKeel
INSERT PARTNER LOGO
Terminal risks?
Many scenarios can be contemplated, but you should at least contemplate the
following:
•
•
•
Ransomware attacks on your key data such as containers on site
Data compromises to smuggle or steal cargo
Attacks directed at disrupting automated terminals
CyberKeel
INSERT PARTNER LOGO
The ‘Who’ and the ‘Why’
INSERT PARTNER LOGO
Motivation and actors are linked
Essentially 3 main types of actors:
 Criminals



Hacktivists



Motivation: Money
Targets: Companies with money and low security
Motivation: Destruction, Publicity
Targets: High-profile companies or industries, countries, NGOs
Government organizations


Motivation: Espionage, creating capabilities for future usage
Targets: Critical infrastructure components
CyberKeel
INSERT PARTNER LOGO
How easy is it to do?
Hacking can be bought as a service. Examples:
•
•
•
DDOS attack bringing a site down: 3-5 USD/hour. 400-600 USD/week
Website hack: 100-300 USD
Credit card details: 4-18 USD/card depending on card type.
•
•
Another 10 USD will further include a dossier of info to complete identity theft matching the card
Botnet of 15.000 infected computers: 250 USD
CyberKeel
INSERT PARTNER LOGO
Standard tools
CyberKeel
Pwn phone, $1295,‐
USB Rubber Ducky, $39,95
Keylogger, $144,99
INSERT PARTNER LOGO
GPS Jammers
60 GBP. Range 10 meters. Jams GPS
179 GBP. Range 20 meters. Jams GPS, Wi‐Fi, Cellphone
228 USD. Range 40 meters. Jams GPS
Online purchase possible for jammers with ranges up to 600m – longer range if placed high. Man‐portable jammer device, range 200meter seen at 15.000EUR
CyberKeel
INSERT PARTNER LOGO
Key elements of defense
INSERT PARTNER LOGO
Start at the top
Cyber security does not start with IT, it starts with the C-Level
 Assess the realistic threat picture
 Make a deliberate decision weighting business needs vs cyber security
 Make an implementation plan for the prioritized means







IT tools
IT policies versus employees
IT policies versus customers and suppliers
Make a robust contingency plan
Perform penetration testing using both IT tools and social engineering
Basic awareness training for all staff
Include cyber security aspects in the physical security organization
CyberKeel
INSERT PARTNER LOGO
People & physical access
Typical pathways for cyber attacks:
-
Phone calls
Phishing emails
Planting hardware or virus while physically visiting premises
Break-in to insert e.g. keyloggers or cardreaders
CyberKeel
INSERT PARTNER LOGO
What to do when you get back?
If you believe you need to address the issue, what should you do right now?
-
Take a 1-day workshop for the C-Level to discuss matters and agree on high level priorities
Develop robust contingency plans
Perform a penetration test using both IT and social engineering to identify issues, and prioritize
those
Institute basic awareness training for all employees
CyberKeel
`