MARITIME CYBER

SECURITY

Presented by:
Raveen Ajith
INTRODUCTION

 About 90% of the world trade is carried by the international

shipping industry.

 Maritime industry is turning to technology – Safety, effectively

manage cargo and to reduce costs.

 Ships are increasingly using systems that rely on digitization and

automation.
 IMPLEMENTATION

 Information technology and the operational technology onboard are

networked together- more frequently connected to the internet.

 Example: The PARIS Portal (Planning And Reporting Infrastructure for

ships)
A cloud based system which provides an online real time dashboard
showing the vessels performance, condition and profitability.
Internet Onboard-pros And Cons:

Pros: Cons:

o Getting updated with current o Onboard social life

affairs o Arguments –limited internet-
o Managing finances excessive usage- access control.
o Second line of o Rest hours
communication.
o Social media
o Emergencies at home
o Distraction
o Downloading digital manuals
DIGITALISATION OF THE MARITIME INDUSTRY

o This change has also meant that companies have inherited vulnerabilities and
risks related to technology.

o What is the response of the maritime industry to safeguard these vulnerabilities?

Cyber security:
Techniques of protecting computers, networks, programs and data from
unauthorized access or attacks that are aimed for exploitation.
Threats To The Maritime Industry

 Activists –cause reputational damages, disruption of operations.

 Criminals-financial gain, commercial and industrial espionage.

 Opportunists- break through cyber security defenses.

 States, State sponsored organisations and terrorists-political gain,

espionage, disruption to economies, critical national infrastructure.
Types of cyber attack

 In general, there are two categories of cyber-attacks, which may

affect companies and ships:
 1. Untargeted attacks, where a company or a ship’s systems and
data are one of many potential targets.
 2. Targeted attacks, where a company or a ship’s systems and
data are the intended target.
Untargeted Attacks
Malicious software which is designed to
access or damage a computer without
the knowledge of the owner.

Non-Technical method-manipulate- insider

individuals through social media
interaction
Untargeted Attacks

Sending emails/links to random

targets for sensitive data

WATER HOLDING • Establishing fake websites, compromising a

genuine one to exploit the visitors
 Targeted attacks
BRUTE FORCE
Trying out many passwords
eventually guessing the correct one.

Denial of service (DoS)

Prevents authorised users
from accessing
information, usually by
flooding a network with
data.
 Targeted attacks

SPEAR PHISHING
Individuals are targeted with
personal emails

SUBVERTING THE SUPPLY CHAIN

Attacking a company or ship by compromising equipment and
software that are being delivered to them.
 STAGES OF A CYBER ATTACK
RECONNAISSAN
CE
Public sources- gain
information- social media-
publications-vulnerabilities
Extent-breach the
system- vulnerability-
method of delivery
DELIVERY BREACH EFFECT
Gain access to Result of the cyber attack-
the company and motivation and objectives
ship systems. • Unauthorised access
• Sending • Manipulation of data
emails • DoS
• USB medias • Modify-make changes to affect • Disruption of normal
operations
system ops-Navigation
• Unauthorised access-Cargo
manifests/crew, passenger list
• Take over- Machinery MS
 ONBOARD SYSTEMS VULNERABLE TO THE ATTACK
 CARGO MANAGEMENT SYSTEMS

• Digital systems used for the management and control of cargo.

• Such systems may include shipment-tracking tools available to

shippers via the internet.

• Interfaces of this kind make cargo management systems and data

in the cargo manifests vulnerable to cyber-attacks.
 BRIDGE SYSTEMS
• Bridge systems connected to the network:
Interfaces with shore side for updates and services.
• Bridge systems not connected to the internet:
removable media are used to update such systems
• One cyber incident like DoS or data manipulation can affect all
systems associated with navigation including ECDIS, GNSS, AIS,
VDR, ARPA.
MANIPULATION OF NAVIGATIONAL SYSTEMS
 PROPULSION AND MACHINERY CONTROL SYSTEMS

• The use of digital systems to monitor and control on board

machinery, propulsion and steering make such systems vulnerable to
cyber-attacks.

• The vulnerability of these systems can increase when they are integrated
with navigation and communications equipment on ships
 Access control systems

• Digital systems are used to support access control which ensures

physical security and safety of the ship.

• CCTV, SSAS etc. are part of the access control systems with
interfaces to shore side networks.

• Use of outdated antivirus software in the computers on-board ships.

 CASE STUDY:
Vanishing Containers In The Port Of Antwerp (2011)

o A Dutch-based trafficking group hid cocaine and

heroin among the cargoes, which were shipped in
containers from South America.
o The organized crime group used hackers to
infiltrate computer networks in two companies
operating in the port of Antwerp.
o The breach allowed hackers to access the location
and security details of containers, which means
that the traffickers could send in lorry drivers to
steal the cargo before the owner arrived.
 Attack was set in a number of stages:
 Malicious files emailed to company staff
-access data remotely.
 When the breach was discovered-firewall installed
-prevent further attacks
 Hackers broke into the premises and fitted key-logging devices
onto their servers.
 This gave them wireless access to the company systems and the
company is not even aware of the breach.
 Workers eventually realized that the containers were disappearing
without any explanation.
 This continued for two years until it was stopped by the Dutch
police in 2011.
RECENT CYBER ATTACK IN THE MARITIME INDUSTRY

 JUNE 2017
 LA Port Terminal operated
by Maersk Lines Shut Down
Following a Ransom-ware
attack “Petya” which
demanded $300 in Bitcoins
as ransom.

Petya's ransom note displayed on a compromised system

PROTECTION AND DETECTION MEASURES

 Technical protection measures

 focus on technical protection.

 Procedural protection measures

 focus on how the personnel use on-board systems

 TECHNICAL PROTECTION MEASURES:
 Control over network ports

 There should be an access list of authorised users who

are allowed to enter the controlled network. This can
prevent unauthorised access to ship’s network.

 Configuration of network firewall

 Uncontrolled networks like the private internet access

for the crew should be separated from the controlled
networks which are critical to the operation of the ship.

 Use of updated anti-virus software.

 TECHNICAL PROTECTION MEASURES:
 Physical Security
 Safety critical equipment and cables should be protected from unauthorised
access.
 Detection, blocking,alerts
 IDS(Intrusion Detection System) or IPS(Intrusion Prevention System) must be
incorporated with the firewall onboard.
PROCEDURAL PROTECTION MEASURES

 Access for Visitors

 Visitors- authorities, technicians, agent, port officials etc. should be
restricted to computer access while on board.
 Removable media blockers to be used where ever necessary.
 Remote access
 Clear guidelines should establish who has permission to access, when
they can access, and what they can access.
PROCEDURAL PROTECTION MEASURES

 Equipment disposal, including data destruction

 Obsolete equipment like an old laptop can contain data which is

commercially sensitive or confidential.

 The company should have a method to properly destroy the

outdated equipment’s data so that the data cannot be retrieved
from it.
LATEST DEVELOPMENTS:

 IMO Imposes Cyber Security On Ship ISM (June 2017)

 IMO has given ship owners and managers until 2021 to

incorporate cyber risk management into ship safety.

 Lloyd’s Register Acquires Cyber Security Specialist (March 2018)

 Lloyd’s register has acquired cyber security specialist Nettitude

which employs 140+ cyber security specialists globally.