cyber-security threats to the maritime industry annual maritime... · employing cyber-security...
Post on 15-May-2020
10 Views
Preview:
TRANSCRIPT
Cyber-Security Threats to the Maritime Industry
Contents Introduction
Vulnerability Statistics
Known Cyber vulnerabilities within the maritime industry
Case Study 1
Case Study 2
Consequences of vulnerabilities being exploited
Safe Guards
Focusing on South Africa
Introduction
About 90% of the world trade is carried by the international shipping industry. Source: https://ramiwaheed.wordpress.com/2012/09/15/the-economic-role-of-the-shipping-industry/
The maritime domain is turning to technology to improve safety, effectively manage cargo and reduce costs
This change has also meant that companies have inherited vulnerabilities related to technology.
It is estimated that the likely annual cost to the global economy from cybercrime is more than $400 billion. Source: http://www.mcafee.com/jp/resources/reports/rp-economic-impact-cybercrime2.pdf
Vulnerability Statistics
Source: http://www.safety4sea.com/wp-content/uploads/2016/02/ESC-White-paper-on-Maritime-Cyber-Security-2016_02.pdf
Known Cyber Vulnerabilities within Maritime Industry
Cyber threats in the maritime sector can be divided into five major types:
Vessels and safe navigation
Cargo tracking systems Automatic identification systems Satellite communications Marine radar systems
Technologies that hackers have exploited on vessels out at sea:
GPS (GPS Spoofing) Automatic Identification
System (AIS) Electronic Chart Display and
Information System (ECDIS)
A sixth major type that is universally susceptible to cyber-attacks is the supply chain management.
Case Study 1: University of Texas at Austin set out
to discover whether they could subtly coerce a 213-foot yacht off its course, using a custom-made GPS device.
The team was able to successfully spoof an $80 million private yacht using the world's first openly acknowledged GPS spoofing device, which was built with $3000.
From the White Rose's upper deck, graduates broadcasted a faint signals from their spoofing device
Unlike GPS signal blocking or jamming, spoofing triggers no alarms on the ship's navigation equipment.
Once control of the ship's navigation system was gained, the graduates were able to coerce the ship onto a new course using subtle manoeuvres that positioned the yacht a few degrees off its original course.
Source: http://www.engr.utexas.edu/features/superyacht-gps-spoofing
Case Study 2: A crime organization transfers to the port of Antwerp, huge cargo of drugs hidden as bananas from South
America.
The organization hired a group of hackers, who cracked the management systems of two piers in the port.
These systems manage the transport, storage and shipment of thousands of containers passing through the port each day.
The hacking enabled the crime organization to locate every container, even before the real client appeared to collect it.
When the security breach was exposed, the port installed a firewall. However, the criminals did not give up; they penetrated physically into the port and installed wireless bridges on the operating computers, opening a direct access to the operating system.
It took the port about two years to find the reason for the disappearance of containers at the port.
Source: http://www.magal-s3.com/contentManagment/uploadedFiles/White_Papers/Cyber_For_ICS_Antwerp_Case_web.pdf
Consequences of vulnerabilities being exploited
The effect on the global economy.
“Globally, it estimated that cyber-attacks against oil and gas infrastructure will cost energy companies close to $1.9 billion by 2018.” Source: http://www.reuters.com/article/us-cybersecurity-shipping-idUSBREA3M20820140424
The effect on the general marine environment.
General health and safety of crews and employees of the maritime sector.
Source: http://www.counterview.net/2015/12/frequency-of-cyber-attacks-up-by-23-per.html
Safe guards
Skills Development
Enterprise Development
Employing cyber-security experts in key positions.
Creating awareness and training for employees in the maritime industry.
Continuous probing and testing on the organisation’s own defence should take place in order to find security holes before an attacker does.
Focusing on South Africa
South Africa is the most targeted country in the world for cyber-crime,
Aging infrastructure and outdated organizational structure and practices are some of our primary concerns that need to be addressed.
This is according to the Cisco Annual Security Report.
With the goals to turn Durban Port into a “Smart Port”, not enough emphasis can be placed on how important it is to ensure a proper cyber security platform is implemented as part of the foundation of the “Smart Port”
Questions and Answers
“The best thing about the future is that it comes one day at a time.” Abraham Lincoln
top related