maritime cybersecuritymciba.ru/kcfinder/upload/files/eer2018 - maritime cybersecurity... · many...
TRANSCRIPT
Maritime CybersecurityFuture-Proofing the Maritime Cyber Ecosystem
June 2018
www.pwc.com
PwC
The Maritime Ecosystem is Changing…
Between 2015 and 2018 internet access in several shipping sectors has doubled, and in the case of bulk carriers, tripled.
Connectivity is now driven by business, vessel crews and passengers
75% of seafarers who filled out this year’s Crew Connectivity Survey said connectivity
influences their choice of employers.
2
June 2018
Source:
Crew Connectivity Survey 2018
PwC
Connected ships create a world of possibility…
3
June 2018
Information Technology (IT) and Operational Technology (OT) onboard ships are increasingly being networked together and through the Internet integrated with shoreside operations enabling :
• Engine performance monitoring
• Condition monitoring
• Remote diagnostics & maintenance
• Energy efficiency optimization
• Voyage performance monitoring
• Cargo, crane and pump management
• Etc.
Isolated
Operations
Connected Operations
Integrated Operations
Remote Operations
Autonomous Operations
PwC
…but, new opportunities bring new challenges
Increasing integration of IT and OT and connectivity to the Internet increase the attack surface of a modern commercial vessel.
• Ship equipment can now be remotely accessed & monitored.
• Business-critical, sensitive & commercially sensitive information can be shared with shore-based providers.
• Interfaces exist between the ship and other parts of the global supply chain.
• Ship crew can now access anything on the Internet.
Reliance on legacy systems and the global supply chain make the challenge even greater!
And so does lack of awareness (at sea and at shore).(41% of Seafarers responding to the Crew Connectivity Survey said the responsibility lies with the Master of the ship)
Many market insurance policies specifically exclude losses or liabilities arising from cyber risks!
4
June 2018
PwC
And it’s not just ships…
5
June 2018
Vessels
Ports
Rigs
Navigation Systems
Offices
Vessels
Ports
PwC
What can be exploited?
Everything
6
June 2018
Cargo management systems
Bridge systems
Propulsion and machinery management systems
Passenger facing public networks
Administrative crew welfare systems
Power control systems
Passenger servicing and management systems
Access control systems
Communications systems
Industrial Control Systems
Any operating system
Navigational Systems (RADAR, AIS, ECDIS, GNSS etc.) Any business
software application
Crew, Employees and Contractors
Any mobility device (RFID)
PwC
Who are the perpetrators?
• Nation States; State sponsored organisations
• Pirates/Terrorists
• Criminal Organisations
• Rival companies
- Charter parties/rates, ship designs, client information
• Opportunists
• Insiders
- Disgruntled employees or Sloppy employees.
7
June 2018
PwC
Why are they attacking?
Threat actors have:
A range of motivations:
• Political motivations
• Espionage (State, Commercial & Industrial)
• Financial incentives
• Disruption of operations
• Reputational Damage
• The challenge
A range of objectives:
• Disrupting economies / critical infrastructures
• Intelligence gathering
• Destruction of data/ Leaking of sensitive data
• Denial of Service
• Media attention
• Financial gain
8
June 2018
PwC
How are they attacking?
Two categories of cyber attacks that can affect companies and ships :
• Untargeted attacks – company or ship’s systems and data are one of many potential targets e.g.
• Broadbased Malware
• Phishing
• Water holing
• Targeted attacks – company or ship’s systems and data are the intended target e.g.
• Spear phishing
• Social engineering
• Targeted Malware
• Denial of Service
• Subverting the supply chain
Both types of attacks have already been observed with varying consequences! 9
June 2018
PwC
What is the potential impact?
10
June 2018
Personal data loss
Intellectual property loss
Direct and indirect financial loss
Reputational damage
Loss of human life/injury
Environmental damage
Damage to physical assets
PwC 11
June 2018
The known knowns…2010
2011
2012
2013
• Malware overwhelms underway off-shore drilling rig in Asia, forcing a prolonged shutdown.
• Hackers penetrated the servers of IRISL (Islamic Republic of Iranian Shipping Line – 172 vessels and shore-based systems) and compromised manifests, falsified data concerning rates, altered loading cargo numbers, delivery dates and places – resulting in certain containers getting delivered to the wrong destination or getting lost.
• Foreign military compromises multiple systems onboard commercial ship contracted by U.S. TRANSCOM.
• North Korea uses lorry-mounted devices to block GPS signals in South Korea for 16 days, causing 1,016 aircrafts and 254 ships to report disruption.
• Hackers working for a criminal syndicate, compromised the cargo system controlled by the Australian Customs and Border Protection Service agency. Cyber criminals wanted to identify shipping containers were suspected by the police or customs authorities so as to abandon those containers.
2011
PwC 12
June 2018
The known knowns…2013
2014
2014
2016
• European authorities announce drug smugglers had breached cargo tracking systems at the port of Antwerp (Belgium) to facilitate heroin and cocaine smuggling. Hackers controlled container movement and tracking information for over 2 years.
• While drilling in the Gulf of Mexico, workers from a U.S. based oil company accidentally uploaded malware onto the main computer of the Mobile offshore drilling unit. The malware paralyzed the rig from communicating to its navigation system. The malware was introduced via a USB drive which held pornographic images and illegally downloaded music.
• Major-fuel supplier World Fuel Services (WFS) fell victim to a bunkering scam reportedly costing the company $18 million. Scammers impersonated the U.S. Defense Logistics Agency and instigated a fake fuel supply tender to WFS; the company purchased and supplied the fuel at sea to a tanker off the Ivory Coast only to realise – on presentation of its invoice – the U.S. Agency had no record of it.
PwC 13
June 2018
The known knowns…2015
2016
2017
2017
• Limassol based shipping company received an email purportedly from their fuel supplier in Africa requesting a payment of $644,o00. The company complied only to receive an email from the actual supplier later requesting their payment.
• Global shipping company hacked by pirates who for several months would board a vessel, locate crates of valuables by bar code, steal those specific crates and depart without an incident being raised.
• Charterer's email account hacked and used to facilitate fraudulent payment. Vessel was detained on the basis the Charterer’s agents did not receive funds for port clearance.
• French defense contractor Naval Group—previously known as DCNS—suffered a massive data breach in 2016 that resulted in the loss of 22,400 documents detailing the combat capabilities of its Scorpène-class submarine.
PwC 14
June 2018
The known knowns…2017
2014
2018
2016
• The world’s largest container shipping line Maersk was hit by the NotPetya wiper distributed through the Ukrainian accounting software it used. The attack corrupted company data and forced the company to replace 45,000 PCs, 4,000 servers and install 2,500 applications. Overall cost between $250-$3o0 million.
• Svitzer, a subsidiary of the Maersk group suffered a data breach that saw between 50,000-60,000 emails containing private personnel information of more than 400 employees (including tax files, superannuation numbers and next of kin names) auto-forwarded to accounts outside the company. The breach went unnoticed for 10 months.
• Attack group Gold Galleon targeted shipping companies using spear phishing emails with malicious attachments in an attempt to steal a minimum of $3.9 million U.S. dollars through fraudulent invoicing. The malicious attachments would enable the stealing of email credentials of individuals responsible for handling business transactions.
PwC 15
June 2018
Navigating Dangerous Waters
Assess your exposure to cyber risks
• Understand your threats
• Assess their impact and likelihood
• Determine what controls you need
Implement technical & procedural controls
• Manage your risks
Assess the effectiveness of your controls
• Ensure ongoing risk management
• Communicate with corporate governance
Establish a contingency plan
• Ensure continuity and resilience
• Deal with disasters
Develop your cyber incidentreadiness
• Effectively detect cyber incidents at sea and at shore
• Respond and remediate
Standards & Guidelines are available e.g.• IMO Guidelines on Cyber Risk Management
• BIMCO Industry Guidelines on Cyber Security on-board ships
PwC
Should you care? Getting the basics right…
• Are your on-board Wi-Fi networks using strong passwords / admin passwords changed from default?
• Do you have contingency plans to deal with spoofed GPS, ECDIS position manipulations etc.?
• Is your crew cybersecurity aware?
• Are you sure your technology suppliers take cybersecurity seriously?
• Have you confirmed the effectiveness of your controls and procedures?
• Are your satcom systems on the public internet?
• Are the passwords on your satcom systems changed from the manufacturer default?
• Is the software on your satcom systems updated?
• Are your bridge, engine room, crew, Wi-Fi and business networks on board logically separated?
• Are USB ports on your ships locked down? (except dedicated ones)
16
June 2018
PwC
The future is coming (and fast)…
• Smart vessels, fleets and ports (IoT)
IBM and the Port of Rotterdam (Europe's largest shipping port) are partnering to create a digitized smart shipping port, complete with IoT sensors and other connected devices. (31 Jan 2018)
• Automated and autonomous vessels (Unmanned vessels)
The world’s first zero emission, autonomous container feeder will be delivered from the yard in the Q1 2019 and expected to operate autonomously by 2020.
17
June 2018
Thank you!
© 2018 PricewaterhouseCoopers Ltd. All rights reserved. In this document, “PwC” refers to
PricewaterhouseCoopers Ltd which is a member firm of PricewaterhouseCoopers International
Limited, each member firm of which is a separate legal entity.