Tuesday, November 12, 2019
As naval vessels and offshore assets become increasingly connected, there is a reliance on networked systems for the efficiency and safety of operations.
With more than 90% of the world’s trade utilising shipping methods, there is an ever-increasing reliance on network systems to ensure the efficiency and safety of the operations of these vessels. The risk of cargo management logistics disruption, failing to meet delivery timeframes in the event of delay due to malfunction of GPS on-board vessels, are just some of the reasons insurance companies are refusing to include cover for cybersecurity incidents in the maritime industry.
The days of shipping routes being planned and executed utilising radio communications alone are long gone. As ships and offshore assets become increasingly connected through digital communications and SCADA system development, maritime companies have grown to rely upon constant updates from onboard systems and pre-planning to increase the efficiency and safety of operations.
With this advanced technology and the significant increase in information transfer and reliance, comes an equally substantial security risk. A substantial proportion of the available software platforms used by the maritime industry have both an on-shore pre-planning and oversight systems, as well as onboard control systems that monitor highly sensitive real-time systems such as tank gauging. Along with this, they integrate with the Ship Emergency Response Service (SERS) which provides modelling and calculations in the event of incidents such as collision, explosion, stability and water ingress changes.
While physically accessing the sensors listed above would require a stowaway malicious actor or insider threat, the software platform and network link provide a means for external attackers to falsely report sensor data through exploitation or manipulation of system misconfigurations which could result in monumental financial and reputational losses.
In addition to the complicated and diverse systems on-board the vessel used for asset and ship management, members of the staff and crew also have access to wireless internet for entertainment purposes. Having these devices connected to the same networks or internet connection provides a greater attack surface for malicious actors to infiltrate the network.
Crystal Eye, Red Piranha's crown jewel
Crystal Eye is a next-gen firewall that delivers full-featured network access controls, endpoint protection and critical oversight on network and governance risk. With advanced UTM (unified threat management) features and multi-layered defence, Crystal Eye offers both Intrusion Detection and Protection that is easy to manage and reduce risk exposure from advanced cyber threats and malicious attacks.
Crystal Eye eases the burden of dealing with multiple vendors and platforms while delivering the ability to achieve complete defence-in-depth security protection, allowing marine businesses to focus on their business goals and strategies.
Network segmentation is created using VLANs to logically separate critical and non-critical network traffic, significantly reducing the attack surface that results from the use of ‘bring your own devices’ (BYOD) that may be on-board the ship.
Crystal Eye’s in-built gateway appliance AWL (Application Whitelisting) is applied to all workstations on the ships that interface with the network without having to install and manage multiple endpoint device agents; this includes all BYOD devices, IoT and SCADA devices onboard, made possible by establishing a baseline of network communication (through monitoring SSL traffic) and locking out any malware or unauthorised applications that may find their way to those workstations.
Crystal Eye’s advanced IPS utilises our extensive and regularly updated rule-set to alert or drop traffic that matches known exploits, malware communication, unauthorised services or plaintext applications.
All this information is continuously fed back to the Red Piranha Security Operations Centres (SOC), where our security team is ready to respond to events rapidly. Providing positive confirmation and incident response times that otherwise be extremely costly for companies to implement.
Built to meet compliance standards, easy to use with plug and play deployment and a single dashboard to view your entire security infrastructure, Crystal Eye is the cybersecurity solution to ensure your vessels are protected.
Preventative assurance through active testing, Penetration Testing
While Crystal Eye creates a high level of assurance against known attacks, locks down end-points, segments networks and provides oversight on risk levels and compliance; security misconfigurations, insecure services and poor implementation can provide an additional attack surface for malicious actors.
Red Piranha provides a range of testing services, including Vulnerability Scanning + Assessment, Internal and External Penetration Testing, Web Application Penetration Testing, Physical Penetration Testing and Wi-Fi Penetration Testing. Red Piranha staff work with you and your technical team to identify critical infrastructure and determine the level of assurance required to develop a plan to thoroughly test both your staff and infrastructure.
Maritime security risks are real, and the impact is significant
The physical isolation of shipping vessels does nothing to protect their cyber-security posture, with many notable breaches occurring the past few years. The International Maritime Organization issued Cyber Risk Management Guidelines in 2016 advising industry standards such as ISO/IEC 27001 must be implemented to address cyber threats and vulnerabilities.
On the 8th of July 2019, the US Coast Guard issued a Marine Safety Alert which reported on a successful malware attack on a shipping vessel. The malware had taken control of the on-board computer system, with crew members luckily avoiding losing control of the ship. It was reported that some crew members had used a critical network for non-critical or entertainment activities and that USB ports on workstations had not been disabled, allowing for the installation of malware.