Date post: | 11-Jan-2017 |
Category: |
Presentations & Public Speaking |
Upload: | george-pouraimis |
View: | 259 times |
Download: | 0 times |
Cyber Security
in Maritime
Environment
George PouraimisCyber Security Analyst
2nd ICT Security World Conference
Contents
1. Need for defense
2. Know your enemy
3. Cyber kill chain
4. How to defend2nd ICT Security World Conference
Need for defense
2nd ICT Security World Conference
Cyber attacks in UK oil and gas industry cost about 400 million pounds ($672 million) / year
Awareness on cyber security in maritime sector is low to non-existent.
Data Source: www.reuters.com
Need for defense
2nd ICT Security World Conference
In maritime industry attacks often remain in secret
Critical infrastructure & Cybersecurity (HORIZON 2020)
Blue
Economy
90 %Europe’s external
trade is carried
out at sea
2nd ICT Security World ConferenceData Source: ec.europa.eu
…some statistics
89%of breaches had a financial
or espionage motive
2nd ICT Security World ConferenceData Source: Symantec ISTR 2016Data Source: Verizon DBIR Report 2016
…some statistics
50%of incidents related to
errors by admins
2nd ICT Security World ConferenceData Source: Symantec ISTR 2016Data Source: Verizon DBIR Report 2016
…some statistics
23%of people open and
click on phishing emails
2nd ICT Security World ConferenceData Source: Symantec ISTR 2016Data Source: Verizon DBIR Report 2016
Know your enemy
Activists and insiders
Criminals for ransom and espionage
Opportunists for financial gain
Terrorists for (geo)political reasons2nd ICT Security World Conference
How hackers attack?
2nd ICT Security World Conference
Un-Targeted
1. Social engineering
2. Phishing
3. Water holing
4. Ransomware
5. Scanning
Targeted
1. Spear-phishing
2. Using botnets
3. Compromising supply chain
Cyber Kill Chain
2nd ICT Security World Conference
Reconnaissance
Weaponization
DeliveryCompromise /
Exploit
C2
Exfiltration
Data Source: digital-forensics.sans.orgData Source: BIMCO
SurveyReconnaissance
Delivery Breach
Affect
Case Study
2nd ICT Security World Conference
Phishing
Emaillink
Emailattachment
Malware Stealcredentials
Backdoor C2
Cyber threats onboard
ships
2nd ICT Security World Conference
Communication systems (SATCOM, VOIP, WLAN)
Navigation systems (GPS, ECDIS, AIS, Radar)
Propulsion & power control systems
Access control systems (CCTV, BNWAS, SSAS)
Cyber threats onboard
ships
2nd ICT Security World Conference
Cargo management systems (CCR)
Passenger servicing & management systems
Passenger and crew networks (WiFi, LAN)
Core infrastructure systems (Router, FW, VPN)
How to defend?
Assess the risk 1. Risk assessment by internal IT admins
2. Risk assessment by specialists (Pen Testers)
Reduce the risk 1. Address cyber security vulnerabilities
2. Follow the procedures
2nd ICT Security World Conference
Internal Risk
Assessment
1. Define technical audits and procedures
2. Identify systems that are vulnerable
3. Evaluate main operations that are vulnerable to
cyber attacks
4. Identify the impact of cyber incidents2nd ICT Security World Conference
Vulnerability
Assessment
1. Scoping and Planning
2. Execution (Reconnaissance -> Mapping ->
Discovery -> Exploit )
3. Vulnerability review/reporting
4. Debriefing2nd ICT Security World Conference
Manage procedures
TrainingOnboard ships (officers and staff)
Ashore (managers and personnel)
Security Awareness Emails, Internet use, Devices, Software, Passwords, non-company personnel, Reports, Maintenance
2nd ICT Security World Conference
Incidence Response
2nd ICT Security World Conference
Identify incident
Limit damage
Prevent further damage
Isolate and
restore affected systems
Recover systems
Lessons Learned
Maritime Cyber Security
Guides
IMO: Guidelines on the facilitation aspects of protecting the maritime transport network from cyber threats (2016)
BIMCO: Guidelines on Cyber Security onboard Ships (2016)
ENISA: Analysis of cyber security aspects in the maritime sector (2011)
2nd ICT Security World Conference
Cyber Security Guides
ISO/IEC 27000-2016: Security techniques --Information security management systems NIST: Framework for Improving Critical Infrastructure Cybersecurity (2014)
Executive Order 13636: Improving Critical Infrastructure Cybersecurity (2013)
2nd ICT Security World Conference
Thank you for your
attention
George PouraimisCyber Security Analyst
2nd ICT Security World Conference