Potential Hazards of Cyber-Attacks in the Maritime Industry

Discuss About The Protecting Critical Infrastructure At State.

Very important and vulnerable targeted networks needs updates as well as support by website psychology because vessels are often linked to the global websites (like Engine Maintenance system and ECDIS). Companies on the other hand, have created IT sectors to help shore based exercises as well as the supervised vessels necessities that require correspondence internet and connections (Clark and Hakim, 2017).

The expanded utilization of electronic information exchange improves the probability of online-attacks in sophistication variety, and frequency (Peckham, 2012). These might result from a USB stick, which presents malware targeted to acquire delicate business data, from a certain email with definite ship data sent to obscure individuals, to the total-scale subversion of an organization’s shore-based information technology framework, or the potential compromise of frameworks on board ship (Amin and Giacomoni, 2012). The quantity of potential hazard situations is huge and continues developing. Crooks utilize whichever hacking innovation is the most appropriate and frequently direct it to particular targets (Kramek, 2013).

1. Untargeted attacks: This is where a ship or a company’s data and systems are some of many possible targets (Fitton, Prince, Germond and Lacy, 2015). The attacks employ common based skill to locate identified susceptibilities common for various vessels or companies.
2. Targeted attacks: This is where a ship or a company’s data and systems are the planned target (Ryan, Mazzuchi, Ryan, De la Cruz, and Cooke, 2012). The attacks employ more sophisticated tools and technology specifically created to harm a particular targets (vessel or company).

The VSAT (Very Small Aperture Terminal) broadband capacity allows vessels to have uninterrupted linking to the Internet, hence they are exposed to the risks of being attacked (Stone, 2013). Consequently, and due to the increase in cyber-attack cases all over the globe, this is encouraging this business to be vigilant on this issue.

After introduction of malware into a ship system or a computer linked to the web, a common activity that malware does is to create a secret command communications outward (Egloff, 2015). The outcome is possible exfiltration of information, network encryption, and several other severe exploits. This kind of communication is potentially not recognized by ISP scanning or antivirus as a risk.

Possible attackers that might execute a Cyber-attack can be a Criminal (to make profits), Activists (to disrupt operations or damage reputation), Opportunists (aiming to challenge), or Terrorists (to gain politically)

• Survey – Data gathering and creating the attacking method
• Delivery- The tools to be used for  the attack are delivered in vessel’s or company’s system
• Breach – Accessing the system
• Affect – The outcomes of the attacks

It is important to be proactive; hence, there are few security/preventative management that should be put in place (Elazari, 2015). These are internet filtering (vessels already accessing internet), firewalls, standalone Computer which have sensitive data, as well as safety software, which locks the computer demanding password to unlock it (and antivirus) (McNicholas, 2016).The important thing is that the awareness concerning the hazard of marine cyber-attacks is growing (Gottschalk, 2010). Nevertheless, the sector yet does not have the mostly intensified risk awareness. Since no key incident about any vessel that has been raised to date, lots of people in the business are aware about the danger associated, with online incidents mainly known as onshore activities, even if the amount of cases affecting the shipping business has recently been increasing (Rosenzewig, 2014).

Attackers and their Motives

Ships’ officers and Captains have basic information about cyber security, gotten from experiences in the ships (Park and Bang, 2016). Many are comparatively knowledgeable and might be of big help when need be if they are given the right responsibility and instruction to help the shoreline person in control of cyber security (Boyes, 2015). Nevertheless, many officers and Captains lack this know-how and requires help to acquire the understanding and confidence of what is expected of them.

Many systems have only capacity of identifying and obstructing known risks (Priest, and Arkin, 2010). Regrettably, the rate at which the innovation of the malware is happening is growing, zero day activities are common, as well as a strategy that depend entirely on a limit defense planned to eliminate known risks will never be effective…” 6

Routinely perform Vessel Vulnerability Assessments and Penetration Tests across trial vessels in the convoy, rotating the vessels being sampled in the fleet (Mathew, Al Hajj, and Al Ruqeishi, 2010). Combining ones assessment with that by external cyber-security specialists is a ‘good practice’ for it will deliver a more beneficial evaluation.

Outlining procedures, policy, as well as the people responsible for the Vendor/Service network access involved. It should be known to the vendors so that they include into their vessel visit requisite (Fischer, Liu, Rollins, and Theohary, 2013). Vendor’s emergency contact should be identified in advance because of very critical systems.

IT related venture towards software and hardware apprises to the fleet and office is vital embrace at the earliest opportunity (Deibert and Rohozinski, 2010). The ‘set and forget’ cyber safety programs based on software and hardware strengthening has been confirmed ineffective in several international industries offering a false feeling that all is well with the world. Cyber-attack is a developing danger that requires adaptability and continuous efforts (Burton, 2013).

A platform of upgrading networks onboard as well as computer systems with ‘useful life’ (hardware) is generally unavailable for ships. Vessels have extremely outdated PCs, containing unsupported software and operating systems (Ya?dereli, Gemci, and Akta?, 2015). Additionally, unapproved connected software is a known risk and it is a key contributor to malware system and virus.

All unapproved hardware and software should be removed from a vessel’s networks and PC and perform planned time-to-time checking as a means of maintenance and defense hardening (Shackelford, Proia, Martell, and Craig, 2015). Since it is a hard task there should be known members of the team in charge of cyber safety onboard, which has a clear procedure for giving reports to the cyber-security individual in charge of ashore (Caponi and Belmont, 2015).

Management and Security Measures for Cyber-Resilience

Set enforceable and clear consequences for failures to follow strategy or a cruel act, which is supposed be included in the cyber-security plan (Jensen, 2015).

A vessel management business has many diverse business relationships, scope and types of organization. It is recommendable to put in place cyber-security standards that are given to every ship manager/owner across fleets (Caponi and Belmont, 2015).

References

Jensen, L., 2015. Challenges in Maritime Cyber-Resilience. Technology Innovation Management Review, 5(4), p.35.

Deibert, R. and Rohozinski, R., 2010. Liberation vs. control: The future of cyberspace. Journal of Democracy, 21(4), pp.43-57.

Kramek, J., 2013. The critical infrastructure gap: US port facilities and cyber vulnerabilities. Center for 21st Century Security and Intelligence.

McNicholas, M., 2016. Maritime security: an introduction. Butterworth-Heinemann.

Rosenzewig, P., 2014. International law and private actor active cyber defensive measures. Stan. J. Int’l L., 50, p.103.

Fischer, E.A., Liu, E.C., Rollins, J. and Theohary, C.A., 2013. The 2013 cybersecurity executive order: Overview and considerations for congress. Congressional Research Service.

Burton, J., 2013. Small states and cyber security: The case of New Zealand. Political Science, 65(2), pp.216-238.

Ya?dereli, E., Gemci, C. and Akta?, A.Z., 2015. A study on cyber-security of autonomous and unmanned vehicles. The Journal of Defense Modeling and Simulation, 12(4), pp.369-381.

Shackelford, S.J., Proia, A.A., Martell, B. and Craig, A.N., 2015. Toward a global cybersecurity standard of care: Exploring the implications of the 2014 NIST Cybersecurity Framework on shaping reasonable national and international cybersecurity practices. Tex. Int’l LJ, 50, p.305.

Mathew, A.R., Al Hajj, A. and Al Ruqeishi, K., 2010, June. Cyber crimes: Threats and protection. In Networking and Information Technology (ICNIT), 2010 International Conference on (pp. 16-18). IEEE.

Priest, D. and Arkin, W.M., 2010. Top Secret America—A Washington Post investigation. A hidden world, growing beyond control: The government has built a national security and intelligence system so big, so complex and so hard to manage, no one really knows if it’s fulfilling its most important purpose: Keeping citizens safe. Washington Post, p.1.

Boyes, H., 2015. Cybersecurity and cyber-resilient supply chains. Technology Innovation Management Review, 5(4), p.28.

Park, N. and Bang, H.C., 2016. Mobile middleware platform for secure vessel traffic system in IoT service environment. Security and Communication Networks, 9(6), pp.500-512.

Gottschalk, P., 2010. Categories of financial crime. Journal of financial crime, 17(4), pp.441-458.

Elazari, K., 2015. How to survive cyberwar. Scientific American, 312(4), pp.66-69.

Yang, C.C. and Wei, H.H., 2013. The effect of supply chain security management on security performance in container shipping operations. Supply Chain Management: An International Journal, 18(1), pp.74-85.

Egloff, F.J., 2015. Cybersecurity and the Age of Privateering: A Historical Analogy.

Stone, R., 2013. A call to cyber arms.

Ryan, J.J., Mazzuchi, T.A., Ryan, D.J., De la Cruz, J.L. and Cooke, R., 2012. Quantifying information security risks using expert judgment elicitation. Computers & Operations Research, 39(4), pp.774-784.

Fitton, O., Prince, D., Germond, B. and Lacy, M., 2015. The future of maritime cyber security.

Amin, S.M. and Giacomoni, A.M., 2012. Smart grid, safe grid. IEEE power and energy magazine, 10(1), pp.33-40.

Peckham, C., 2012, November. An overview of maritime and port security. In Homeland Security (HST), 2012 IEEE Conference on Technologies for (pp. 260-265). IEEE.

Clark, R.M. and Hakim, S., 2017. Protecting Critical Infrastructure at the State, Provincial, and Local Level: Issues in Cyber-Physical Security. In Cyber-Physical Security (pp. 1-17). Springer, Cham.

Caponi, S.L. and Belmont, K.B., 2015. Maritime Cybersecurity: A Growing Threat Goes Unanswered. Intellectual Property & Technology Law Journal, 27(1), p.16.