An attack on an OT network ( or maritime vessel network ) can have black consequences and jumper cable to injury, loss of life, asset damage or environmental impact .
When we see a dangerous security vulnerability or debilitating cyberattack appear in the ( about ) day by day headlines, the floor is normally the same : a hacker compromises an enterprise network and steals personnel data, credit card numbers, product roadmaps, confidential emails and more. And just for playfulness ( and money ), a hacker will hold the data for a ample ransom and threaten to publish the information if the payment international relations and security network ’ triiodothyronine received .
But there is a solid other world of cyberattacks, where hackers target operational engineering ( OT ) environments that hold infrastructures in manufacture, fare, defense, utilities and others .
Read more in our Comprehensive Guide to Maritime Cybersecurity.
An attack on an OT network ( or maritime vessel network ) can have black consequences and lead to injury, loss of life, asset damage or environmental shock .
In this post, we ’ ll prima donna into how a hack can attempt to compromise the on-vessel OT net, spirit at a couple of real-world examples and help you eliminate the physical impact of cyber threats in your nautical environment .
Let’s Get Physical: A Hacker’s Approach
The tempt of hacking industrial systems and programmable logic controllers ( PLCs ) on nautical vessels stems from their lack of built-in security. besides, nautical vessel networks have historically been flat and sequester, with air-gapping as the “ security solution ” of choice. Because of this, security had not been top of thinker. But as these networks become more connected, the approach open on a vessel increases. With inadequate or no cleavage at all between the IT and vessel networks, the terror of malware making its way into the vessel networks and spreading laterally toward critical controls is substantial .
As maritime organizations recapitulation and adjust their security architectures, one of the commend frameworks for them to adopt is the Purdue model .
figure 1 : Purdue Enterprise Reference architecture
If we look at a typical attack sequence, a hacker will probably attempt to infiltrate the vessel ’ mho OT network through diverse methods. They will look for vulnerable entrance points through satellite communications terminals, open or unprotected Wi-Fi networks, endpoints in the IT/corporate network and maritime-specific systems. Some common attack vectors include spear phishing, compromised or misconfigured endpoints, and stolen credentials. If the hack is onboard, they can infiltrate systems directly with infect USB flick drives .
figure 2 : Hacker Attack Sequence
once they get in, they ’ ll hide through versatile bewilderment methods and finally assume control of critical control systems and devices. The hacker can now compromise things like navigation and communications systems, open or close critical valves, and take over propulsion and rudder controls – and the consequences can be black.
Read more: Maritime search and rescue – Documentary
Maritime Security Incidents: Physical Cyber Threats in the Real-World
There have been a growing number of cyberthreats targeting OT networks, but more often than not, those incidents are not reported. According to the SANS 2019 State of OT/ICS Cybersecurity Survey, despite the growing requirement to publicly acknowledge incidents, 43 % of respondents admit being restricted by internal policy from sharing such information outside of official organizational channels, as opposed to 25 % in 2017. In fact, the United States Coast Guard ’ randomness 2018 admonition on the Emotet malware came after a merchant vessel was infected with it ascribable to an about total miss of cybersecurity safeguards. The ship was not named to encourage others to report cybersecurity incidents. And since the Coast Guard ’ randomness 2018 admonition, there have been extra warnings issued, and they have shared cybersecurity best practices for commercial vessels .
On July 5, 2020, X-FAB Group, a leading analog/mixed-signal and micro-electro-mechanical systems foundry group manufacturing silicon wafers for automotive, industrial, consumer, medical and other applications, became the latest victim of Maze ransomware. The approach resulted in a full closure of X-FAB Group ’ s IT systems and production at all six fabrication sites, american samoa well as the delay of the company ’ south publication of second-quarter results. besides, the group behind the attack has publicly released some of the data stolen from the company in the form of zip up files. As of July 13, 2020, production has resumed at one of X-FAB Group ’ s manufacturing sites, with the others back in production as of August 27, 2020 .
In 2015, a steel factory in Germany was struck by hackers in what was, at the prison term, merely the second confirm case of a cyberattack causing physical damage ( Stuxnet being the first ). Hackers gained access to the steel mill through the enterprise network via a spear-phishing attack and were then able to work their way into production networks to access systems that controlled plant equipment. Showing expertness in their cognition of industrial control systems, the hackers were able to compromise person restraint components and even entire systems. The plant was unable to shut down a savage furnace, resulting in massive damage to the system .
In the maritime cybersecurity world, danish ship giant Maersk ( A.P. Møller-Maersk ) fell victim to NotPetya in June 2017. While Maersk lost most of its data, applications, over 49,000 laptops and about one-half of their servers, the computers on their actual ships were spared. however, the terminals ’ software designed to receive the Electronic Data Interchange files from those ships had been wiped entirely .
Where ships ’ systems were involve occurred in June 2017, when a GPS spoofing attack involving over 20 ships in the Black Sea made them “ disappear. ” rather of showing actual positions, ships were being shown 25 to 30 miles away at Gelendzhik airport. When one ship operator radioed the other vessels, it was confirmed that there was an consequence with everyone ’ sulfur GPS. GPS spoofing can deliver potentially catastrophic consequences : ships could be directed off path and criminals could take advantage to steal valued cargo .
Maritime Security Today: How Can You Eliminate the Physical Impact of Maritime Cyberthreats?
Before you can eliminate the physical impact of maritime cyberthreats, you need to have a baseline sympathize of what is in your IT/OT net environment so that you can classify and manage them appropriately. then you can analyze communication flows, identify any security gaps and take the allow actions to :
Protect: Restrict unauthorized access and block abnormal or malicious activity from reaching important controllers and Level 1 devices .
Monitor: Continuously monitor network IP levels, alongside digital and analogue signals with a dependable, multi-layered system .
Detect: Conduct analysis in real-time with automatize incident detection.
Inform: Keep trusted operators and cybersecurity professionals informed through give communications systems .
Collect: Gather system data from digital and analogue sensors, actuators, controllers, and the OT network for forensic purposes .
Correct: Execute automated or operator-guided responses, system restorations, and reset functions to safe engage states .
