Maritime Cyber Security
Shipping companies are becoming increasingly aware of the growing threat to shipping caused by the surge of cyber threats and are keen to comply with IMO and other maritime regulators guidance in meeting best practice in cyber protection for their fleet and the expected updating of the US “Strengthening Cyber Security Information Sharing and Coordination in Our Ports Act” (2015) which could see mandatory reporting for all vessels entering US waters.
The interim IMO guidance issued in June 2016 draws heavily on the Identify, Protect, Detect, Respond & Recover model introduced by the US National Institute of Standard and Technology Preliminary Cybersecurity Framework - Improving Critical Infrastructure Cybersecurity Executive Order 13636.
CYBER SECURITY Framework Core
Risk management strategy
Security awareness & training
Information protection processes
Anomalies and events
Mitigation of security events
The IMO guidance, together with the Cyber Security guidance produced by BIMCO, CLIA, ICS, Intercargo and Intertanko, is aimed at protecting the technologies which have become essential to the operation and management of shipping which include but are not limited to:
- Bridge Systems;
- Cargo handling and management systems;
- Propulsion and machinery management and power control systems;
- Access control systems;
- Passenger servicing and management systems;
- Passenger facing public networks;
- Administrative and crew welfare systems; and
- Communications systems.
Although not required by any of the above mentioned guidance or regulatory regimes, Kroll recommends that all vessel operators ensure that their office based IT and communications systems are at least protected to a level compatible with ISO 27001. If you are unsure, Kroll can conduct a gap analysis to determine the level of compliance and highlight any shortcomings identified
MOST VULNERABLE SHIPBORNE SYSTEMS
CARGO CONTROL SYSTEM
ENGINE CONTROL AND MONITORING SYSTEM
The first step in determining compliance for vessels is to understand the overall state of cyber defences on-board vessels (in the interest of time, this will be a sampling exercise) and basic cyber hygiene levels - policies and procedures in place, compliance with basic requirements etc.
We will therefore begin with a basic overview of cyber security practices (NIST Framework section 3.1) before moving to delivering the NIST section 3.2 steps, the Discovery Phase, by:
Step 1: Identify. Work with fleet management to identify its mission objectives, related systems and assets, regulatory requirements and overall risk approach.
Step 2: Create a Current Profile. Beginning with the Categories specified in the Framework Core, we will develop a Current Profile that reflects its understanding of its current cyber security outcomes based on the fleet implementation of the Identify Function.
Step 3: Conduct a Risk Assessment. We will analyze the operational environment on-board a sample vessel in order to discern the likelihood of a cyber security event and the impact that the event could have on vessel operations.
It is important that the fleet management seeks to incorporate emergent risks and outside threat data to facilitate a robust understanding of the likelihood and impact of cyber security events.
Step 4: Create a Target Profile. We will create a Target Profile that focuses on the assessment of the Framework Elements (e.g., Categories, Subcategories) describing the Corporate Board’s desired cyber security outcomes.
Step 5: Determine, Analyze, and Prioritize Gaps. We will compare the Current Profile and the Target Profile to determine gaps, and then determines resources necessary to address the gaps.
This will deliver a prioritized action plan that draws upon business drivers of the Company, a cost/benefit analysis, and understanding of risk to achieve the outcomes in the Target Profile.
The use of Profiles in this manner will enable the company Board to make informed decisions about cyber security activities, support cost/benefit analysis, and enables the organisation to perform targeted improvements.
Optional Additional Activity
Following the production of the prioritized action plan, there will be a (as yet unknown) series of activities to be undertaken in order to achieve compliance with the IMO guidance.
We will be able to assist with many of these tasks from drafting policies and/or procedures to be implemented, advising on changes to systems architecture or infrastructure, testing and reviewing systems (penetration testing) and producing an audit timetable to allow the Company to demonstrate ongoing compliance.
These activities - the Delivery Phase, will be discussed with the Company once the Action Plan has been delivered.
CYBER Kill Chain
We work with your IT department and internal IT security staff in order to analyze your system from a top-level perspective, looking for patterns to determine what’s driving the vulnerabilities we’ve identified.
Finally - and most importantly - our IT Risk Assessment team will translate our findings into actionable improvement initiatives for your business, with a list of prioritized recommendations.
Boost your cyber security and protect your bottom line
Cyber Crime Investigations
Data Breach Prevention
Incident Response Management
Data Breach Response
Cyber Litigation Support
In today’s information economy, data can be your organization’s most valuable asset, but with the rise of mobile technology, cloud computing and an exponentially growing volume of digital information, keeping that data secure also becomes one of your greatest challenges.
No one is immune to data loss incidents and no one is better equipped than us to help you identify and close gaps that put your organization’s cyber security at risk.
Information security issues - such as data breaches or employee misconduct - are a constant worry for C-suite leaders as well as for front-line managers in your organization.
Cyber security challenges put sensitive data at risk and can cost your company time, revenue and resources.
We know securing and managing electronically stored information (ESI) is critical to the future of your business. We offer end-to-end cyber security consulting, from information risk assessments that help you benchmark safety measures and shore up weaknesses, to penetration testing that checks for robust defenses.
Kroll global team delivers scalable cyber security solutions to help you protect confidential and proprietary information from data security risks such as malicious insiders, network vulnerabilities and inadequate security policies.
Is the percentage of cyberattacks that can be averted with increased cyber risk awareness
Of known vulnerabilities have security patches available
Of all cyber-security breaches are from known vulnerabilities
Is the percentage of users opening phishing emails
Of users use the same password on personal accounts as they do for their corporate ones
Is the percentage of social media scams and malware being shared via social media activity
Is the percentage of incidents caused by administrator’s incorrect configurations, leaving default passwords running or not changing passwords frequently, etc.
Company Security Officers
Feel cyber threats are not SERIOUS!
Of cyber breaches attributed to human error...
Chief Information Officers
Do not provide cyber security training onboard for crew
Ship Security Officers
Feel they lack cyber training, knowledge and competence
NATURE OF THE ATTACKS
Denial of service
Network of protocol attack
Man in the middle
Theft of credentials
IT System Functionality
Shipborne Systems Functionality
Loss of Corporate Data
EXTENT OF THE ATTACKS