We only legal trade with countries/companies that are not under any sanction by the UN and the EU
Copyright 2008 - International Armour, All rights reserved
Maritime Cyber Security
Advancement in broadband technologies and the move towards ‘Big Data’ and 'Ship Intelligence could leave the maritime industry vulnerable to cyber-crime unless it develops a better awareness of ICT (information, communication technology) security and adopts security best practice.
Certainly there is the possibility for AIS, GNSS, ENC and ECDIS charts to disappear from bridge screens or be modified, but the issue today is that most adversaries want to obtain data for financial gain.
Payment systems can be easily penetrated using targeted phishing scams to raise fake invoices or even to change shipping manifests in order to transport illicit goods, drugs and weapons.
The loss of sensitive data through breaches in system security is the single most important challenge that faces the maritime industry today.
MINISTRY OF PUBLIC ORDER CERTIFIED
MINISTRY OF DEFENSE CERTIFIED
ICoC SIGNATORY COMPANY
NATO CERTIFIED (NCAGE CODE G2181)
UNGM REGISTER COMPANY (400640)
Logged as:No Logged in
Cyber security in the maritime industry is a major concern, due to a lack of security awareness or accountability while increasing use of new, sophisticated communications technologies raises the threat level to high.
With the potential for sensitive customer data leaks via ECDIS, AIS, RFID and GPS, it is important that security procedures and processes are in place so that operators know how to identify a potential security threat or have been trained to respond when a cyber attack is in process.
The perpetrators active in the maritime industry are mostly interested in financial gain, looking to gain access, stay hidden and extract financial profit from their targets.
However, accessing and extracting sensitive information or intellectual property can also help criminal or terrorist organizations whose motive is to use the industry to transport hazardous materials or weapons.
In an advanced threat, the attacker will spend a large amount of time researching a list of potential targets, gathering information about the organization’s structure, clients etc.
Social media activity of the people in the target company will be monitored to extract information about the systems and forums favored by the user and any technology vulnerabilities assessed.
Once a weakness is found the next step the hacker will take is to breach the cyber security perimeter - the basic security most companies adopt - and gain access, which, for most attackers, is easily done.
Modern maritime ships are considered a privileged target for hackers and pirates that are increasing their pressure on the Maritime Shipping Industry.
Cyber threats in the shipping industry can be divided into five major types, Threats to;
- Ships and safe navigation
- Satellite communication
- Cargo tracking systems
- Marine Radar systems
- Automatic Identification systems
Is the percentage of incidents caused by administrator’s incorrect configurations, leaving default passwords running or not changing passwords frequently, etc.
Is the percentage of social media scams and malware being shared via social media activity
Is the percentage of users opening phishing emails
Of users use the same password on personal accounts as they do for their corporate ones
Of all cyber-security breaches are from known vulnerabilities
Of known vulnerabilities have security patches available
Is the percentage of cyberattacks that can be averted with increased cyber risk awareness
CYBER Kill Chain
Boost your cyber security and protect your bottom line
Cyber Crime Investigations
Data Breach Prevention
Incident Response Management
Data Breach Response
Cyber Litigation Support
In today’s information economy, data can be your organization’s most valuable asset, but with the rise of mobile technology, cloud computing and an exponentially growing volume of digital information, keeping that data secure also becomes one of your greatest challenges.
No one is immune to data loss incidents and no one is better equipped than us to help you identify and close gaps that put your organization’s cyber security at risk.
Information security issues - such as data breaches or employee misconduct - are a constant worry for C-suite leaders as well as for front-line managers in your organization.
Cyber security challenges put sensitive data at risk and can cost your company time, revenue and resources.
We know securing and managing electronically stored information (ESI) is critical to the future of your business. We offer end-to-end cyber security consulting, from information risk assessments that help you benchmark safety measures and shore up weaknesses, to penetration testing that checks for robust defenses.
Kroll global team delivers scalable cyber security solutions to help you protect confidential and proprietary information from data security risks such as malicious insiders, network vulnerabilities and inadequate security policies.
NATURE OF THE ATTACKS
Denial of service
Network of protocol attack
Man in the middle
Theft of credentials
EXTENT OF THE ATTACKS
Loss of Corporate Data
IT System Functionality
Shipborne Systems Functionality
MOST VULNERABLE SHIPBORNE SYSTEMS
CARGO CONTROL SYSTEM
ENGINE CONTROL AND MONITORING SYSTEM
Risk Assessment: Cyber Security starts from identifying all possible threats and vulnerabilities. Related processes include penetration testing, vulnerability assessment and audit.
Risk Management: Securing your organization’s IT infrastructure and deploying security policies are vital steps for managing cyber security risks.
Post-attack Crisis Management: Managing a post-attack crisis can be very challenging, requiring investigation, forensics and reputation management.
Cyber Security Event Management: We can monitor your entire network 24/7 for preventing and addressing attacks, keeping your organization safe.
Specialized Solutions: We are one of the very few worldwide cyber security provider that can offer specialized solutions for maritime and energy industries which are proved to be primary targets.
Training: Most of the attacks start unintentionally from users. Managing any cyber security risk starting from the training of your users.
Of cyber breaches attributed to human error...
Company Security Officers
Feel cyber threats are not SERIOUS!
Chief Information Officers
Do not provide cyber security training onboard for crew
Ship Security Officers
Feel they lack cyber training, knowledge and competence
We work with your IT department and internal IT security staff in order to analyze your system from a top-level perspective, looking for patterns to determine what’s driving the vulnerabilities we’ve identified.
Finally - and most importantly - our IT Risk Assessment team will translate our findings into actionable improvement initiatives for your business, with a list of prioritized recommendations.
We recognize the key to successful information risk assessments and data breach prevention is achieving and maintaining the right security level for your organization