CYBER SECURITY AWARENESS - Gard Security... · CREW CONNECTIVITY SURVEY •Only 15% of seafarers...
Transcript of CYBER SECURITY AWARENESS - Gard Security... · CREW CONNECTIVITY SURVEY •Only 15% of seafarers...
![Page 1: CYBER SECURITY AWARENESS - Gard Security... · CREW CONNECTIVITY SURVEY •Only 15% of seafarers had received any form of cyber security training. •Only 33% of seafarers said the](https://reader033.fdocuments.us/reader033/viewer/2022050409/5f86a0b6d911ed0eea7b1b3a/html5/thumbnails/1.jpg)
CYBER SECURITY AWARENESS
Jarle Fosen, Senior Loss Prevention Executive
January 2019
in the maritime industry
![Page 2: CYBER SECURITY AWARENESS - Gard Security... · CREW CONNECTIVITY SURVEY •Only 15% of seafarers had received any form of cyber security training. •Only 33% of seafarers said the](https://reader033.fdocuments.us/reader033/viewer/2022050409/5f86a0b6d911ed0eea7b1b3a/html5/thumbnails/2.jpg)
Why do cyber
incidents happen?
2
![Page 3: CYBER SECURITY AWARENESS - Gard Security... · CREW CONNECTIVITY SURVEY •Only 15% of seafarers had received any form of cyber security training. •Only 33% of seafarers said the](https://reader033.fdocuments.us/reader033/viewer/2022050409/5f86a0b6d911ed0eea7b1b3a/html5/thumbnails/3.jpg)
MODERN CRIMINALS USE KEYBOARDS, NOT GUNS
Cyber attack
Destruction of Data
Publication of sensitive data
Media Attention
Selling stolen data
Ransoming stolen data
Ransoming system operability
Arranging fraudulent cargo transportation
Financial Gains
Gaining knowledge
Espionage
OBJECTIVES
3
![Page 4: CYBER SECURITY AWARENESS - Gard Security... · CREW CONNECTIVITY SURVEY •Only 15% of seafarers had received any form of cyber security training. •Only 33% of seafarers said the](https://reader033.fdocuments.us/reader033/viewer/2022050409/5f86a0b6d911ed0eea7b1b3a/html5/thumbnails/4.jpg)
INTRODUCTION
4
![Page 5: CYBER SECURITY AWARENESS - Gard Security... · CREW CONNECTIVITY SURVEY •Only 15% of seafarers had received any form of cyber security training. •Only 33% of seafarers said the](https://reader033.fdocuments.us/reader033/viewer/2022050409/5f86a0b6d911ed0eea7b1b3a/html5/thumbnails/5.jpg)
AN INCREASINGLY DIGITISED SHIPIT & OT SYSTEMS ONBOARD
5
19502018
![Page 6: CYBER SECURITY AWARENESS - Gard Security... · CREW CONNECTIVITY SURVEY •Only 15% of seafarers had received any form of cyber security training. •Only 33% of seafarers said the](https://reader033.fdocuments.us/reader033/viewer/2022050409/5f86a0b6d911ed0eea7b1b3a/html5/thumbnails/6.jpg)
BUSINESS BENEFITS FROM CONNECTINGOPERATIONAL TECHNOLOGY (OT)
6
Autonomy
Knowledge
Availability
Direct Running
Cost
Prediction & diagnostics
Optimal maintenence
Remote support
Efficiency in operations
![Page 7: CYBER SECURITY AWARENESS - Gard Security... · CREW CONNECTIVITY SURVEY •Only 15% of seafarers had received any form of cyber security training. •Only 33% of seafarers said the](https://reader033.fdocuments.us/reader033/viewer/2022050409/5f86a0b6d911ed0eea7b1b3a/html5/thumbnails/7.jpg)
… so what may the
consequences be
from a cyber incident?
7
![Page 8: CYBER SECURITY AWARENESS - Gard Security... · CREW CONNECTIVITY SURVEY •Only 15% of seafarers had received any form of cyber security training. •Only 33% of seafarers said the](https://reader033.fdocuments.us/reader033/viewer/2022050409/5f86a0b6d911ed0eea7b1b3a/html5/thumbnails/8.jpg)
CONSEQUENCES OF A CYBER ATTACK
• Business interruption –
including disruption to
the port’s activities
• Physical loss of or
damage to ship
• Loss of cargo
• Pollution
• Physical injury to crew
8
![Page 9: CYBER SECURITY AWARENESS - Gard Security... · CREW CONNECTIVITY SURVEY •Only 15% of seafarers had received any form of cyber security training. •Only 33% of seafarers said the](https://reader033.fdocuments.us/reader033/viewer/2022050409/5f86a0b6d911ed0eea7b1b3a/html5/thumbnails/9.jpg)
MAERSK CYBER INCIDENT
June 2017 – worldwide malware meltdown
…EVEN THE BEST CAN BE HIT BY THE WORST
9
Petya (or NotPetya or Nyetya)
![Page 10: CYBER SECURITY AWARENESS - Gard Security... · CREW CONNECTIVITY SURVEY •Only 15% of seafarers had received any form of cyber security training. •Only 33% of seafarers said the](https://reader033.fdocuments.us/reader033/viewer/2022050409/5f86a0b6d911ed0eea7b1b3a/html5/thumbnails/10.jpg)
BW GROUP CYBER INCIDENT
BW Group which commands
USD 2.0 bn LNG fleet & USD 2.1 bn LPG fleet
came under attack in July 2017
…EVEN THE BEST CAN BE HIT BY THE WORST
10
Internet and intranet systems were closed down temporarily
![Page 11: CYBER SECURITY AWARENESS - Gard Security... · CREW CONNECTIVITY SURVEY •Only 15% of seafarers had received any form of cyber security training. •Only 33% of seafarers said the](https://reader033.fdocuments.us/reader033/viewer/2022050409/5f86a0b6d911ed0eea7b1b3a/html5/thumbnails/11.jpg)
COSCOJULY 2018 - US OPERATIONS DISRUPTED BY CYBER ATTACK
11
![Page 12: CYBER SECURITY AWARENESS - Gard Security... · CREW CONNECTIVITY SURVEY •Only 15% of seafarers had received any form of cyber security training. •Only 33% of seafarers said the](https://reader033.fdocuments.us/reader033/viewer/2022050409/5f86a0b6d911ed0eea7b1b3a/html5/thumbnails/12.jpg)
CYBER TRENDINCIDENTS AND REGULATION
12
![Page 13: CYBER SECURITY AWARENESS - Gard Security... · CREW CONNECTIVITY SURVEY •Only 15% of seafarers had received any form of cyber security training. •Only 33% of seafarers said the](https://reader033.fdocuments.us/reader033/viewer/2022050409/5f86a0b6d911ed0eea7b1b3a/html5/thumbnails/13.jpg)
RISK EVALUATION
Information technology• IT Networks
• Emails
• Administration, accounts, crew lists, …
• PMS
• Stores requisitions
• Electronic manuals
• Electronic certificates
• Permits to work
• Charter party, notice of readiness, bill of
lading..
Operation technology• PLC (Programmable Logic Controllers)
• SCADA (supervisory control and data
acquisition)
• On-board measurement and control
• ECDIS
• GPS
• Remote support for engines
• Data loggers
• Engine & Cargo control
• Dynamic positioning, …
IT vs. OT
13
![Page 14: CYBER SECURITY AWARENESS - Gard Security... · CREW CONNECTIVITY SURVEY •Only 15% of seafarers had received any form of cyber security training. •Only 33% of seafarers said the](https://reader033.fdocuments.us/reader033/viewer/2022050409/5f86a0b6d911ed0eea7b1b3a/html5/thumbnails/14.jpg)
RISK TRENDCYBER ISSUES
Source: AV-TEST Institute, Germany & IBM Managed Security Services)
14
Operational technology (OT)Information technology (IT)
![Page 15: CYBER SECURITY AWARENESS - Gard Security... · CREW CONNECTIVITY SURVEY •Only 15% of seafarers had received any form of cyber security training. •Only 33% of seafarers said the](https://reader033.fdocuments.us/reader033/viewer/2022050409/5f86a0b6d911ed0eea7b1b3a/html5/thumbnails/15.jpg)
WWW.SHODAN.IOGOOGLE SEARCH FOR IoT
15
![Page 16: CYBER SECURITY AWARENESS - Gard Security... · CREW CONNECTIVITY SURVEY •Only 15% of seafarers had received any form of cyber security training. •Only 33% of seafarers said the](https://reader033.fdocuments.us/reader033/viewer/2022050409/5f86a0b6d911ed0eea7b1b3a/html5/thumbnails/16.jpg)
CREW CONNECTIVITY SURVEY
• Only 15% of seafarers had received any form of
cyber security training.
• Only 33% of seafarers said the company they last
worked for had a policy to regularly change
passwords on board.
• 71% of seafarers are willing to share personal data
to further their career prospects.
• 52% are willing to share personal data in return for
free Internet access.
• 50% of seafarers are willing to share their
employment reviews, whilst 44% are prepared to
share their medical history, with prospective
employers.
2018
According to Crew Connectivity 2018 Survey Report by Futurenautics group
16
![Page 17: CYBER SECURITY AWARENESS - Gard Security... · CREW CONNECTIVITY SURVEY •Only 15% of seafarers had received any form of cyber security training. •Only 33% of seafarers said the](https://reader033.fdocuments.us/reader033/viewer/2022050409/5f86a0b6d911ed0eea7b1b3a/html5/thumbnails/17.jpg)
PEOPLE ARE THE KEYIT IS NOT ONLY ABOUT PROCESS AND TECHNOLOGY
17
▪ Training & awareness
▪ Professional skills
& qualifications
▪ Written procedures
▪ Authorizations
▪ Physical security
▪ Management Systems
▪ Governance Frameworks
▪ Policies & procedures
▪ Vendor/third party contracts-follow up
▪ Audit regimes
▪ System design, design review
▪ Software configurations
▪ Inspection/verification
▪ Testing
– Functional testing
– Vulnerability scanning
– Penetration test
PEOPLEPROCESS
TECHNOLOGY
![Page 18: CYBER SECURITY AWARENESS - Gard Security... · CREW CONNECTIVITY SURVEY •Only 15% of seafarers had received any form of cyber security training. •Only 33% of seafarers said the](https://reader033.fdocuments.us/reader033/viewer/2022050409/5f86a0b6d911ed0eea7b1b3a/html5/thumbnails/18.jpg)
How can we in
loss prevention help?
18
Make the crew see the cyber risk to stop it
![Page 19: CYBER SECURITY AWARENESS - Gard Security... · CREW CONNECTIVITY SURVEY •Only 15% of seafarers had received any form of cyber security training. •Only 33% of seafarers said the](https://reader033.fdocuments.us/reader033/viewer/2022050409/5f86a0b6d911ed0eea7b1b3a/html5/thumbnails/19.jpg)
WE HAVE IDENTIFIED SOME THREAT SCENARIOSFOR THE SHIP AND CREW TO BE AWARE AND LEARN FROM
19
![Page 20: CYBER SECURITY AWARENESS - Gard Security... · CREW CONNECTIVITY SURVEY •Only 15% of seafarers had received any form of cyber security training. •Only 33% of seafarers said the](https://reader033.fdocuments.us/reader033/viewer/2022050409/5f86a0b6d911ed0eea7b1b3a/html5/thumbnails/20.jpg)
THREAT SCENARIO #1
20
![Page 21: CYBER SECURITY AWARENESS - Gard Security... · CREW CONNECTIVITY SURVEY •Only 15% of seafarers had received any form of cyber security training. •Only 33% of seafarers said the](https://reader033.fdocuments.us/reader033/viewer/2022050409/5f86a0b6d911ed0eea7b1b3a/html5/thumbnails/21.jpg)
21
Do they know the cyber
risks?
![Page 22: CYBER SECURITY AWARENESS - Gard Security... · CREW CONNECTIVITY SURVEY •Only 15% of seafarers had received any form of cyber security training. •Only 33% of seafarers said the](https://reader033.fdocuments.us/reader033/viewer/2022050409/5f86a0b6d911ed0eea7b1b3a/html5/thumbnails/22.jpg)
REMOVABLE MEDIA / EXTERNAL HARDWARE &
MIXING ISOLATED AND OPEN NETWORKS
22
![Page 23: CYBER SECURITY AWARENESS - Gard Security... · CREW CONNECTIVITY SURVEY •Only 15% of seafarers had received any form of cyber security training. •Only 33% of seafarers said the](https://reader033.fdocuments.us/reader033/viewer/2022050409/5f86a0b6d911ed0eea7b1b3a/html5/thumbnails/23.jpg)
THREAT SCENARIO #2
23
![Page 24: CYBER SECURITY AWARENESS - Gard Security... · CREW CONNECTIVITY SURVEY •Only 15% of seafarers had received any form of cyber security training. •Only 33% of seafarers said the](https://reader033.fdocuments.us/reader033/viewer/2022050409/5f86a0b6d911ed0eea7b1b3a/html5/thumbnails/24.jpg)
THREAT SCENARIO #3
24
![Page 25: CYBER SECURITY AWARENESS - Gard Security... · CREW CONNECTIVITY SURVEY •Only 15% of seafarers had received any form of cyber security training. •Only 33% of seafarers said the](https://reader033.fdocuments.us/reader033/viewer/2022050409/5f86a0b6d911ed0eea7b1b3a/html5/thumbnails/25.jpg)
TAMPERING WITH NAVIGATION SYSTEMS &
RANSOMWARE
25
![Page 26: CYBER SECURITY AWARENESS - Gard Security... · CREW CONNECTIVITY SURVEY •Only 15% of seafarers had received any form of cyber security training. •Only 33% of seafarers said the](https://reader033.fdocuments.us/reader033/viewer/2022050409/5f86a0b6d911ed0eea7b1b3a/html5/thumbnails/26.jpg)
THREAT SCENARIO #4
26
![Page 27: CYBER SECURITY AWARENESS - Gard Security... · CREW CONNECTIVITY SURVEY •Only 15% of seafarers had received any form of cyber security training. •Only 33% of seafarers said the](https://reader033.fdocuments.us/reader033/viewer/2022050409/5f86a0b6d911ed0eea7b1b3a/html5/thumbnails/27.jpg)
THREAT SCENARIO #5
27
![Page 28: CYBER SECURITY AWARENESS - Gard Security... · CREW CONNECTIVITY SURVEY •Only 15% of seafarers had received any form of cyber security training. •Only 33% of seafarers said the](https://reader033.fdocuments.us/reader033/viewer/2022050409/5f86a0b6d911ed0eea7b1b3a/html5/thumbnails/28.jpg)
BEST PRACTICES
28
![Page 29: CYBER SECURITY AWARENESS - Gard Security... · CREW CONNECTIVITY SURVEY •Only 15% of seafarers had received any form of cyber security training. •Only 33% of seafarers said the](https://reader033.fdocuments.us/reader033/viewer/2022050409/5f86a0b6d911ed0eea7b1b3a/html5/thumbnails/29.jpg)
CASE STUDY
• Divide into groups
• Study the case background and incident text
• Perform an onboard risk assessment of the
incidents and identify the factors which lead to it
• Use the keywords provided for your discussion
CYBER SECURITY - SAFETY OF THE CREW
29
![Page 30: CYBER SECURITY AWARENESS - Gard Security... · CREW CONNECTIVITY SURVEY •Only 15% of seafarers had received any form of cyber security training. •Only 33% of seafarers said the](https://reader033.fdocuments.us/reader033/viewer/2022050409/5f86a0b6d911ed0eea7b1b3a/html5/thumbnails/30.jpg)
MAIN LEARNING POINTS
1. Think and ask before you click!
2. Research the facts behind e-mails and their attachments!
3. Make sure external drives and USBs are clean!
4. Be aware when third parties enter your systems or data!
5. Protect your passwords!
6. Never connect personal items to the ship critical systems.
7. Never use external wi-fi for company emails or downloads unless
protected by VPN!
8. Learn how to install and use two step authentication.
9. Learn how backup and restore is done onboard your ship.
10.Always report errors and mistakes.
11.Educate yourself on cyber risks and how it affects your ship, your
colleagues and you personally!
CREW PREPAREDNESS
30
![Page 31: CYBER SECURITY AWARENESS - Gard Security... · CREW CONNECTIVITY SURVEY •Only 15% of seafarers had received any form of cyber security training. •Only 33% of seafarers said the](https://reader033.fdocuments.us/reader033/viewer/2022050409/5f86a0b6d911ed0eea7b1b3a/html5/thumbnails/31.jpg)
LOSS PREVENTION AWARENESS CAMPAIGNSSUPPORT OWNERS AND OPERATORS IN THEIR DAY TO DAY OPERATIONS
31
January 2017April 2017
May 2018August 2018
![Page 32: CYBER SECURITY AWARENESS - Gard Security... · CREW CONNECTIVITY SURVEY •Only 15% of seafarers had received any form of cyber security training. •Only 33% of seafarers said the](https://reader033.fdocuments.us/reader033/viewer/2022050409/5f86a0b6d911ed0eea7b1b3a/html5/thumbnails/32.jpg)
32
Connect with Gard on: