Saturday, September 10, 2022

Breaking Down The Complexities Of Maritime Cybersecurity

 


Tomorrow marks a very sad day in our nation’s history . . . 9/11.  I will never forget what I was doing that day, or how I even heard about the first attack coming in.  I will just leave it at that.  May our Lord and Savior continue to bless all of the victims of that horrible day, and let any healings continue. 

Since then, security has always been a hot button topic for American citizens and our own government.  But back then, it was all about physical security, Cyber was still barely even thought of.

Airports and airlines went on a huge lockdown like never seen before, and still even continue to do this day, to varying degrees or another. But to be honest, every point of entry and exit into the United States is at risk. 

This not only includes the roadway point at the borders in Canada and Mexico, but even our maritime ports as well.  While increased traffic means that there is more international trade going on, it also poses not only the physical but even Cybersecurity risks as well. 

Just consider some of the stats:

*Maritime trade increased by over 22% since COVID-19 hit;

*The stopping period for the large cargo ships has now become almost 32 hours versus the 28 hours it once was back in 2020. 

It is this longer dwell time that is starting to raise concern here in the Cyber community.  But Cybersecurity around these ports is a very complex issue because there are so many factors surrounding it.  Consider the following:

*Physical security is still a risk – for examples, stowaways are still a huge problem, especially from those ships coming in from China and regions there;

*Many ships come from other countries – thus they are using outdated technologies that cannot be updated with the more recent software patches and upgrades;

*Many maritime ports both here in the United States and abroad are still using outdated Critical Infrastructure equipment.  Because there is so much interdependency here that you simply cannot rip out old systems and put new ones in.  It’s almost like other pieces of Critical Infrastructure that we have on land.

*It takes a lot to get a cargo ship from its point of origination to its point of point of destination.  There are many parties involved, and all of them have to be held accountable and aware for what is going on.  The captain of the ship is just one part of a huge cog.

But unfortunately, there is really nothing that can be done to fix all of these vulnerabilities in a short period of time.  All of the parties involved in maritime affairs have to agree with what has to get done.  Some examples of Cyber threats include the following:

*Out of life Operating Systems, like Windows 7 or Windows 8;

*Software packages that have not been updated in a long period of time;

*No antivirus protection that is being used;

*Open ports on the ship’s computer network;

 

*The lack of 2FA or MFA protocols;

*Staff that is not trained in what Cyber Hygiene is all about.

What is even more startling is that Cyberthreats to maritime have increased well over 400% on a global basis.  According to Cyber experts that specialize in this area, a contributing factor to this huge increase is due to the Industrial Internet of Things, also known as the “IIoT”.

This is where all of the objects that we interact with both in the virtual and physical worlds are all interconnected together.  While this can be advantageous, it poses grave threats as well, because these connections are often not secure themselves.

So if point is hit, this will lead to an overall cascading effect, very much in the same fashion that a supply chain attack would (such as the Solar Winds one).  Making things worse, before a ship can dock here in the United States, the captain of the maritime vessel must fill out an extensive amount of paperwork before they are allowed to dock.

Very often, this can be well over 40 pages long, thus adding more aggravation when trying to get cargo off on time.

These must be sent to the maritime point of destination and approved before the cargo ship is allowed to even dock.  So in this regard, email or file transfer protocol has to be used, but then even there are risks, such as hijacking of the FTP Server, or making the documents part of a large-scale Phishing attack.

These both could be easy to do, especially if there is a mismatch between the cargo ship’s technology and the maritime port.  As a result, there will be many  backdoors for which the Cyberattacker can easily penetrate into.

My Thoughts On This:

As it was examined earlier in this blog, there are simply too many entities and moving parts which are far too outdated in which a fast solution can be found.  If anything, it can take just as long or even longer than the airline industry to come to grips with what is happening in maritime security.  Security at the airports is far better now since 9/11, but it took how long? 10 years? 15 years?

To solve the issue of maritime Cybersecurity means that we have to take a step back, and look at the entire picture from a holistic sense.  In this regard, perhaps probably the best way to get started is from the cargo ship itself. 

Before they are allowed to dock,  the captain of the ship should run through a checklist of what has or what hasn’t been done from a Cyber point of view, and transmitted to the officials at the point of destination.

Then from there, based upon the results of the checklist, the port authority should then decide whether to allow the ship to dock or back to its homeport.  But of course, this checklist can be forged as well.  In order to stop this from happening, the United States Federal Government needs to hire the total number of Border Control Agents.  And, just as much as they check for dangerous cargo, they should also be able to conduct risk assessment on the ship’s IT and Network infrastructure as well.

No comments:

Post a Comment

How To Launch A Better Penetration Test In 2025: 4 Golden Tips

  In my past 16+ years as a tech writer, one of the themes that I have written a lot about is Penetration Testing.   I have written man blog...