Saturday, August 12, 2023

Why OT Is A Huge Cyber Risk For The Maritime Industry

 


One term that you many have heard on and off in the world of Cyber is that of “Operational Technology”, also known simply as “OT” for short.  It has been used in conjunction with “IIoT”, which stands for the “Industrial Internet of Things”.  So, you may be wondering what exactly is OT?  Well, a technical definition of it as follows:

“It is the practice of using hardware and software to control industrial equipment, and it primarily interacts with the physical world.”

(SOURCE:  https://www.redhat.com/en/topics/edge/what-is-ot)

So as you can see, it pretty much deals with anything technological related to equipment that is involved in heavy industrial usage.  Some examples of this would include car assembly lines, logistics/supply chains, trucking, aviation, etc.  But the problem here is that these pieces of equipment are actually pretty archaic in nature.  Thus, they have become a prime target for the Cyberattacker because modern day software patches and upgrades simply will not work for them.

In fact, this is the problem that Critical Infrastructure is having.  Much of the technology that underlays our water supplies, oil/natura gas pipelines, and even the national power grid is also outdated.  And these too have become prime targets.  Probably one of the best examples of this is the Colonial Gas Pipeline attack, where the CEO ended  up making a payment of $4.4 Million.

This outdated OT is also starting to impact another industry, in which the entire world is dependent upon.  These are the cargo vessels that transport goods and supplies to all places.  This is technically known as the maritime industry.

So far in the news, we have not heard too much about Cyber attacks to these kinds of vessels.  But given their increased dependence upon them, they too will become a prized target.  Also note that these ships also use a wide myriad of electronic components, primarily to help them with navigation.  Some  of these include the following:

*Radar

*Electronic Charts

*Engine Monitoring

*The GPS System

One of the other biggest weaknesses facing the maritime industry is that they often still use weak and  easy to guess passwords.  Don’t forget to also take into consideration that these vessels carry hundreds of containers, and they are inherent risks with them also, especially when it comes to physical based security.

So, what are some of the Cyber risks that the maritime industry actually faces? Here is a sampling of them:

1)     High economic costs:

Because the OT that is used is so old, simply upgrading them to newer standards will not happen.  The primary reason for this is that many of these components are simply not available anymore.  IF anything, they have to be custom-made, which can take a very long time to achieve.  The only other option is to totally gut the old OT, and put in a new one.  But this would be too cost prohibitive for the shipping lines.

2)     Using the Cloud:

Although the vessels OT systems might be outdated, as mentioned, they make use of sophisticated electronics to keep them on their course.  These devices too can be prone to a Cyberattack.  But the good news here is that these kinds of devices should be upgraded, given that they are still new.

3)     Password Hacking:

Also as described, cargo vessels still use very weak passwords.  Advocates are claiming that it is time for them now to upgrade their process in this regard, and start using a password manager of sorts.  It would be even better if some sort of Privileged Access Manager could be put in place, and the Cloud would be a great option for this to happen.

4)     Third party risk:

Maritime transportation is of course heavily dependent upon third party suppliers  in order to deliver the cargo.  So, there is a lot of risk here as well.  The need for third party vetting now becomes crucial, but this is far easier said than done.  When you consider literally the hundreds of people involved with getting a cargo ship ready this process would take a long time to complete.  Also,  it should not be up to the cargo lines to do this.  It should be the countries from where they originate  that should take the ultimate responsibility for this happening.

My Thoughts On This:

IMHO, it may be time for these cargo vessels to upgrade their OT systems now finally.  But again, this will be a very expensive and time-consuming process.  But in the long run, these benefits will outweigh the costs of having to keep repairing and upgrading systems.  Also, many Cyber pundits feel that the maritime industry should also adopt the kinds of standards that Corporate America must adopt.

Some of these include:

*Intrusion Detection Systems

*Network Segmentation

*Zero Trust Framework Implementation

*Deploying EDR and XDR systems

*The use of AI and SIEM to keep track of the latest warnings and  alerts

More Information about the kinds of controls that should be implemented can be seen here at this link:

https://www.darkreading.com/ics-ot/4-big-mistakes-to-avoid-in-ot-incident-response

The concern over the security of the maritime industry both from a physical and Cyber one is nothing new.  As far as my remember, it goes back even as far as  after the 9/11 events took place.  But rather than waiting another twenty years to do something, the time to act is now.

No comments:

Post a Comment

How To Launch A Better Penetration Test In 2025: 4 Golden Tips

  In my past 16+ years as a tech writer, one of the themes that I have written a lot about is Penetration Testing.   I have written man blog...