2. In the past, the majority of cyber-attacks were driven by
an attempt to obtain personal or financially sensitive
data.
Today, the nature of the threat is changing, and
companies across all business sectors have begun to
experience highly sophisticated and complex attacks that
attempt to inflict damage to property and operations by
seeking to take control of industrial control systems.
3. What does Cyberattack mean?
A cyberattack is deliberate exploitation of computer systems, technology-dependent enterprises and
networks.
In simple words Cyberattack is also known as a computer network attack (CNA).
4. Why Is The Maritime Sector
Particularly Vulnerable?
- Large shipments of dangerous cargo may provide a ready
‘weapon’.
-Cruise ships concentrate large numbers of people.
-Infrastructure is accessible.
"Almost 90 % of world trade is carried by sea"
5. “A report from Allianz Global Corporate &
Speciality SE suggests that the increasing size
of container vessels, ship safety and rise in
hacker incidents could cause larger losses for
the maritime sector.”
IMPA -24/3/2015
6. Statistics and facts
Just one degree is able to deflect your ship 15 miles
from its course, in a thousand-miles trip, fact that needs
more than an hour to be corrected.
That means a loss of 5 tons of diesel or about 2. 500$
and mostly a possible delayed or missed ship unloading.
Could we count this impact in dollars?
Probably some millions, including the cost of the
freight and loss of profit.
Do you believe that is worthwhile?
7. Statistics and facts
37% of maritime companies using windows web
servers that aren't patched, leaving 1/3
vulnerable to DDOS attacks and unauthorized
remote access.
Cyberkeek,2015
“Vessels interconnection means more exposure
to the world wide web”
8. Rise in Hacktivism;
from groups such as anonymous to
whistle-blowers leaking confidential files
people do and will continue to take
justice into their own hands.
9. Around 75$ billion was spent globally on cyber
security 2015 and that number is expected to
reach 170$ billion on 2020.
Gartner,2015
10. It has been reported that significant
weaknesses have been identified in the
cybersecurity of critical technology
used for navigation at sea. GPS (Global
Positioning System), AIS (Automatic
Identification System), and ECDIS
(Electronic Chart Display and
Information System) are all essential
aids to navigation, and each has been
identified as potentially vulnerable to
attack.
11. Attacking ECDIS Systems
- ECDIS systems are in essence desktop
PCs.
- As with any other PC, ECDIS systems
can be tampered with.
- With physical access, a malicious
person could use the USB slot to load
incorrect/outdated maps, access the
underlying operating system or spread
malware/ransomware.
12. AIS Systems Risks ;
• AIS communications do not employ authentication
or integrity checks.
•Communication is made over RF.
•Anyone with a cheap RF receiver can also “listen”
to these messages.
(Range dependent)
Via RF the hackers have 4 attack vectors
•AIS Gateway
•Vessel Traffic Service
• Vessels
•Offshore
13. What should you be doing?
- In-depth security testing.
- Identify potential gaps and weakness.
- National ICS security standerd.
14. CONCLUSION
The computerized systems that the maritime sector now relies
upon were designed to meet the needs of the 20th century, but are
not equipped to meet the threats of the 21st century.
The risk of a cyber-attack increased exponentially at the end of the
20th century with the arrival of the internet and the widespread
use of closed computer networks.”
A cyber-attack could lead to horrific loss of life and significant
property damage.
