CYBER SECURITY

AWARENESS TRAINING
SYNOPSIS
Marine What Why IT & OT System Real Time Incidents and
Cybersecurity Consequences

Cybersecurity CIA Triad and

Definitions
CIA Triad and
Definitions

Cyber-Attacks
& Best Malware Phishing and Types Ransomware Brute Force DoS Navigation Systems &
Cyber Threats
Practices

Cybersecurity TMSA/IMO/DOC ISO Certification

ISO Templates &
Audit Forms

Incident Signs of Incidents Incident Response

Response
 MARITIME CYBERSECURITY

Maritime cybersecurity is the collection of tools, policies,

WHAT ? security concepts, security safeguards, guidelines, risk
management approaches, actions, training, best practices,
assurance, and technologies.

Its main aim is to protect maritime organizations, their vessels,

and their cyber environment.
 MARITIME CYBERSECURITY
WHY ?
• Maritime is lifeblood of the global economy, accounting for the carriage of 90% of world
trade.
• Cybersecurity has a huge potential to affect the safety of the crew, vessel, cargo and even
ports.
Earlier days Present days
Connectivity on a vessel was minimal. Growing connectivity of modern maritime vessels and
Ship control engineers use to physically isolate a use of industrial control systems (ICS) and satellite
secure network from unsecured network. communications, making systems complex.
But now, using something as simple as a USB flash drive or unsecured Wi-Fi connection, a hacker can initiate a
cyber-attack.
4
CONNECTIVITY ON A MODERN MARITIME VESSEL
MARITIME CYBERSECURITY
Cyber systems for ships are classified as either IT (standard information systems)
or OT (operation and control systems).
MARITIME CYBERSECURITY
IT OT
IT is typically more mature when it comes to OT, in contrast, is less mature when it comes to
cyber security, with established procedures, cyber security, and an attack on on-board OT
technology and training being applied using an systems may jeopardize the vessel’s and crew’s
information security management system (ISMS). safety.
REAL-TIME INCIDENTS

Ransomeware attack on DNV says 1,000 ships

impacted

DNV, a Norwegian shipping classification society, systems

were hit by a ransomware attack, affecting around 1,000
ships that rely on its technology.

A cyberattack paralyzed several major ports in Australia for days

The cyberattack paralyzed several major Australian ports is a
growing threat to shipping, the lifeblood of the global economy.
The attack on DP World's ports—which handle 40 percent of
Australia's freight trade—forced them offline for days and was the
latest in a series of breaches at ports around the world in recent
years.
REAL-TIME INCIDENTS
• Cyberattacks have disrupted or halted operations at
some of the world's busiest ports in recent years.

• A ransomware attack at Japan's busiest port, Nagoya,

disrupted operations for days.

• Oil terminals at some of western Europe's largest ports

could not process vessels because of a cyberattack.

• In 2017, the "NotPetya" malware spread into systems

around the world, crippling the operations of global
shipping giant Maersk.

• There have also been cyberattacks at major ports in the

Netherlands, Canada, India, South Africa and the United
States.
CONSEQUENCES OF BREACH IN CYBERSECURITY
Business Interruption to Ship and Office activities

Physical loss or damage to vessel

Loss of Cargo

Loss of Ship control

Physical injury to crew

Loss of Personal/Sensitive Data

 CYBERSECURITY

THE CIA TRIAD What is a CIA?

Confidentiality Integrity Availability
The information is safe from The information is safe from The information is available to
accidental or intentional accidental or intentional authorized users when needed.
disclosure. modification or alteration.
Example
I send you a message, and no I send you a message, and you I send you a message and you
one else knows what that receive exactly what I sent are able to receive it.
message is. you(without any modification)
What’s the purpose of the CIA?
Data is not disclosed Data is not tampered Data is available
How can you achieve the CIA?
e.g., Encryption e.g., Hashing, Digital signatures e.g., Backups, redundant systems

Opposite of CIA
Disclosure Alteration Destruction
Cyber Security: Cyber security is the application of technologies, processes, and controls to protect systems,
networks, programs, devices and data from cyber attacks.

Cyber Attack: Cyber attack is any malicious act to gain an unauthorized access to computer system or network
with the intent to cause damage. Cyber attacks aim to disable, disrupt, destroy or control computer systems or to
alter, block, delete, manipulate or steal the data held within these systems.

Vulnerability: Any weakness in the system, applications or network. Ex: Weak password, old version of adobe,
chrome etc.

Risk: Potential to loss or damage of an asset as a result of threat due to the existance of vulnerability.

Threat: Any malicious act that damages the system.

Exploitation: Taking advantage of vulnerability.

CYBER-ATTACKS

Malware
Malware is malicious software that is
intentionally designed to cause damage or
gain unauthorized access to a computer, or
network.

Depending on the type of malicious code, hackers

can use malware to steal or secretly copy sensitive
data, block access to files, disrupt system
operations or make systems inoperable.
CYBER-ATTACKS
SOCIAL ENGINEERING/PHISHING

Phishing is a cyber attack where scammers

use disguised email to trick people into
revealing sensitive information like passwords
or financial details.
Exploiting human nature:
• Urgency
• Fear
• Curiosity
CYBER-ATTACKS
SOCIAL ENGINEERING/PHISHING

Characteristics (Identification) of phishing

email:

• Urgent action needed

• Poorly written email – Spelling and
grammatical mistakes
• Contains link / attachment
 CYBER-ATTACKS

Smishing :
Alsocalled SMS phishing or smishing is the phishing
attack via text – technically known as Short Message
Service, or SMS.
Vishing:
A targeted voice message/voice mail/call

Spear Phishing:
A targeted form of phishing where attackers target
specific individuals/groups/organizations/industry.

Whaling:
Phishing emails which are targeted to high ranking executives within organizations.
 CYBER-ATTACKS
RANSOMEWARE ATTACK

• Ransomware is a type of cyber-attack that,

encrypts data or shuts down access to a computer
system.
• Attacker demands ransom to give access to
computer.
• Even when the ransom is paid, the data has been
breached and may be used or sold.
• Once the malicious software infected one computer,
it will spread to other computers connected to the
same network quickly.
 CYBER-ATTACKS
RANSOMEWARE ATTACK

PRECAUTIONS:
KEEP ANTI-VIRUS UPDATED;
DO NOT CLICK SUSPICIOUS LINKS; DO NOT INSTALL UNAUTHORISED APPS OR SOFTWARES;
DO NOT CONNECT UNSCANNED REMOVABLE DEVICES SUCH AS USBs, HDDs
 CYBER-ATTACKS
BRUTE FORCE ATTACK

PRECAUTIONS:
KEEP STRONG PASSWORD
PASSWORD SHALL BE A COMBINATION OF ALPHANUMERIC AND CONTAIN SYMBOLS
SPECIAL CHARACTERS
DO NOT SHARE PASSWORD
FREQUENTLY CHANGE PASSWORD
 CYBER-ATTACKS
DENIAL-OF-SERVICE (DOS) ATTACK

• Attacker flood a targeted system's resources by generating false traffic.

• The traffic is meant to overwhelm the targeted system, stopping responses to real requests.
• DoS attacks use a single source to generate false traffic.
• Similarly in DDoS attack many many source to generate false traffic against the targeted system.
 CYBER-ATTACKS
MAN-IN-THE-MIDDLE (MitM) ATTACK

• Attackers secretly insert themselves between two parties

• Depending on the actual attack details, this type of attack can be more specifically classified
as a man-in-the-browser attack, monster-in-the-middle attack or a machine-in-the-middle
attack.
• MitM is also sometimes called an eavesdropping attack.
 CYBER-ATTACKS

The complexities associated with vessels and tankers make them vulnerable to high-impact attacks.
When one ship is impacted, it can often spread malware to sister vessels via the corporate network.
Some of the potential attacks that can DESTROY a vessel's operations include:

• An attack on an OEM network or third-party supplier that

spreads to their client’s on-vessel OT network
• An attack on a satellite provider that gains access to a vessel’s
IT/OT network
• Exploited cyber vulnerabilities that grant access to a vessel’s OT
network and provide various attack options, including:

GPS/navigation system attack

Open/close critical valves
Propulsion and rudder control
Ballast control
Ransomware/Malware
Gain full administrative privilege
 CYBER-ATTACKS
ATTACK ON NAVIGATION SYSTEM - PNT VULNERABILITIES

• This type of attack doesn’t require access to the vessel’s network or

internal systems.
• GPS provides positioning, navigation, and timing – PNT –
• The vulnerabilities and biggest threats to GPS systems are signal
jamming and spoofing
• Spoofing: Malicious actor sends false GPS signals to a receiver
using GPS spoofing devices; tricking it into thinking it is in a
different location.
• Jamming: A malicious actor sends a powerful radio signal to
interfere with the GPS signal, causing it to be lost or distorted. This
can disrupt communication and navigation systems, leading to
potential accidents, and chaos.
PRECAUTIONS:
VERIFY POSITION BY OTHER MEANS
DO NOT ALLOW REMOTE ACCESS UNLESS AUTHORISED
CARRY OUT ECIDS DRILLS
USE ONLY DESIGNATED USB FOR VDR AND ECIDS
CYBER THREAT
REMOVABLE MEDIA/ EXTERNAL HARDWARE

External hard drives such as USB sticks, camera

memory cards and smart phones :
Perfect storage tools for anyone to spread their
malware and virus making it possible to physically
cross network barriers that are otherwise protected by
network firewalls.

PRECAUTIONS:
BLOCK USB PORTS
ONLY AUTHORISED PERSONNEL CAN ACCESS SHIP’S NETWORK
SCAN REMOVABLE MEDIA FOR VIRUSES
DONOT CONNECT PERSONAL DRIVES, USB’S TO SHIP BUSINESS LAN
COMPUTERS
CYBER THREAT
MIXING ISOLATED AND OPEN NETWORKS

Risk: Connecting a personal wireless router or PC to

the isolated network reserved for operational
equipment is a major security risk.
• Hackers can invade your systems by exploiting an
open wireless network, or one with low level
security.
• Hackers can literally sit outside your ship’s physical
location and access critical onboard systems
through wireless network.

PRECAUTIONS:
DO NOT CONNECT TO OPEN/UNSECURED WIFI NETWORKS
DO NOT ENTER PERSONAL/SENSITIVE INFORMATION ON UNKNOWN
SUSPICIOUS WEBSITES.
SIGNS OF A COMPROMISED COMPUTER
 BEST PRACTICES
POTENTIAL THREATS PASSWORD PROTECTION
Keep Unauthorized software away from ship Be in Control
systems Use new passwords every time you sign on to a ship
Scan for viruses and malware before you connect Choose complex passwords with numbers, symbols, and some
authorized USB memory sticks to onboard OT and other Capital letters. You have to be able to remember them.
networked systems Do not share your user names and passwords to anyone.
Personal laptops, tablets, USB memory sticks or phones Change default user passwords
must not be connected to onboard operational systems. Delete user accounts of colleagues who have left the ship .

INCIDENTS SUSPICIOUS ACTIVITY

Be Prepared Be vigilant when you communicate
Keep your crew and any passengers safe – train for Only open emails or open attachments from senders that
what to do if important OT system do not work. you know and trust.
Know where to get IT and OT assistance. Know what to do with suspicious emails
Report suspicious or unusual problems experienced on Think before you share information on social media or
IT and OT systems. personal email about your company, job, ship or the crew.
CYBERSECURITY AUDIT
TMSA/IMO/DOC
CYBERSECURITY AUDIT

ISMS Policies

Password Security

Email Security

Internet Usage

USB Access

Accounts Privacy

Data Security and Encryption

Mobile Device Security

Duo Account Security

Securing the Human Training

Reporting an Incident
CYBERSECURITY AUDIT

Template
CYBERSECURITY AUDIT

• ISMS Manual can be accessed on Doc-Map

• ISMS Manual contains all the Cyber Security Policies and Procedures
• All cyber events shall be reported to the Chief Engineer
• The Chief Engineer is the cyber incident response lead and coordinator on board the vessel
• The Master is the decision-making authority on board the vessel for matters that require immediate
disconnections, disabling, or dismantling of critical systems

Various ISMS Forms

ISMS Tem 015 Cyber Security Incident Reporting form

ISMS Tem 016 Cyber Risk Management MOC
ISMS Tem 017 Cyber Security – Training Form
ISMS Tem 018 IT-OT Critical System Software Inventory
ISMS Tem 019 IT-OT Changes Tracker Sheet
ISMS Tem 020 OT Equipment cyber Risk register
ISMS Tem 021 OT Equipment inventory
INCIDENT RESPONSE
WHAT IS A CYBERSECURITY INCIDENT?

An occurrence that
1) Compromises or risks the Confidentiality, Integrity, and availability of information or an information system,
without lawful authority; or
2) Constitutes a violation or imminent threat of violation of law, security policies, security procedures, or acceptable
use policies.
 WHAT TO DO?

Refer to Cyber
Reporting Cyber Incident Response Plan
in ISMS Manual

For Cyber Incident inform CISO For all vessel IT issues and
(Chief Information Security Officer) requirement
[email protected] [email protected]
QUIZ
1. Hacker can do cyber-attack on the organization using a simple USB flash drive
a) True b) False

2. Cyber threat has a huge potential to affect the safety of the __________.
a) Crew b) Vessel
c) Cargo d) All of these

3. Cyberattack can disrupt or halt the operations of the vessel

a) True b) False

4. Life is at risk when cyber-attack on

a) IT System b) OT System c) Both

5. Phishing is a cyber-attack which uses a disguised email to trick people into revealing sensitive information like
passwords or financial details.
a) True b) False

34
 QUIZ
6. Characteristic of phishing email are __________
a) Urgency b) Attachment c) URL/Link d) All of these

7. Ransomware attack ____________

a) Encrypts data or file b) Stops access to computer c) Both of the d) None of these

8. Communication and Navigation system can be disrupted by spoofing and signal jamming.
a) True b) False

9. Connect personal drives, USB’s to ship business LAN computers.

a) Right b) Wrong

10. Share user id and password with your colleagues.

a) Right b) Wrong

35
 QUIZ
11. Inform cyber incidents to
a) [email protected] b) [email protected] c) No need to inform

12. Incident is anything that negatively affects confidentiality, integrity or availability of the information.
a) True b) False

13. Weak password is an example for Vulnerability

a) True b) False

14. Disclosure of password will affect confidentiality of CIA triad.

a) True b) False

36
THANK YOU