Maritime and port cybersecurity.

Worth reading today: a study published by Jones Walker LLP on maritime cybersecurity in the United States.

The survey, conducted among 126 U.S. executives, indicates that 38% of them confirmed having experienced either successful intrusions (10%) or attempted intrusions (28%). The remainder may simply not have detected them, you might say—which is not an unreasonable assumption.

While 69% of respondents expressed confidence in the overall preparedness of the maritime sector, only 36% believe that their own company is adequately prepared. The most concerning results come from small and medium-sized enterprises in the sector, 94% of which consider themselves poorly prepared.

Presentation delivered during the Derbycon 2018 conference.

Who might want to target maritime information systems?

Intentional threat sources are broadly similar to those encountered in other sectors. Rather than reproducing a long and exhaustive list of possible threat actors, it is worth noting that the French cybersecurity agency ANSSI has already documented them in detail (see p. 15 and following pages in the reference below).

Today, the most realistic threat sources include:

• state-sponsored actors, pursuing objectives such as espionage, pre-positioning within systems, or even disruption and destruction
• “casual” hackers, inspired by demonstrations or proof-of-concept attacks presented at cybersecurity conferences and attempting to reproduce them
• competitors, a possibility that cannot be completely ruled out and should at least be considered in risk assessments
• terrorist or piracy-related organizations, which could see financial or strategic value in such attacks
• collateral infections, meaning attacks that do not specifically target the maritime sector but still affect it, as is often the case with ransomware campaigns

It is worth remembering that cyber operations have several advantages for attackers: they can often be carried out anonymously, attribution is difficult, and attacks can be launched rapidly and at relatively low cost (especially when the attacker only needs to deploy existing tools).

The Finnish technology group Wärtsilä has announced the opening of its International Maritime Cyber Centre of Excellence (IMCCE) in Singapore. Developed in partnership with Templar Executives, the IMCCE includes a maritime CERT (Computer Emergency Response Team) and a cybersecurity training center. The primary objective is to enable rapid response in the event of incidents and to improve overall understanding of cyber risks in the maritime sector.

The maritime CERT (MCERT) is designed as an international platform providing cyber threat intelligence and incident response support. It delivers intelligence feeds, guidance, and operational assistance to its members, including real-time support during cyberattacks or incidents, as well as an alert portal accessible to members wherever they are in the world.

Those among you who have read the latest U.S. National Cyber Strategy, published in September and signed by President Trump himself, will have noticed several interesting points related to cyber and maritime issues. These appear on page 18 of the document (just before the section on the space sector). Below is a quick copy/paste of the relevant paragraph:

IMPROVING CYBERSECURITY IN THE TRANSPORTATION AND MARITIME SECTORS:

The national security and economy of the United States depend on global trade and transportation. Our ability to ensure the free and timely movement of goods, maintain open sea and air routes, secure access to oil and natural gas, and guarantee the availability of associated critical infrastructure is essential to both our economy and our national security.

The Port of Rotterdam announced today the appointment of its Port Cyber Resilience Officer.

René de Vries, shown below, now holds the position of Port Cyber Resilience Officer (Port CRO). He operates under a joint mandate from the police, the municipality, and the Port of Rotterdam Authority.

Among his responsibilities are improving the cyber resilience of the port (it is worth recalling that the port was affected by the NotPetya attack), raising awareness of cybersecurity issues among stakeholders, strengthening organizational training and preparedness, and improving overall risk management.