Last month maritime trend news December 28, 2022 -January 03, 2023
|
|
|
Maritime Cybersecurity News by DSLABcompany |
|
|
Recent Cybersecurity Incident Summary |
|
|
7. Falcon Express - Database breach, unauthorized access |
|
|
NOMINATED FOR SMART4SEA CYBER SECURITY AWARDS |
|
|
SAFETY4SEA, the world’s top 10 media supporter focused on safety and environmental protection in the maritime industry, holds an SMART4SEA Award that aims to foster excellence and share best practices across shipping. The event targets Technical, Safety, Operations & Marine departments of Ship Operators and other industry stakeholders. This year, the awards aim to recognize organizations that have demonstrated outstanding performance in fostering maritime digitalization and smart shipping.
Fortunately, DSLAB Company has been nominated for the SMART4SEA Cyber Security Award. We are offering a cyber threat intelligence system for the maritime industry. The product, which is being developed with DSME and supported by Ministry of Oceans and Fisheries in South Korea, collects and analyzes cyber threat data on ship attack surfaces and supply chain.
We would appreciate your vote to support our growth.
To vote, click the bottom button, click on the company logo, and then click the “Continue” button in the bottom right corner.
|
|
|
With trillions of dollars on the line, you would think that the world’s ships would be well-protected from cyber attacks. But you would be wrong. Thanks to antiquated IT systems, a general lack of proactive cyber defenses, and an absence of cybersecurity personnel onboard, most ships are easy targets for hackers extorting money through ransomware attacks, and hostile players wanting to wound specific nation’s economies by outright sabotage. “Threat actors can easily disable or tamper with onboard and offboard systems,” said David Warshavski, vice president of Enterprise Security at the cyber technology and services company Sygnia. “While this may not seem critical to overall operations, it can effectively halt a ship from moving or delivering its cargo.” Thankfully, there are steps that can be taken to bring maritime cybersecurity up to 21st century standards, and some maritime associations and shipping companies are already taking them. But others aren’t: “There are a lot of cyber deniers that are just saying, ‘Ah, this isn’t that big of a problem’,” said Gary Kessler, principal consultant in the Maritime Solutions Group at Fathom5, an industrial technology company delivering security-first solutions to the maritime industry. “Their frequent response is, ‘Has anybody sunk a ship yet with a cyberattack?’.”
|
|
|
Shipping has changed more in the last two years than it did in the entire decade before that. Digitalization has given the industry new ways of working that have kept world trade moving through a global pandemic and enabled many new efficiencies. But the shipping industry’s increasing reliance on digital tools is not without risks. Today, it makes no difference if you work at sea or ashore; there is no escaping the need to properly manage cybersecurity risks and protect against those attempting to harm the industry. A new report by Thetius, ‘The Great Disconnect’, focuses on what it perceives as three significant disconnects. Within maritime organizations, there is a disconnect between the perceived and actual readiness to respond to an attack. Whether at sea or ashore, the more senior a staff member is, the less likely they are to know if their organization has suffered from a cyberattack. The second disconnect occurs across the supply chain between the security standards ship operators are working to and the standards that the industry’s suppliers work to. Finally, this problem is compounded by the fact that many operators have little to no control over the security of systems that are installed onboard, creating a disconnect between the exposure for the ship operator and their ability to control the risks. This supply chain disconnect is built into regulations, too, with the IMO Cyber Risk Management resolution placing the burden of regulatory compliance solely on ship owners and operators. |
|
|
National Security Agency Cyber Director Rob Joyce said Thursday he remains concerned about significant cyberattacks from Russia, warning that Moscow could unleash digital assaults on the global energy sector in the coming months. “I would not encourage anyone to be complacent or be unconcerned about the threats to the energy sector globally,” Joyce said. “As the [Ukraine] war progresses there’s certainly the opportunities for increasing pressure on Russia at the tactical level, which is going to cause them to reevaluate, try different strategies to extricate themselves.” The remarks came as Joyce briefed reporters about the agency’s annual year in review report, which focuses in part on Russian cyberattacks in Ukraine. Joyce said NSA has seen “spillover” from Ukrainian hacks to neighboring countries and particularly Poland due to its status as a supply channel to Ukraine. The report portrays cyberspace as a critical domain in the Ukraine war and notes that in the weeks leading up to and following Russia’s invasion at least seven new families of destructive data wipers were used. |
|
|
The energy industry, which has always paid special attention to risk management to ensure safe and reliable operations of oil and gas assets, has faced this year new challenges in managing risks after the Russian invasion of Ukraine. Risk management – all the processes and precautions to ensure continuity and stability of production and all other operations – now has to cope with increased physical threats to infrastructure, higher risks of cyber attacks, and the impacts of highly volatile prices and sudden tax changes on financial performance. In addition, in the extreme market volatility and very high uncertainty regarding both supply and demand of oil and gas in the near term, companies face more work on managing financial and supply and demand risks. |
|
|
Digitisation includes the introduction of new technologies and equipment that requires significant capital expenditure. The high costs of these new systems can be a barrier to their take-up. Many shipowners would believe their existing systems are fit-for-purpose and will not prioritise the expenditure. It is challenging, however, to quantify the advantages and future savings in costs that new systems will provide. Training in how to use new technology is another hurdle to overcome. AMSA ensures shipowners are included in the consultation and discussions around digitisation at the IMO and through regional and national bodies such as the Regional Safety Committees and National Safety Committees.With digitisation comes challenges with cybersecurity. Protecting transmitted sensitive data is critical, as is ensuring that equipment that can be accessed remotely remains secure. As ships become autonomous the transmitted data and equipment on board controls the ship without any local human oversight. The consequences of interference with, or manipulation of, the data or equipment could be catastrophic. As equipment and systems are developed, it is critical that data security is developed at the same time. AMSA is involved in the development of the design and performance standards for equipment and communications at the IMO to help ensure systems are secure when they are put into service. |
|
|
info@dslabcompany.com
Samsung IT Harrington Tower 716, Geumcheon-Gu Digital-Ro 9 Gil, Seoul(08511) |
|
|
|