Last month maritime trend news January 03, 2023 - February 01, 2023
|
|
|
Maritime Cybersecurity News by DSLABcompany |
|
|
In updates, the classification society said 70 customers were affected by the attack on 7 January and that the company is still working to restore the platform’s servers. DNV has published a second update regarding the cyber attack it is still attempting to recover from, saying servers remain offline for the ShipManager software affected by the attack. "DNV is working to restore the functionalities of the dedicated ShipManager servers, following a ransomware cyber-attack on 7 January. External technical experts have been engaged to investigate the attack, which has also been reported to the police and other relevant authorities," the company said. The company said there remain no indications that any of its other software or data has been affected by the attack and the server outage is limited to the ShipManager platform. "DNV is communicating daily with all 70 affected customers to update them on findings of the ongoing forensic investigations. In total, around 1,000 vessels are affected. We apologise for the disruption and inconvenience this incident may have caused," the company statement said.
|
|
|
A series of cyberattacks on overseas shipbuilding and offshore companies have recently occurred, requiring the industry to be extra vigilant. According to a recent announcement by maritime cybersecurity startup DSLab Company, cyberattacks on ports, shipyards, and ship equipment companies in Norway, Denmark, and other European countries have occurred, and in particular, the hacking of ship management software may affect about 1,000 ships using the software. Recently, the shipbuilding and offshore industry is increasingly investing in marine mobility development such as autonomous ships, smart ships, and unmanned ships, and the market is expected to reach KRW741 trillion in 2030. In addition, as the connectivity between ships and land increases, and ships are equipped with various ICT equipment, a ship ICT supply chain that is different from the existing situation is being formed. The ship ICT supply chain consists of shipyards, ship owners, ship management companies, classification societies, ship equipment companies, and ports. The threat of cyberattacks on the maritime supply chain has increased as the number of cyberattacks on the maritime ICT supply chain has increased. |
|
|
The maritime industry is vulnerable to cyber threats. Ships and surrounding infrastructure are becoming increasingly connected and digitaliszd, which is providing more opportunities for cyber attacks. According to maritime expert Cameron Livingstone of The Nautical Institute, “As ships become more technologically sophisticated, methods an attacker could use to disable ship and shore-based technology are widening. GNSS spoofing, radar jamming, AIS interference and shore-based communication shutdowns are increasingly common. Livingstone cites the 2019 incident involving the British tanker Stena Impero. The vessel was boarded and detained by Iranian forces after she maneuvered suddenly into Iranian waters due to GNSS spoofing, which caused deliberate interference with her positioning. There are many ways in which ships could be intercepted, especially as they become more autonomous and remotely operated. As humans are removed from technical processes, problems are less likely to be detected quickly. These technologies could be manipulated by attackers to cause collisions and generally disrupt vessels. The impact is worsened if problems occur on busy trading routes, as with the Suez Canal crisis early in 2021. Just one impacted ship could create a ripple affect across industry and global trade. Such widespread disruption may motivate some attackers. |
|
|
GTMaritime published a guide to highlight some of the problems that can occur using equipment and operating systems likely to be found on ships in operation. As well as deliberate cyberattacks, the guide considers how even supposedly safe and routine matters such as a system update can create difficulties on board a vessel. The question of automatic updating and its hazards is considered and also included in the guide is a section on the human element as this is the area where most failings can occur and where deliberate attackers most frequently target |
|
|
The 2023 National Defense Authorization Act (NDAA) passed by Congress and signed by President Biden in late December 2022 was filled with a host of military-related cybersecurity provisions. One little-noticed provision in the bill called for a study of cybersecurity and national security threats posed by foreign-manufactured cranes at United States ports. Under this provision, the Maritime Administrator, working with Homeland Security, the Pentagon, and the Cybersecurity and Infrastructure Security Agency (CISA), is required to conduct a study to assess whether foreign manufactured cranes at United States ports pose cybersecurity or national security threats. It must be completed by late December 2023 and submitted to the Senate Commerce and Armed Services committees and House Transportation and Armed Services committees. Crane security study origins unclear Little information is available on why this study appeared in the NDAA or why a study of port crane security was deemed critical enough to include in the annual must-pass legislation. However, the study could be a concession to Representative Carlos Gimenez (R-FL), who introduced a bill last year, H.R.6487, the Port Crane Security and Inspection Act of 2022, that died in committee. |
|
|
You are a bridge officer on a 12,000 TEU container vessel in the Kill Van Kull Channel, heading west towards the Bayonne Bridge with a pilot on board. It's a cloudless sunny day. As you pass Constable Hook Reach, you feel the ship veer hard to port and your speed appears to increase. Although the bridge instruments show your expected speed, location, and rudder position, the rudder is, in fact, hard over to port and your speed has increased to 12 knots. The pilot's PPU shows the vessel horribly deviating from the assigned course and speed, adding to the confusion. The ship does not respond to helm and engine orders. Within a few minutes, your bow has run aground on the south shore of the channel, while the stern continues to swing around towards the north shore. Within six minutes, your ship is sideways in the channel and traffic in both directions has come to a halt. When trying to manage cyber threats and understand cyber attack capabilities, maritime executives will benefit by measuring their respective risks and opportunities in temporal terms. In the commercial sectors with the greatest degree of cybersecurity maturity, corporate information security executives typically reach for their stopwatches to measure how robust their cybersecurity posture is. It is past time that maritime executives start doing the same. Here are seven cyber metrics that maritime owners and operators should understand and start to measure. |
|
|
The Coast Guard released a new guide to help maritime transportation system stakeholders establish baseline cybersecurity assessments and develop cybersecurity planning and response to meet the challenges posed by evolving threats. The Maritime Cybersecurity Assessment & Annex Guide will assist Maritime Transportation Security Act (MTSA)-regulated facilities in meeting the Facility Security Assessments (FSA) and Facility Security Plans (FSP) required by MTSA, USCG said. As requirements for FSAs and FSPs were implemented last year, “stakeholder feedback reflected a desire for continued development of guidance and support from the Coast Guard,” USCG said. “MCAAG offers an additional resource for MTSA-regulated facilities to enhance and expand on their current efforts as they continually assess cyber risks and vulnerabilities.” The guide, which was developed in collaboration with the maritime industry, “may be also a resource for Area Maritime Security Committees in assessing overall port area cybersecurity risk and development of cyber annexes of Area Maritime Security Plans, and is useful for any other MTS stakeholders interested in conducting a baseline cybersecurity risk assessment, developing plans, as well as continued improvement of existing plans.” |
|
|
info@dslabcompany.com
Samsung IT Harrington Tower 716, Geumcheon-Gu Digital-Ro 9 Gil, Seoul(08511) |
|
|
|