Last week's maritime trend news December 1, 2022 - December 6, 2022
|
|
|
Maritime Cybersecurity News by DSLABcompany |
|
|
Recent Cybersecurity Incident Summary |
|
|
|
The US Government Accountability Office (GAO) has warned that the time to act on securing the US's offshore oil and natural gas installations is now because they are under "increasing" and "significant risk" of cyberattack. A report to Congress looked at a network of "more than 1,600 offshore oil and gas facilities," which the federal watchdog pointed out produce a "significant" amount of America's domestic oil and gas – and the operational technology (OT) tech that looks after and controls the physical equipment. The study also warned of a potential ecological (and energy) disaster on par with the 2010 Deepwater Horizon disaster. Striking an air of desperation, the report adds that in 2015 and 2020 the Department of the Interior's Bureau of Safety and Environmental Enforcement (BSEE) initiated efforts to address cybersecurity risks, but "neither resulted in substantial action." Earlier this year, BSEE "again started another such initiative," hiring a cybersecurity specialist to lead it. But bureau officials have apparently put this on pause while the specialist is brought up to speed with "the relevant issues." In the meantime, the report urges, BSEE should "immediately" get a strategy together to "address offshore infrastructure risks." Curiously, the report mentions neither the physical attack on gas lines under the Baltic Sea owned by Russia's Nord Stream energy firm, nor Stuxnet – which is perhaps the most well known SCADA system malware of all time. The famous worm was widely credited with crippling the Iranian nuclear weapons program for several years, and according to researchers found its way onto the air-gapped network of the plant on an infected USB stick.
|
|
|
|
Swiss marine power company WinGD has received a cyber security type approval for its engine control system from classification society DNV. As explained, the company is the first marine engine designer to obtain this type of approval. Specifically, DNV has granted WinGD Control Electronics (WiCE) an SP1 type approval, aligning with International Association of Classification Societies (IACS) Unified Requirement (UR) E27 technical system requirements – a cybersecurity standard that will apply to all newbuilds. DNV’s SP1 ‘Cyber Secure Essential’ notation certifies that vessels are built with cybersecurity standards equivalent to UR E26, governing system integration, and UR E27, applying to installed technologies. The engine control system is one of several ship systems that need to be validated to E27 standard. Type approval assures that WiCE is technically ready to meet this standard. The new regulations are due to enter force in 2024. |
|
|
|
“Security convergence” is the industry term used to describe the uniting of cyber and physical security into a single organizational structure. It is a point of discussion among practitioners since ASIS International and the Information Systems Audit and Control Association (ISACA) established the Alliance for Enterprise Security Risk Management – an organization dedicated to this concept – 17 years ago. Yet only 52.5 percent of large companies surveyed are either “fully or partially converged,” as noted by Megan Gates in the latest issue of Security Management. Gates also cites the Colonial Pipeline incident, which operated as a traditionally siloed cyber and physical security program and is now merging security functions in the wake of experiencing a crippling ransomware attack in May. Critical infrastructure providers, particularly those in the energy sector, cannot operate effectively with cyber and physical security information siloes in place. |
|
|
|
ABS has launched ABS Wavesight, a new maritime software as a service (SaaS) company designed to help shipowners and operators streamline compliance while maintaining competitive, more efficient, and sustainable operations. ABS Wavesight’s products include My Digital Fleet, an AI-driven analytics and performance visualisation platform, and Nautical Systems, the fleet management system that provides tools to improve reliability and performance. ABS Wavesight builds on these capabilities by integrating both products to offer visibility into fleet assets and real-time insights that drive sustainable operations and reduce operational risks. |
|
|
|
Inmarsat has signed an agreement with offshore services provider Zamil Offshore to roll out an Internet-of-Things (IoT) solution to more than 60 vessels in the Gulf area. The solution, powered by Fleet Connect and Fleet Data and delivered through Inmarsat’s Fleet Xpress, will allow Zamil to identify, trial and select the best solutions to meet vessel performance expectations set by its charterer, Saudi Aramco. The announcement follows a successful trial on the fleet’s anchor tug, Zamil 57. Fleet Connect will provide the dedicated bandwidth to support vessel CCTV capabilities and other value-added services, while Fleet Data will power enhanced data analytics for efficiency and sustainability. Scott Middleton, regional sales director, Inmarsat Maritime, said: “In addition to providing fast and reliable connectivity to improve crew welfare, Fleet Xpress enables the digital and IoT capabilities that Zamil Offshore needs to meet their needs. We are grateful to our local partner, Petroleum and Energy Trading Services Company, for its support in rolling out our end-to-end solution across Zamil’s extensive and varied fleet.” Fredrik Lang, technical manager, Zamil Offshore, said: “Inmarsat has been deeply involved in this project from the outset, offering us guidance and support in securing value-added services that will allow us to meet Saudi Aramco’s requirements in surveillance and performance monitoring. |
|
|
|
The early uses of cyberspace capabilities were highly selective and secretive, with employment decisions held at the highest levels of government—much like nuclear weapons employment. The fact that intelligence services were the first to exploit cyberspace for interstate competition, principally as a means of espionage, kept cyber operations compartmented from traditional military planning and warfighting. These two constraints—cyber = nuclear and cyber = compartmented—left cyberspace capabilities occupying the narrow space reserved for strategic nuclear deterrence and sensitive intelligence collection. This was institutionalized in 2010 by placing the newly established U.S. Cyber Command under U.S. Strategic Command (where nuclear forces are controlled). Collocating it with the National Security Agency (where sensitive signals intelligence is conducted) and dual-hatting its commander as director of that agency reinforced intelligence equities over operations. While these decisions had some merit, the unintended effect was to constrain efforts to use information to increase sea power. Cyber power and cyberspace operations remained an afterthought to sea power. |
|
|
|
In fact, the entirety of modern conflict has evolved into Fifth Generation Warfare with information and perception as its framework. Often referred to as the "Gray Zone" or "hybrid warfare," the term encompasses cyberattacks, nonviolent economic pressure and disinformation campaigns. It’s the weaponization of anything. The threat is massive and echoed by many. Klaus Schwab, Founder & Executive Chairman of the World Economic Forum (WEF) – whose October 2019 pandemic tabletop exercise, “Event 201,” and the “SPARS” scenarios accurately predicted a coronavirus – has issued a new warning. During the 2021 WEF Cyber Polygon exercise, Schwab flagged "paying insufficient attention to the freighting scenario of a comprehensive cyberattack, which would bring to a complete halt to the power supply, transportation, and hospital services…the Covid-19 crisis would be seen, in this respect, as a small disturbance in comparison to a major cyber-attack." In August, U.S. Coast Guard Cyber Command (CGCYBER) released its 2021 Cyber Trends and Insights in the Marine Environment. The report notes: "Though the number of reported incidents has increased 68% from 2020 (47 cybersecurity incidents in 2021), we believe many other incidents go undetected or unreported. Cyber-criminals are now using focused ransomware attacks in multi-extortion style campaigns with hopes of ensuring a higher, more guaranteed payout with several large-scale incidents affecting multiple organizations at once.” As maritime executives, it's essential to understand the level of risk, attack surfaces and other considerations. Here are some perspectives from around the industry. |
|
|
|
The cranes that unload containers from ships at two of South Africa’s busiest ports slowed nearly to a halt in July 2021. Trucks waited in line for 14 hours or more to pick up cargo. Ships were forced to anchor outside the harbor for days and decide whether to skip the affected ports altogether. Shop owners and consumers worried about empty shelves as a prime shopping season approached. The disruption was caused by a cyber-attack. Hackers had infiltrated the network of Transnet, the state-owned company that operates the ports at Durban, Cape Town and others, as well as South Africa’s railway and pipeline network. Unable to fulfill contractual obligations for more than a week, the company was forced to break its contracts until the attack was resolved. It was the most severe attack ever perpetrated on South Africa’s critical infrastructure, but experts warn it will not be the last. “Attacks on critical infrastructure, including maritime ports, are likely to increase in severity and quantity,” wrote Denys Reva for the Institute for Security Studies. “The economic toll for African states will inevitably be high, which means that measures to boost cyber security and protect infrastructure are vital.” |
|
|
info@dslabcompany.com
Samsung IT Harrington Tower 716, Geumcheon-Gu Digital-Ro 9 Gil, Seoul(08511) |
|
|
|
