Last week's maritime trend news November 10, 2022 - November 16, 2022
|
|
|
Maritime Cybersecurity News by DSLABcompany |
|
|
Recent Cybersecurity Incident Summary |
|
|
|
According to the report, once a shipping company has established its objectives and identified the capabilities needed to achieve them, it will benefit most from finding the right combination of communication services to best support those capabilities. Recommendations #1 Put cyber security at the centre: Consider the segregation of networks according to dedicated user segments: Commercial/IT for Business, Technical/OT and Crew/IT for Crew. Cyber security hygiene is vital. Put in place hard limits in terms of connectivity access – humans are often the weakest link in terms of cyber security.
|
|
|
|
Good news for the Port of South Louisiana: The Federal Emergency Management Agency (FEMA) has awarded the Port nearly $700,000 to upgrade its cybersecurity framework in the face of the ever-evolving threat landscape. Together with the Port’s 25% funding match, this means that nearly a million dollars will be earmarked for new, updated, and ongoing technologies, processes, testing, and advanced training aimed at protecting against threats from cyber terrorists and other bad actors. The need for such an investment in one of the United States’ largest ports, by tonnage, is underscored by the results of a recent public audit that revealed the Port lost nearly $420 million as a result of a 2021 cyber attack. Now, the Port faces the challenge of determining how to allocate these funds to best defend against a potential future attack. Although the grant provides funding for a broad range of cybersecurity tools — from 24/7, real-time vulnerability monitoring, management, scanning, and detection, to regular penetration testing, encryption/decryption technology, and related functions — not all solutions are created equal, nor do they deliver the same return on investment. |
|
|
|
The US Department of Homeland Security released the Cybersecurity Performance Goals (CPGs), voluntary practices that outline the highest-priority baseline measures businesses and critical infrastructure owners of all sizes can take to protect themselves against cyber threats. The CPGs were developed by DHS, through the Cybersecurity and Infrastructure Security Agency (CISA), at the direction of the White House. Over the past year, CISA worked with hundreds of public and private sector partners and analyzed years of data to identify the key challenges that leave our nation at unacceptable risk. By clearly outlining measurable goals based on easily understandable criteria such as cost, complexity, and impact, the CPGs were designed to be applicable to organizations of all sizes. |
|
|
|
The European Union Agency for Cybersecurity (ENISA) has identified and ranked the 10 top cybersecurity threats to emerge by 2030, after engaging in an 8-month foresight exercise. With the support of the ENISA Foresight Expert Group, the CSIRTs Network and the EU CyCLONe experts, ENISA brainstormed in a Threat Identification Workshop to find solutions to the emerging challenges in the horizon of 2030. ENISA Executive Director, Juhan Lepassaar declared: “The mitigation of future risks cannot be postponed or avoided. This is why any insight into the future is our best insurance plan. As the saying goes: “prevention is better than cure”. It is our responsibility to take all measures possible upfront to ensure we increase our resilience over the years for an improved cybersecurity landscape in 2030 and beyond.” The exercise shows that the threats identified and ranked stand as extremely diversified and include those most relevant today. However, ENISA says today’s threats will remain to be addressed as they will have shifted in character. The agency also observed that increased dependencies and the popularization of new technologies are essential factors driving the changes. Such factors add to the complexity of the exercise and thus make understanding the threats even more challenging. |
|
|
|
The Coast Guard Cyber Command Intelligence Department alerted maritime stakeholders last week that typosquatting campaigns operated by cyber criminals continue to target the Marine Transportation System. Typosquatting targets people who, as the name indicates, make a mistake when typing a URL into a web browser. Users may then be directed to a malicious website that incorporates the common misspelling into its URL yet presents itself as a legitimate website. Once at the fake website, the user may be fooled into revealing sensitive information. Maritime Cyber Alert 01-22, issued by U.S. Coast Guard Cyber Command in March, reported “a recent uptick in malicious actors using spoofed business websites to target the Marine Transportation System (MTS).” “Multiple MTS partners have discovered well-constructed, fake websites masquerading as their legitimate business websites. These sites are created presumably to steal information from or install malware on customers’ devices interacting with the sites,” the alert said. “These spoofed websites are not designed to impact the maritime organization directly but resemble watering-hole style attacks where the intended targets are individuals and entities visiting the site. The spoofed websites are professional in appearance and quite sophisticated, some of which are presenting as .com domains. This level of detail can make it difficult to discern a real site from a fraudulent one.” |
|
|
|
Cybersecurity has emerged as a tangible risk for transportation service providers over the course of the last year. Ransomware attacks on domestic industry and critical infrastructure, and tensions associated with the Russian invasion of Ukraine, are now ever-present reminders of technology’s role in our businesses and the crippling risk of outside threats. The transportation sector as well as its regulators are taking notice. The White House is itself taking notice of the cybersecurity threat in our industry. The Biden-Harris Administration recently announced the introduction of its Freight Logistics Optimization Works initiative (FLOW). The initiative is designed to promote the sharing of critical freight information between different supply chain participants. The digital infrastructure of FLOW is intended to strengthen supply chains by facilitating more frequent and more accurate information for participants. The objective is to reduce COVID-type disruptions and also to guard against interference through cybersecurity vulnerabilities and other threats. The initial participants in FLOW are reported to include the Ports of Long Beach and Los Angeles as well as the Georgia Ports Authority, terminal operators, private businesses, and logistics and warehousing providers. |
|
|
info@dslabcompany.com
Samsung IT Harrington Tower 716, Geumcheon-Gu Digital-Ro 9 Gil, Seoul(08511) |
|
|
|
