Embed Size (px)
Citation preview
U. S. COAST GUARD
MAR'01 1
Port Facility Cyber Security
International Port Security Program
Cyber Risk in the Marine Transportation System
U. S. COAST GUARD
Objectives
• IDENTIFY motivations behind a cyber attack.
• IDENTIFY various types of cyber incidents.
• DESCRIBE the relationship between cyber risk and the MTS.
• STATE why cyber security is important to ports and what steps should be taken.
U. S. COAST GUARD
Topics
• Why is cyber security important to ports?
• What are motivations behind a cyber-attack?
• What are various cyber threats that the MTS faces?
• Cyber security assessment.
• Cyber security plan.
• Managing cyber security at a port facility.
• Understand countermeasures
U. S. COAST GUARD
What is cyber security?
U. S. COAST GUARD
Cyber security defined
Cyber security can be defined as:
“the collection of tools, policies, security concepts, security safeguards, guidelines, risk
management approaches, actions, training, best practices, assurance and technologies that can be used to protect the cyber environment and
organization and user’s assets.”
U. S. COAST GUARD
Impacts of Exploiting Cyber in MTS
• Financial loss
• Terminal and / or port shutdowns
• Economic disaster
• Environmental catastrophes
• Loss of life
6
U. S. COAST GUARD
Cyber Examples
7
U. S. COAST GUARD
Hackers Used Cyber to Facilitate Drug Smuggling
By breaking into the offices of a harbor company, the criminals could install
key-loggers to take control of computers
Computers of container terminal were hacked so the containers that
contained drugs could be monitored
By means of false papers and a hacked pin code, the drivers were
able to pick up the container at a location and time of their choosing
1044 kilos cocaine/1099 kilos heroin
8
U. S. COAST GUARD
ECDIS Vulnerabilities
Electronic Chart Display and Information System (ECDIS)
• Used for ship navigation
• Interconnected with numerous shipboard systems and sensors (AIS, NAVTEX, Speed Log, fathometer)
• Chart updates loaded via internet or CD/USB
9
U. S. COAST GUARD
Cyber Attack – Cargo Data
• Target: Iranian Shipping Line (IRISL)
• Major data and communications loss
• Significant disruptions in operations
• Severe financial losses
• Cargo sent to incorrect destinations
10
U. S. COAST GUARD
Oil Rig Loss of Stability
11
• Semi-submersible drilling rig experienced power management system problems
• Power outage • Loss of station • Emergency disconnect • 14 different viruses • Significant safety concern
U. S. COAST GUARD
WiFi Devices
Recent studies have shown major vulnerabilities in 20% of identified control system networks
• Digital surveillance networks also have vulnerabilities
Powerful WiFi devices detected on foreign flag ships
• Many antennas have a range of several miles
• Several antennas connected to computers running password cracking software
U. S. COAST GUARD
2000 - Russia
• Hacked natural gas pipeline flow control system
• Largest non-nuclear explosion and fire
• 3 kiloton explosion (WTC on 9/11 ~ 0.1kiloton)
U. S. COAST GUARD
2001 - Texas
• Revenge hack • Port's web service inaccessible • Crucial data for shipping pilots, mooring companies and support firms
U. S. COAST GUARD
Cyber is an issue, what’s next?
15
• Levels of interaction/interest have varied throughout the world. • Cyber should be a topic in security discussions/interactions with industry, particularly during facility/vessel visits and meetings. • Everyone must get familiar with the resources that are available. • Cyber isn’t going away; we all need to be conversant. This isn’t just an IT issue anymore.
U. S. COAST GUARD
Authority & Jurisdiction
16
• Cyber is another operational domain. • Cyber is just an additional risk factor we must take into account when ensuring a safe and secure marine transportation system.
U. S. COAST GUARD
Cyber Threat Sources
Attack Motivators
Espionage
Terrorists
Criminal Hactivists
National Governments
U. S. COAST GUARD
Threat actors and vectors
U. S. COAST GUARD
Cyber security standards, guidance and best practices
There is a wide range of security-related standards and best practice guidance available that apply to IT and industrial control systems.
U. S. COAST GUARD
Cyber security assessment
• In compliance with the port security standards, security assessments are conducted for ports and port facilities.
• The purpose of these assessments are to identify vulnerabilities that may lead to a security incident.
• It is intended that wherever appropriate the CSA should build upon the existing security assessments.
U. S. COAST GUARD
Cyber security plan
• Security assessments form the basis of the security plans for the port and port facilities.
• Plans should address the issues identified in the relevant assessment through the establishment of appropriate security measures designed to minimize the likelihood of a breach of security and the consequences of potential risks.
• It is intended that wherever appropriate the CSP will build upon the existing port facility security plan (PFSP).
U. S. COAST GUARD
Cyber security training
• When employees aren’t involved in cybersecurity, not only can vulnerabilities and threats go unnoticed but employees can become conduits through which attacks are executed.
• Employees should receive initial and periodic cybersecurity training, helping to maintain the security of the organization as a whole.
• While cybersecurity is an expansive field, there are certain topics that should be emphasized for general awareness.
• Social engineering - continues to be a popular means for cyber criminals to prey upon unsuspecting employees.
U. S. COAST GUARD
Cyber security training
• Methods involve emails (“phishing”), phone calls, or other types of personal interactions in which malicious actors attempt to entice employees into providing sensitive personal or corporate information, such as account passwords or details about information technology infrastructure.
• Actors might attempt to make employees perform specific actions, such as pay for alleged services, download infected attachments, or visit malicious websites.
• Unsolicited emails, phone calls, and other correspondence from unknown senders should be viewed with particular caution.
U. S. COAST GUARD
Questions to consider
• Was cyber security considered when conducting the port facility security assessment (PFSA)?
• Does the port facility security plan (PFSP) address cyber security?
• Does the port facility test its IT system for weaknesses?
• Does the port facility conduct cyber security training for all facility personnel?
U. S. COAST GUARD
Basic Security Measures
1 Conduct a cyber security assessment
Assessments should identify: Important cyber assets and infrastructure. Risks arising from possible threats and the likelihood of their occurrence. Prioritized countermeasures. Weaknesses, including human factors, in the infrastructure, policies and
procedures.
Reference sources
Cyber Security Assessments
https://ics-cert.us-cert.gov/Assessments
Control System Internet Accessibility
https://ics-cert.us-cert.gov/alerts/ICS-ALERT-11-343-01A
Increasing Threat to Industrial Control Systems
https://ics-cert.us-cert.gov/alerts/ICS-ALERT-12-046-01A
U. S. COAST GUARD
Basic Security Measures
2 Develop a cyber security plan
Similar to the PFSA and PFSP the plan should include: Measures to secure cargo and ships stores data.
Methods of testing for weaknesses. A schedule of drills and exercises. A list of hardware, networks and personnel that have access to them.
Standard operating procedures.
Reference sources Beginners Guide to Firewalls: A Non-Technical Guide
https://portal.waterisac.org/system/files/2002__Library/Firewall%20Guide.pdf
Improving Industrial Control Systems Cybersecurity with Defense-In-Depth Strategies
https://ics-cert.us-cert.gov/Abstract-Defense-Depth-RP Targeted Cyber Intrusion Detection and Mitigation Strategies
https://ics-cert.us-cert.gov/tips/ICS-TIP-12-146-01B
U. S. COAST GUARD
Basic Security Measures
3 Conduct cyber security training
Employees should receive initial and periodic cyber security training, helping to maintain the security of the organization as a whole.
Reference sources
Five Tips to Help Execute an Employee Training Program https://www.helpnetsecurity.com/2016/08/18/employee-training-
program/ Cybersecurity Questions for CEOs
https://www.us-cert.gov/sites/default/files/publications/DHS-Cybersecurity-Questions-for-CEOs.pdf
Choosing and Protecting Passwords
https://www.us-cert.gov/ncas/tips/ST04-002
U. S. COAST GUARD
Lesson Summary
Question: What are some of the impacts of a cyber attack in the maritime transportation system?
U. S. COAST GUARD
Impacts of Exploiting Cyber in MTS
• Financial loss
• Terminal and / or port shutdowns
• Economic disaster
• Environmental catastrophes
• Loss of life
29
U. S. COAST GUARD
Lesson Summary
• Question: Who are the threat actors and how can they attack our systems?
U. S. COAST GUARD
Threat actors and vectors
U. S. COAST GUARD
Lesson Summary
• Question: What are important steps that a port facility can take to improve their cyber security?
U. S. COAST GUARD
Questions
