I attend a series of meetings last week with a partner
company regarding converged maritime and port security. Converged meaning both physical and cyber
aspects related to assessments, maturity models, risk management, and
internal/external threats related to financial and insurance implications.
To my astonishment, many maritime and port entities – both
public and private – are of the group think mindset of “So what?” regarding converged
security risks. Many within the maritime
and port community “check the block” using open source intelligence (OSINT)
threat assessments – very few consider OSINT combined with real-time cyber
threat intelligence (CYINT). Many view
cyber security as a “known unknown” risk versus return on investment. Another operational cost burden in a low
margin business. Think again!
Let’s look at an under reported area impacting the maritime
and port “converged security” area overlooked from a cyber perspective. It is understandable within an industry
culture of tangible “hands-on” equipment, that cyber “1’s and 0’s” is neglected:
ICS (Industrial Control Systems) and SCADA (Supervisory Control and Data
Acquisition). ICS-SCADA is a general
term describing industrial automation systems responsible for data acquisition,
visualization and control of industrial processes, often found in various industrial
sectors and Critical Infrastructures – including maritime and port
infrastructure. ICS play a critical role in maintaining the continuity of
industrial maritime processes ensuring functional and technical safety,
preventing large industrial accidents, environmental disasters and financial
ruin.
The criticality of control systems in the maritime and port
sectors due to the high impact in case of disruption, makes ICS a major target
for malicious activities. Based on the ICS-CERT Monitor (part of U.S. Department
of Homeland Security), between 2009 and 2014 the number of reported cyber
security incidents in the ICS-SCADA area increased more than 27 times. This
does not take into account global maritime and port operations impacted by
cyber security incidents. At the same
time more than half of the incidents (59% in 2013) were aimed at the energy and
critical manufacturing sectors and around 55% involved advanced persistent
threats (APT). Most ICS-SCADA cyber security incidents stay undetected or unreported.
Getting back to the “So what?” think of the undetected and
unknown cyber ICS vulnerabilities within the maritime industry occurring DAILY:
- Compromised ERP (Enterprise Resource Planning hardware/software and cloud system
- Financial data theft and manipulation
- Equipment failure (vessel and port) including GPS, computers and ICS/SCADA
- Falsified manifests and documentation – high and low value cargo theft
- Insurance claims, false resupply claims, market manipulation, environmental issues
- Drugs, smuggling and terrorism threat on the supply chain/cargo
- Physical security breaches (security cameras, security equipment, security access control points)
- Compromised employees and Insider threats
Wapack Labs has discovered numerous ports, vessels and
maritime “systems” compromised with malware and key-loggers that are “owned” by
the cyber underground in our “Daily Show” reports. Most of the cyber threats are related to
financial gain and market (oil/gas) manipulation.
If you or your peers in the maritime/port, transportation,
supply chain and energy infrastructure sectors want to change your view from “So
what?” to “So how can Wapack Labs help!” give us a call or email to enlighten
through our Daily Show reports, Cyberwatch®
and Cyber threat Index® to keep your
organization financially sound through our Red Sky Alliance Member Information
Sharing Portal.
