March 12, 2016: Chuck Nettleship
I attend a series of meetings last week with a partner company regarding converged maritime and port security. Converged meaning both physical and cyber aspects related to assessments, maturity models, risk management, and internal/external threats related to financial and insurance implications.
To my astonishment, many maritime and port entities – both public and private – are of the group think mindset of “So what?” regarding converged security risks. Many within the maritime and port community “check the block” using open source intelligence (OSINT) threat assessments – very few consider OSINT combined with real-time cyber threat intelligence (CYINT). Many view cyber security as a “known unknown” risk versus return on investment. Another operational cost burden in a low margin business. Think again!
Let’s look at an under reported area impacting the maritime and port “converged security” area overlooked from a cyber perspective. It is understandable within an industry culture of tangible “hands-on” equipment, that cyber “1’s and 0’s” is neglected: ICS (Industrial Control Systems) and SCADA (Supervisory Control and Data Acquisition). ICS-SCADA is a general term describing industrial automation systems responsible for data acquisition, visualization and control of industrial processes, often found in various industrial sectors and Critical Infrastructures – including maritime and port infrastructure. ICS play a critical role in maintaining the continuity of industrial maritime processes ensuring functional and technical safety, preventing large industrial accidents, environmental disasters and financial ruin.
The criticality of control systems in the maritime and port sectors due to the high impact in case of disruption, makes ICS a major target for malicious activities. Based on the ICS-CERT Monitor (part of U.S. Department of Homeland Security), between 2009 and 2014 the number of reported cyber security incidents in the ICS-SCADA area increased more than 27 times. This does not take into account global maritime and port operations impacted by cyber security incidents. At the same time more than half of the incidents (59% in 2013) were aimed at the energy and critical manufacturing sectors and around 55% involved advanced persistent threats (APT). Most ICS-SCADA cyber security incidents stay undetected or unreported.
Getting back to the “So what?” think of the undetected and unknown cyber ICS vulnerabilities within the maritime industry occurring DAILY:
- Compromised ERP (Enterprise Resource Planning hardware/software and cloud system
- Financial data theft and manipulation
- Equipment failure (vessel and port) including GPS, computers and ICS/SCADA
- Falsified manifests and documentation – high and low value cargo theft
- Insurance claims, false resupply claims, market manipulation, environmental issues
- Drugs, smuggling and terrorism threat on the supply chain/cargo
- Physical security breaches (security cameras, security equipment, security access control points)
- Compromised employees and Insider threats
Wapack Labs has discovered numerous ports, vessels and maritime “systems” compromised with malware and key-loggers that are “owned” by the cyber underground in our “Daily Show” reports. Most of the cyber threats are related to financial gain and market (oil/gas) manipulation.
If you or your peers in the maritime/port, transportation, supply chain and energy infrastructure sectors want to change your view from “So what?” to “So how can Wapack Labs help!” give us a call or email to enlighten through our Daily Show reports, Cyberwatch® and Cyber threat Index® to keep your organization financially sound through our Red Sky Alliance Member Information Sharing Portal.