Cyber Security: Threat & The Maritime Environment Cyber Security: now byting the maritime industry

Cyber Security: Threat & The Maritime Environment Cyber Security: now byting the maritime industry

Templar Executives NIAS 2007 DHR 2008 IAMM 2008 1 st CSS 2009 2 nd CSS 2011 Advising Government & Industry National Information Assurance Strategy; Data Handling Report; Information Assurance Maturity Model; National Cyber Security Strategies; MOD Information Assurance Strategy; MOD Information Assurance Programme; Government Information and Communications Technology Strategy: creation of the Office of the Government Senior Information Risk Owner and the Senior Cyber and Risk Assurance Board. Picture Source: https://www.gov.uk MOD IAS 2009 MOD IAP 2010 Action 25 2012 OGSIRO FTSE 100s 2013/14/15 MOD

Templar Footprint

What does Cyber Security Mean to You?

Why Cyber Security is Important There is an ever increasing dependence on technology and information is the lifeblood of organisations; Information is a critical asset for any organisation and needs to be both protected and exploited; The threat is increasing and is more diverse in nature malicious and non-malicious human behaviour is a key weakness; It is essential that every organisation understands and mitigates these risks as well as embedding a strong information security culture.

Why Cyber Security is Important There are now three certainties in life: Death; Taxes; And a foreign intelligence service all over your systems. - Director of Cyber Security, The Security Service MI5, June 2013

Our Increasing Reliance on Cyber In 2015, 3, 144,203, 400 people across the World access the internet every day, 2 billion more than in 2005, when directly comparable records began; Access to the internet using a mobile phone grew by 5.1% to 4.55 billion users in 2014; 74% of all adults bought goods or services online in 2014, up from 53% in 2008; UK online shoppers are to spend an average of 1,174 each in 2015, up from 9.6% in 2014; In Great Britain, 22 million households (84%) had Internet access in 2014, up from 57% in 2006. Fixed broadband Internet connections were used by 91% of households. Source: ONS Aug 2014

Information Layer: there are now no boundaries We are here! We are here! icture Source: http://en.wikipedia.org/wiki/file:internet_map_1024.jpg

Threats THREATS TYPES OF THREATS HUMAN FACTOR SOCIAL ENGINEERING PHISHING & SPEAR PHISHING MALWARE CYBER TERRORISM MALICIOUS CYBER WARFARE CYBER ESPIONAGE PEOPLE INTERNAL EXTERNAL NON-MALICIOUS PEOPLE ENVIRONMENTAL HAZARDS CYBER CRIME HACKTIVISM

Type of Insider Incident Unauthorised disclosure of information; Process Corruption; Facilitation of third party access; Physical Sabotage; Electronic or IT Sabotage.

Maritime Physical Security BMP4/ISPS Code Best Management Practices for protection against Somalia based piracy Suggested Planning and Operational Practices for Ship Operators and Masters of ships transiting the High Risk Area

Contributing Factors Cloud Capability The ability to connect and to synchronise multiple devices over a network. Cost savings vs. Social vs. Security. Professional. Sharing documents. Personal devices.

Threats THREATS TYPES OF THREATS HUMAN FACTOR SOCIAL ENGINEERING PHISHING & SPEAR PHISHING MALWARE CYBER TERRORISM MALICIOUS CYBER WARFARE CYBER ESPIONAGE PEOPLE INTERNAL EXTERNAL NON-MALICIOUS PEOPLE ENVIRONMENTAL HAZARDS CYBER CRIME HACKTIVISM

Cyber Terrorism The use of network based attacks (including the Internet) in terrorist activities, including attacks that lead to physical sabotage and acts of deliberate, large-scale disruption of computer networks.

Cyber Warfare Actions by a nation-state to penetrate another nation's computers or networks for the purposes of causing damage or disruption.

Cyber Espionage Obtaining information from individuals, competitors, rivals, groups or governments for personal, economic or other advantage using illegal exploitation methods on information and communications technology.

Cyber Crime Any crime that involves a computer and networks, executed through ICT.

Hacktivism Online activities that promote ideological, religious or political views, usually without direct financial gain to the perpetrator.

Threat Implications Business disruption; Incident response cost; Financial loss; Damage to reputation; Contingency planning; Fines, legal and/or regulatory issues.

The Next Cyber Playground AIS Hack

ACME SHIPPING EMPORIUM

DROP BOX Threats on your door step LIVE FEED OF SHIPS IN ARABIAN GULF UNSECURED WIFI UNLOCKED SAFE ACCESS PASS POSITION, COURSE AND SPEED OF SHIPS CONTRACT DETAILS FOR PARTNERSHIP DRAFT MANIFEST IN THE BIN LAUNCH DETAILS

ECDIS Last year, a research team from software security consultants NCC Group discovered several weaknesses within an ECDIS demo product, which enabled them to access and modify ECDIS files and insert malicious content. If exploited in a real scenario, these vulnerabilities could cause serious environmental and financial damage. Yevgen Dyryavyy, security consultant at NCC Group, said that access to ECDIS on vessels is somewhat restricted, but this should not be used as a sole defence mechanism. An ECDIS could still be accessed through a USB stick or an online chart update or even sensor compromise or other systems that's connected to the vessel s local area network. - https://www.nccgroup.trust/uk/about-us/newsroom-and-events/news/2014/august/cyberattack-threat-intensifies-in-marine-sector/

Connectivity NCC Group; Preparing for Cyber Battleships Electronic Chart Display and Information System Security; 2014

A Doomsday Scenario?

Sign up for our regular newsletter: enquiries@templarexecs.com Tel: +44(0)844 443 6243 83, Victoria Street, London, SW1H 0HW. http://www.templarexecs.com @templarexecs.com