Riviera – Opinion – The cyber-security implications of IMO 2023 | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware

What are OT systems and what cyber-security challenges do they add to the maritime industry?

Operational technology systems are used to control and monitor the operation of a vessel; they can include bridge and engineroom systems like radar, electronic chart display and information systems, automatic identification systems, engine monitoring and cargo monitoring. These systems are critical to the safe operation of vessels and need to be highly secure to prevent cyber attacks. However, OT networks face unique cyber-security challenges that make them more vulnerable to attacks.

Legacy systems

One of the biggest challenges with OT networks is that many of these systems were designed decades ago and were not built with cyber security in mind. These systems may have outdated operating systems, applications and protocols that are vulnerable to attacks. Moreover, many of these systems cannot be easily updated or replaced due to their critical nature or the cost involved.

Insufficient authentication and access controls

Authentication and access controls are essential to prevent unauthorised access to OT networks. However, these controls are often not implemented correctly in OT networks. For example, passwords may be weak or shared, or access controls may not be enforced properly. This makes it easier for attackers to gain unauthorised access to the network and carry out attacks.

Lack of visibility and monitoring

OT networks often lack proper visibility and monitoring, which means that administrators may not be able to detect security breaches or anomalies in the network. This makes it difficult to respond to incidents quickly and effectively. Moreover, many OT systems were not designed to generate logs or alerts, which makes it even more difficult to monitor and detect attacks.

What are the cyber security risks associated with IMO 2023?

The new technologies on board vessels required to meet the IMO 2023 efficiency standards generally require more integration between OT systems within a vessel and from those systems to cloud-based infrastructure. This can increase cyber security in the following ways:

  • Increased attack surface
    The need for real-time data flows and connections between vessel OT systems requires those systems to be more connected to shore-based systems. This will increase the potential attack surface for cyber threats as vessels’ OT systems will be more exposed to other systems within a vessel, and to external networks and cloud-based infrastructure.
  • Supply chain attacks
    Supply chain attacks are a growing concern across industries, as they become increasingly reliant on technology to manage their operations. A supply chain attack occurs when an attacker infiltrates a third-party vendor or supplier and uses this access to gain entry to the target organisation’s systems. For example, an attacker might target a software vendor that provides a critical system on a vessel, such as a cargo tracking system. Once the attacker has gained access to the vendor’s systems, they can use this access to plant malware or gain access to the vessel’s systems.
  • USB devices
    USB devices have become ubiquitous and are used extensively in the maritime industry, especially for moving data to and from segmented environments. However, they also pose a significant cyber-security risk to OT networks. USB devices can introduce malware, viruses and other types of malicious software into OT networks if not used properly. This is why USB device hygiene is crucial for the cyber security of OT networks.

What is network segmentation and why is it important?

Network segmentation is a critical security control in OT systems. Network segmentation refers to the practice of dividing a network into smaller, separate parts, each with its own security controls. In OT systems, network segmentation is of particular importance for several reasons:

  • Minimising the attack surface
    Segmenting an OT network can help to minimise the attack surface of the network by reducing the number of devices that are accessible from any single point. By breaking the network into smaller segments, it reduces the number of systems that could be accessed by an unauthorised user.
  • Limiting the scope of an attack
    If a cyber attack does occur, network segmentation can help to limit the scope of the attack. By breaking the network into smaller segments, the attacker’s access is limited to that segment only. This can help to prevent the attacker from moving laterally across the network and gaining access to sensitive systems.
  • Reducing the impact of a security breach
    Even with the best security controls in place, security breaches can still occur. Network segmentation can help to reduce the impact of a security breach by limiting the damage that can be done.

How do we address the increased cyber-security risks coming out of IMO 2023?

  • Increased attack surface
    To mitigate the risks of an increased attack surface, shipping companies need to implement robust cyber-security measures in their OT environment. Network segmentation, access control and intrusion detection systems are essential to ensure OT systems are secure and resilient. Shipping companies must also ensure their OT systems are regularly updated and patched to prevent vulnerabilities from being exploited.
  • Supply chain attacks
    To mitigate the risk of supply chain attacks, shipping companies should carefully vet their third-party vendors and suppliers. This includes conducting regular security audits of these vendors and ensuring they are following cyber security best practices. Vessels should also implement network segmentation to limit the damage an attacker can do if they gain access to the vessel’s systems through a third-party vendor.
  • USB device hygiene
    Shipping companies should prohibit unapproved USB devices from being used on the OT network. This can be achieved by locking down USB ports on systems or by implementing USB access control policies. Vessel crew should also scan USB devices for malware before allowing them to be used on the OT network. This can be achieved by implementing antivirus software on all systems on the network or by using specialised malware-scanning tools designed for USB devices.
    Finally, organsations should implement USB device usage policies that specify how USB devices should be used on the OT network. These policies should cover topics such as how USB devices are approved for use, how they should be scanned for malware, and how data should be encrypted on USB devices.


Click Here For The Original Source.

National Cyber Security