Think back to the last time you stood on the shore, enjoying the brackish breeze gently caressing your skin, and the sounds and smells of the sea. You may have noticed a tall ship in the distance. Have you ever thought about all the moving parts that contribute to these “floating cities”? Beyond the logistics of going to sea, a ship contains an impressive array of communications devices and capabilities. Whether that ship is in port or 500 miles from shore, the ship is never without communication.
So many moving parts
There are often over 150,000 ships at sea in a 24 hour period. To add some perspective, that’s three times the average number of planes tracked by the Federal Aviation Administration on any given day. When combined, all ships at sea form one of the largest mobile communication networks imaginable. As is often the case with a security mindset, this level of complexity creates great challenges.
A ship is capable of short-range ship-to-shore communication through the use of traditional land-based radio or shore stations, and when far out at sea satellite communication is used. To add to the complexity, there are more than ten satellite companies that provide maritime communication services. The international scope of maritime communications is governed both by multinational organizations and by advisory organizations such as the International Telecommunication Union (ITU).
The New Cannonball Vulnerability
It’s easy to think that these impenetrable shells are immune to security issues. After all, they look a bit like an isolated island, far removed from our landlocked security concerns. However, maritime vessels are under threat, both physical and virtual. In the event that physical criminals increase their technological skills, the results for a fleet could be devastating.
Until a few years ago, the idea of high seas pirates was something most people thought existed in age-old tales of rum-soaked hooligans. However, when a recent US president ordered the execution of a hacker, we all recognized that this is a problem that still exists today. Maritime pirates remain a threat, and if they join the cybercrime industry, they could use the technology to disrupt both normal communications and a target vessel’s distress signals.
Another threat to the shipping industry is drug trafficking. Communication disruptions can foster the illegal drug trade and can also disrupt the delicate balance of the supply chain. As recently demonstrated, a node in the supply chain can wreak havoc on a global scale.
Sea attacks are nothing new. At least two of the world’s largest shipping organizations have suffered a ransomware attack. These attacks, as well as other cybercrimes, were launched using phishing scams. Although attacks have been used to compromise operations ashore, it is not unreasonable to assume that a ship’s onboard network could also be affected, leaving a vessel in a dangerous state. However, there is currently no hard evidence that electronic paralysis of a ship has ever occurred. What has happened in some parts of the world is that Global Positioning Systems (GPS) have been tampered with, affecting navigation as well as communications.
Better monitoring of all ships
Fortunately, proposed improvements in maritime communications protocols, along with similar technologies to better track vessels, are being developed to provide more unified views of locations and messages. Along with this, regulators are also working to improve communications by strictly defining radio frequencies for maritime communications.
How Tripwire can help you
The complexity of modern maritime operations makes them vulnerable not only to phishing-based account compromise, but more importantly, to unnoticed configuration changes. Tripwire is uniquely positioned to help secure maritime operations by providing the fundamental controls needed to secure communications.
Tripwire helps ensure that all IT and OT systems are configured securely. This is done by tracking the baseline configuration of a system, measuring it against a hardening standard, and providing remediation guidance to ensure the system is configured safely. The Center for Internet Security benchmarks are an example of a hardening standard. This process is known as security configuration management. It is commonly practiced on traditional computer networks and is also a good best practice for maritime devices.
Ransomware attacks modify critical system files to lock administrators out of those systems. Tripwire monitors changes in real time and can help differentiate between a good change and a bad change, or an authorized or unauthorized change. When an unauthorized or malicious modification is detected, an alert and incident workflow can be triggered so that appropriate action can be taken to reduce cyber incident exposure.
Finally, attackers always try to exploit a vulnerability in the system to gain unauthorized access. Tripwire’s solutions can monitor IT and OT device vulnerabilities, prioritize vulnerabilities that would have the greatest impact on critical network devices, and provide remediation guidance to ensure minimal exposure to maritime device risk. With these controls in place, Tripwire can help reduce the attack surface.