Live Superyacht Cyber Security Event
Infosec Partners recently streamed a live superyacht cyber security event named ‘Don’t Miss the Boat!’ from Shepperton Studios in Surrey.
The primary aim of this event was to educate superyacht owners, captains and yacht management companies about advanced cyber security threats and how best to combat them.
Superyacht Cyber Security Event
This event was planned as the International Maritime Organization prepares to implement their new cyber security regulations. The IMO has outlined that by 1st January 2021, all vessels over 500gt must demonstrate that they have addressed the cyber security threat and have a clearly defined cyber risk management plan in place.
The event was hosted by double olympic yachting champion and presenter Shirley Robertson OBE and featured several guest speakers, including Patrick Grillo from Fortinet, Gary Cumming a superyacht ETO AVIT Engineer, Simon Brownhill an IMO maritime consultant and certified cyber auditor.
Mark Oakton, Security Director at Infosec Partners and founding member of the 360 Maritime Security Alliance, spoke in detail about the current state of maritime cyber security, the impending IMO cyber requirements and its rapidly approaching deadline and the onboard IT/OT environment. In addition, the recommended levels of protection for optimal vessel security and how the current levels of protection on yachts compared to other environments is very low and very concerning within an industry populated with ultra-high net worth individuals and high value assets.
Patrick Grillo a Senior Director at Fortinet spoke about Fortinet’s experience within the maritime industry and how it is essential that systems on board are segmented to allow the secure operation of both the IT & OT environments. By using the Fortinet Security Fabric the same technologies can be used to manage the segmented IT/OT environments securely and in fact make the process easier to manage without reducing overall security posture. Patrick highlighted the importance to find and repair the unknown threats in existing systems before the hackers can – this can be achieved with help from the Fortinet fabric based deep analysis for zero-day attacks and by having expert cyber consultants such as Infosec Partners monitoring the environments 24/7 for threats.
Introducing The 360 Maritime Security Alliance
The 360 Maritime Security Alliance is an amalgamation of three industry leaders, each with equal experience and expertise in their respective domains: Physical, Electronic and Cyber Security. Using intelligence led risk analysis we are able to provide robust and innovative security solutions together with comprehensive advice on every aspect of physical, electronic and cyber maritime security. We consider the unique safety and privacy requirements of each individual client and in turn provide an integrated, tailor-made, cost-effective security solution.
Pete Murphy, CEO of Priavo Security and member of the 360 Maritime Security Alliance, spoke about the links between cyber security and Priavo’s risk management approach to physical protection, anti-piracy, insider threats and ship to shore operations. He also spoke about his personal experiences in the military; how it is imperative to think like an attacker in order to protect your assets from today’s evolving, blended threats targeted towards superyachts. Pete explained the importance of having expert cyber systems covering physical controls and the confidence that the collaboration with Infosec Partners brings.
Alan McCormick, Major Projects Manager at Halo Group Security and electronic expert for the 360 Maritime Security Alliance, spoke about the close links between cyber security and the importance of secure networks for the operation of his electronic technology solutions. These hi-tech solutions include drone & UAV detection, defence and interception devices, remote control of tender vessels, surveillance UAVs for safe navigation and patrol, long-range CCTV for early detection and ID of incoming threats. One of the biggest concerns is that the more high profile the individuals are, the greater the risks and threats to the vessel become.
The event demonstrated live attacks on both an existing superyacht legacy security network and a secure system built around a reference security architecture, using the power of the Fortinet Security Fabric of Controls.
The demonstration included a Wi-Fi attack in which Infosec Partners’ consultants spoofed the SSID of a Yacht owner’s network. During the test, traffic was intercepted en-route to the internet which exposed sensitive information such as images and URLs visited. It was quickly demonstrated how DNS tunnelling can allow the control and exfiltration of data from a compromised endpoint. This was all made possible due to an insecure legacy firewall architecture that is widely used across the maritime industry. The same attack technique was deployed against a FortiGate firewall and was successfully blocked at each attempt. Finally there was a demonstration of the security fabric in action; showing how perimeter, SIEM and endpoint can be controlled from a single pane of glass control system and applied across the entire environment in seconds.
Gary Cumming, an ETO engineer on a private superyacht, highlighted that you will most often find that security choices are based on the recommendation of the ISP or SATCOM provider, or chosen purely because of its ease of use and GUI. The actual security benefits of each of the recommended security solutions are rarely mentioned as a determining factor in product selection. He also highlighted that most IT/AV staff still only have partial access to and responsibility for the OT systems onboard; as they are mostly managed by multiple external parties and often have known vulnerabilities that are not patched.
Simon Brownhill, an Ex-Royal Navy Weapons Engineer and Cyber Expert with over 25 years of experience, spoke about how he thinks the IMO will be looking for evidence that risks are being adequately managed. These risks will need to be identified, threat actors and scenarios assessed, counter measures designed and deployed, and risk reductions calculated. He also stressed that the use of experienced and seasoned cyber security professionals is critical to the rapid and accurate deployment of good security practices.
In summary, Mark talked about design principles for cyber in the maritime sector, he explained that the maritime sector is not that different from other industries and there are standard architecture templates that can be used across all IT/OT onboard systems.
Infosec Partners offered a free of charge Cyber Threat Assessment to all live viewers of the event
Cyber Threat Assessment
Secure network architectures require constant evolution in order to keep up with the today’s advanced cyber threats. These advanced threats are primarily designed to avoid detection, bypass traditional firewalls and evade traditional detection tools.
Our cyber threat assessment provides detailed information of these threats, attacks, and other critical data collected from the superyachts live operating environment and should help you understand your vessel’s current security posture. Assessments can either be carried out from onboard the vessel or from the management company’s land based offices.
Discover security risks and security breach probability:
Which application vulnerabilities are attacking your network, what malware/botnets are being detected, and which systems and devices are most at risk.
Productivity & increased application visibility and control:
Which peer-to-peer, social media, instant messaging, and other apps are running, as well as what spam, newsletters or adult content is potentially threatening your email.
Network utilisation and performance:
Get a clear understanding and measure of your throughput, session, and bandwidth usage requirements during peak operating hours for the network, email system and other mission critical applications.
Claim Your Free Cyber Threat Assessment
Our free cyber threat assessment will help ensure that you aren’t relying on legacy systems that are no longer effective against today’s sophisticated cyber attacks that are now occurring across multiple vectors. We provide a far deeper analysis of existing or possible threats with a clear assessment of risks to the yacht’s environment.
To get your free superyacht cyber threat assessment email ctap@infosecpartners.com
