Mr. John Varvaresos
Sales Director – Enter Consulting
Mr. Varvaresos, could you please give us your view on the challenges the Maritime industry faces in our days?
First of all, I believe that, being one of the premium business sectors and essential pillars of the Global Economy, which enjoys excellent attention from an increasingly sensitive society, the Maritime industry needs to operate in a transparent, socially responsible, and environmentally friendly manner.
COVID-19 outbreak has created unprecedented conditions and dramatic changes in our daily life and the way we conduct business. All businesses need to adapt to the requirements of this new reality.
Furthermore, the Maritime industry is currently going through a significant digital transformation process, whose fundamental characteristic is the convergence of Operational and Information technology. This process brings substantial benefits and opportunities for growth. It also introduces a wide array of new and potentially significant threats, which the shipping industry must tackle.
Could you please give us some examples about these threats?
Like all other lines of business, the shipping industry is vulnerable to cybersecurity attacks.
In 2017, one of the world’s largest shipping companies (MAERSK) fell victim to a ransomware attack (NotPetya), which resulted in a $300million loss. It’s worth noting that no data breach or data loss occurred during this incident (which would have dramatically increased financial damage).
Also, in 2017, UK-based shipping firm Clarkson was involved in a major data breach incident, which resulted in the loss of vast amounts of information related to privacy.
The particular and complex structure of the shipping supply chain dramatically increases business risk. Cyber-attacks on vessels, ports, or headquarters can cause delays in distributing the essential goods transported.
Additionally, to ‘classic’ cybersecurity business-related risks, vessels are potential targets of particular attacks that could cause grave results upon life, property, or the environment.
By tampering with vessel navigation information, attackers could cause onboard systems to believe that they are far away from their actual locations, possibly steering vessels into unsafe waters, areas controlled by pirates, or in a collision course with other vessels.
The maritime industry magazine Safety at Sea has described such a case, in which a cargo vessel traveling from Cyprus to Djibouti had lost control of its navigation system for approximately ten hours (preventing the captain from maneuvering), to steer it into a territory where it could be taken over by pirates and robbed.
Given the rapid developments on the Internet connectivity / IoT field, additional security threats arise: Something as simple and seemingly innocent as a ‘smart‘ device (such as a Wi-Fi enabled lightbulb) could be exploited for exposing a vessel’s internal network credentials and act as a ‘back door’ for intruders.
Given the widespread adoption of portable storage devices such as USB flash drives, viruses and other malicious code can be brought inside a vessel either by professionals performing maintenance and upgrades on systems or by a vessel’s crew.
Business Losses caused by cybersecurity-related incidents can be disastrous for any business, and the shipping business is no exception. Aside from potential damage of reputation and a decrease in shareholder value, shipping companies risk losing future business and getting involved in legal battles, sustaining cargo loss, and high costs for repairing damaged IT and OT systems. In worst cases—involving accidents— a vessel, its crew, and its cargo might be lost, and damage to the environment could be caused.
Which should – according to your opinion- be the response of our industry to these threats?
Cybersecurity protocols on vessels need to be updated and include investment in training for cybersecurity issues, encourage safe passwords and strong password managers, and ensure all IT systems onboard are regularly updated and aim to utilize two-factor authentication whenever possible.
Corporate / HQ cybersecurity systems need to address many diverse computing platforms from a single source in a homogeneous way and in a brief timeframe, without impact or disruption of business.
Due to the particular nature of business on vessels at sea, the issues related to connectivity need to be seriously considered. One cannot depend on continuous connectivity to the Internet/cloud. Many security solutions perform as expected in highly available and fast Internet connections. Still, their functionality severely deteriorates or ceases in low-speed or unavailable connections.
It becomes evident that shipping companies need to have cybersecurity systems on board that are on par or better than those of their onshore counterparts.
CyFIR Enterprise is the perfect solution for addressing all the concerns mentioned above.
What is CyFIR and how can it help the Maritime Industry navigate through the stormy waters of cyber threats?
CyFIR is a powerful forensic investigation and incident response platform.
It allows cybersecurity teams to forensically examine any CyFIR-enhanced computing endpoint immediately, without interfering with or disrupting the work being done on that computer by its user.
Using a remote CyFIR Investigator terminal, located inside the same building or in another continent, a security analyst can immediately act to respond to a cyber attack, an internal threat, or a request from legal and regulatory authorities.
Unlike other solutions in the market, CyFIR can search thousands of computing endpoints simultaneously, regardless of whether the endpoints are located on vessels at sea or located at company offices / HQ.
Security personnel receives responsive information from each CyFIR-enhanced endpoint, even over low-bandwidth connections such as FleetBroadband (FBB).
It is possible because of CyFIR’s unique architecture, designed to exchange only minimal amounts of information to and from remote endpoints. All forensic processing is done (when requested) at the computing endpoints because CyFIR’s Smart Agents have built-in forensic processing capabilities.
This allows security operators to receive near real-time feedback in order to respond to an issue quickly. Importantly, CyFIR’s monitoring mechanism is always on, even if Internet connectivity is unavailable for periods.
CyFIR’s unique capability to remotely monitor, access, and search large numbers of endpoints simultaneously makes CyFIR a very powerful weapon in a company’s cybersecurity arsenal, as it enables one cybersecurity professional to handle what would need the work of an entire team using traditional methodologies and tools.
CyFIR supports Windows, Mac, and Linux based systems, with one application, providing results to the operator in a single view, thus reducing the need for time, budget, and the lack of qualified human capital.
CyFIR Enterprise platform enables security operators to:
- enjoy full Add-on SoC Services – Continuous 24×7 Monitoring
- monitor the fleet and HQ at the same time using a unified graphical view
- receive alerts about possible threats on CyFIR-enhanced endpoints through a central dashboard
- Initiate incident response procedures instantly upon determining the presence of a threat
- forensically investigate a computer to determine potential insider threat, data exfiltration, data corruption, or compromised control, without disrupting the business use of the computer, quickly and quietly
- actively work against threats, optionally assisted by CyFIR’s automated malcode recognition capabilities from the CyFIR Intelligence Network
- review computing devices to ensure they meet legal or regulatory requirements
- minimize bandwidth requirements for communication with CyFIR-enhanced endpoints at sea, by transferring only required metadata from vessels to Headquarters
- utilize near-real-time monitoring and incident response capability without additional investments in systems and hardware
- provide reports to high-level stakeholders (using the optional CyFIR Intelligence and Analytics dashboard), enabling them to obtain an overview and assessment of the company’s cybersecurity effectiveness and/or vulnerability, and
- arrange for cyber insurance through the Lloyds of London market via Ridge Global.
How does CyFIR contribute to addressing the challenges imposed by COVID-19 pandemic?
The outbreak of COVID-19 has dramatically changed the ways all businesses operate.
The Maritime Industry’s precise nature (with operations distributed worldwide and in many cases in remote or unreachable locations) creates additional challenges.
Traditional Incident response (IR) approach often calls for a team to fly to an incident location, work on-site to obtain disk images of computers, and then fly back to their corporate offices for analysis.
- This approach (aside from the obvious costs and difficulties of transportation to and from the incident location due to travel restrictions) exposes IR team members, employees working on-site (e.g., a vessel’s crew), and those working corporate offices to potential contamination.
- On the corporate front, to limit the possibility of spreading the virus, businesses ask employees to work from home. Even with strict corporate access policies in place, computing resources ‘in the wild’ are not as well-protected as those inside the corporate network perimeter. When employees work remotely, they might also be exposed when they use their own personal/home laptops. These computers are subject to their home network potential vulnerability. They might be shared with other users at home, to be used for content downloading from untrusted sources or even to access compromised web sites. This puts significant stress on corporate IT security teams. They need to respond to significantly increased demand for connectivity requests from diverse systems and locations.
CyFIR is perfectly positioned to address all of these challenges:
It’s unique architecture, and features allow for fully remote execution of critical tasks by the security operators, accessing and examining vast numbers of company (CyFIR Smart Agent-enabled) computing assets simultaneously.
Regardless of their location – inside or outside of the corporate firewalls, security operators may obtain necessary information with forensic fidelity without disrupting work.
Information is presented in a user-friendly, unified graphical view, providing company security center operators with a continuously updated, ‘helicopter’ view of corporate security status.
Thus, it eliminates the need to deploy physical security teams to incident locations (and the related risk of COVID infection and spreading), reduces costs, and provides the corporate I.T center with the ability to deal with the security risks arising from the surge of connection requests from Teleworkers.
About Enter Consulting
Enter.gr, a company founded by highly experienced executives, offers solutions to businesses involving the best content management, data availability, and cybersecurity packages. These areas are supported by Enter.gr’s IT services that can consult and support enterprises so that they utilize software solutions to the maximum extent. Enter.gr represents top platforms, in particular the award-winning offerings by M-Files, StorageCraft, and CyFIR.