Howard Hughes, Chief Technology Officer, Tototheo Group, presented the current “Cyber Security Trends” noting that even the name has been changed over the years; formerly it was known as IT Security, or to some, just the use of a Firewall. Whatever the name, the seriousness of the subject has intensified. Now with everyday access to the internet and social media, propagation of misinformation and harmful contents can be passed around with great ease, he added. A Firewall is no longer the total solution. In his presentation, Mr. Hughes covered the activity in the world of cyber security for the past 12 months, and investigated how this has affected the maritime world.
Like fashion, Cyber Security has evolved massively over the years. From what is now seen as the very basic “Phreaking” from 50 years ago, it rapidly evolved into a massive business that incorporates all matters from Denial of Service attacks, to obtaining personal or corporate information. Often viewed in the past as a subject that only banks or big corporations had to concern themselves about, currently, a simple access to a private network has evolved into swaying opinion and shutting down networks and factories.
We don’t need to go far back to see the state of malicious behavior on the internet. In 2016, the following cases were reported:
- iPhone hacked by FBI
- The financial messaging system SWIFT/Bangladeshi Bank – Investigation found no real Firewall and second-hand cheap Ethernet switches. Incident only discovered by a spelling mistake!
- Trump organizations using insecure and unpatched systems
- LinkedIn compromised for the second time
- Tumblr loses 65 million accounts
- MySpace – 427 million accounts stolen
- AdultFriendFinder.com: private data from 400 million accounts were made available
- UK communications firm TalkTalk hacked users resulting in £400,00 fine
- NSA hacking tools were stolen
- 50 Terrabytes of classified documents stolen from NSA
Last year’s US Presidential Campaign highlighted a couple of interesting things in terms of security. Firstly, an email scandal broke out with the use of an insecure email server by the office of Hillary Clinton. Little is known to the damage that has been done, but, it did highlight the need for both security and encryption when secure communication is required. Secondly, there was an alleged hacking into the Democratic National Committee (DNC) Headquarters. Regardless of reason or source of the compromise, my questions are: How easy was it to do? There is a suggestion of vote rigging – one that has existed for some time – what other consequences exist? No matter of political persuasion, this generates – or confirms – a general distrust of political activity, one that was already delicate. However, not all compromises are to obtain information but also for disruption. Distributed Denial of Service (DDoS) is one of the most common forms of attack. These attacks are so frequent that there is a live map of DDoS attacks that anyone can watch. DDoS may not affect your data, but will affect your consumption and speed.
The example of Stuxnet malicious computer worm shows how serious the danger can be. Stuxnet was designed specifically to work on embedded Microsoft OS in a PLC (Programmable Logic Controller) and only when using the Siemens software – which happen to run Plutonium centrifuges amongst other things. The code specifically told the centrifuges to speed up and destroy themselves, while producing nominal telemetry for the operator to observe. What was significant about this worm was its ability to do nothing until it found a match – seek and destroy. PLC’s like these in question are separate from any LAN so, didn’t use email or internet. This worm was spread across what is known as the “air gap” by removable media – USB flash drives. Infection was placed at one or more of the engineers PC’s that were connected to the internet. Then sit back and wait until unwitting user contaminated a drive, then took it to work. If the worm found itself on any other type of hardware/software, the effect was minimal. A large percentage of people had the infection but, didn’t know. A much discussed controversy about the worms origins; belief was the NSA. Due to the slow nature of its effect, it is believed that the worm was modified by another agency which promptly started the worldwide infection which was beyond the original scope. The Code was discovered by a user in Belarus.
The example of the Japanese tech firm Trend Micro illustrates that the danger applies to shipping as well. The firm compromised AIS data over a period of time, creating fake traffic and exposing the ability to access it easily. It took a while for someone to spot a passenger ship sailing back and forth between the US and North Korea.
Compromise of a ships network could be worse for safety. ECDIS being on a separate IP network is not sufficient enough to protect. A lot of NMEA streams are in plain text, thus it wouldn’t be hard to put something malicious in the data stream.
No action now, will result in a larger mountain to climb at a later date, or after data has been compromised. Costs could be higher as well.
Recommended actions
- Understand it will take time
- Education is key
- Education to the users
- Simplicity on the surface
- Simple to maintain
- Be proactive, now is the time
Steps to move forward
- Plan for disaster recovery
- Regular backup of essential data
- Create a policy, stick to it!
- Ensure ECDIS/Bridge protection
- Plan a rollout and take time
- Incident management
- Consider removable media
Above text is an edited article of Howard Hughes presentation during the 2017 SMART4SEA Conference & Awards
You may view his video presentation by clicking here
The views presented hereabove are only those of the author and not necessarily those of SAFETY4SEA and are for information sharing and discussion purposes only.
[divider]
About , Chief Technology Officer, Tototheo Group
Howard Hughes has taken the role of Chief Technology Officer for Tototheo Group in Cyprus. Prior to working with Satellite Communication, Howard has over 12 years working in IT and Telecommunications. He has worked with diverse and leading companies, providing engineering and Project Management expertise. Passionate about communication, it was a natural step to work with leading Satellite Communication provider, Inmarsat. During his 10 year tenure, Howard took the advantage of his knowledge to provide training, solution design, product management and service development, with the latter focussing on Inmarsat’s ground breaking Global Xpress product. Howard now divides his time between the UK and Cyprus.
