As cyber security, and specifically cyber threats, are becoming more imminent worldwide, the shipping industry gets affected as well. In order to help understand some of the basic terminology of cyber-attacks, the Korean Register of Shipping explains what five key cyber terms mean.
1. OT (Operating Technology)
This is hardware and software that detects or causes a change in physical processes through direct monitoring or control of physical devices such as valves, pumps, and etc. OT systems on board ships include propulsion, power generation and distribution, steering, navigation, communications, and cargo operations systems.
2. Zero-day threat
This is a technical security threat that leverages vulnerabilities in computer software. It is an attack that takes place when a patch for the vulnerability is not developed yet. A 1-day vulnerability is an attack that happens when a patch has been released but has not been applied because of validation and various reasons.
3. Brute Force Attack
In order to obtain an account for a user, it tries all the character combinations of usernames and passwords by repetitive manner until the user’s account are matched to get the account information.
[smlsubform prepend=”GET THE SAFETY4SEA IN YOUR INBOX!” showname=false emailtxt=”” emailholder=”Enter your email address” showsubmit=true submittxt=”Submit” jsthanks=false thankyou=”Thank you for subscribing to our mailing list”]
If a password has a specific pattern, such as a user password, the range of values to be assigned can be greatly reduced. In such a case, a dictionary attack is used in which dictionary words are combined and assigned. Thus, it is crucial to make password patterns irregular and not to be linked to personal information.
4. Session Hijacking
This is an attack that intercepts the connection state of the attacked object already connected to the system and accesses the system. It also uses resources or data without knowing the ID and password.
5. Rogue AP
Rogue access point is a wireless access point installed in a secure network without the explicit permission of the local network administrator. In a corporate wireless LAN environment, proper regulation is necessary, as an external user or an illegal intruder can access all resources with the same qualification as an internal employee through a wireless AP.
