Cyber attacks seem to be a common phenomenon nowadays, as more and more companies experience cyber threat incidents. Therefore, Louis Hur, CEO at NSHC & Shield Consulting co., Ltd. focused on the importance of Operating Technology system penetration test for the maritime industry.
Consequently, as Isidoros Monogioudis, Senior Security Architect, Digital Shadows has previously stated, cyber security has the attraction needed, but for some reason it doesn’t have the appropriate investment.
Based on the report ‘Guidelines on Cyber Security onboard Ships‘, all vessels are experiencing the same types of cyber security problems, equal to other IT systems.
To eliminate these dangers, the new guidelines are focusing on three new areas: Safety Management System, OT risks and supply chain dangers.
The threats vary from physical factors, as pirates, cargo loss, deprivation and stowage, to IoT, embedded systems, and hacking for various cyber assets that are recently being reviewed.
Because of these new threats, companies and organisations in the maritime industry are finding ways to prevent and respond to these threat of control systems of vessels and offshore industrial facilities in advance through Penetration test.
As shown in the infographic above, cyber threats could be prevented with the Red Teaming project, according to which security checks are carried out in the Operation Zone with such a security diagnosis of ports and vessels.
The Red Teaming assessment focuses on providing the company’s security teams with real experience in dealing with cyber attacks in the OZ area, not just IT, while avoiding attacks that damage the company’s actual operating system or business, and using existing and intelligent attackers Tactics, Techniques and Procedures (TTPs) to develop security targets in a variety of ways.
As presented above, physical penetration is conducted by understanding the actual working environment, by transcending security checks on existing technology areas, and attacks on internal staff, including ship officers, who work on land and sea using social engineering hacking.