Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
DNV GL © 2017DNV GL © 201
Aus Fehlern lernen - Ein risikobasiertes Managementkonzept für den Schiffsbetrieb
1
VHT seminar "Cyber-Risiken in der Schifffahrt" 7. November 2017
DNV GL MARITIME ADVISORY
SVANTE EINARSSON – SENIOR CYBER SECURITY PROJECT ENGINEER
DNV GL © 2017
Safety in shipping today heavily depends on cyber systems
on-shore org.
Information Technology (IT) IT networks
Administration, accounts, crew lists, …
Planned Maintenance
Spares management and requisitioning
Electronic manuals
Electronic certificates
Permits to work
Charter party, notice of readiness, bill of lading…
Operation Technology (OT) PLCs
SCADA
On-board measurement and control
ECDIS
GPS
Remote support for engines
Data loggers
Engine & Cargo control
Dynamic positioning, …
At risk: Mainly
finance
and
reputation
At risk: Life,
property
and
environment
+
all of the above
2
DNV GL © 2017
Cyber security may not be at the top of every fleet managers agenda, but it is probable to climb as issues migrate to OT world
Information technology (IT) Operational technology (OT)
3
Sources: AV-TEST Institute, Germany IBM Managed Security Services - 2016 report“Attacks Targeting Industrial Control Systems (ICS) Up 110 Percent”
2,000
1,000
0
400
600
200
1,200
1,400
1,600
1,800
2,200
2,400
2,600
800
2014 2015 2016
+110%
2013
Attacks on industrial control systems
DNV GL © 2017
WannaCry: Largest ransomware attack to date
4
“The latest count is over 200,000 victims in at least 150 countries”- Rob Wainwright, Europol Executive Director
Known affected organisations:
• Spain - Telefonica, power firm Iberdrola, utility provider Gas Natura and more large firms
• USA - FedEx,• France - Renault,• Germany - Deutsche Bahn • Jakarta- Two hospitals• Russian Interior Ministry• Britain’s National Health
Service, Nissan car plant
DNV GL © 2017
Large money are at stake!
5
DNV GL © 2017
NotPETYA: Heavily impacting maritime industry players
6
“Big hack at Maersk puts Rotterdam's container terminal flat”David Bremmer and Leon van Heel, AD, NL
Arrived via an update to an accounting system in Ukraine (ME Doc)
Spread like a worm from an infected machine
Exploited Windows SMB vulnerability (aka EternalBlue), fix by Microsoft was released on March 14th (MS17-010)
Spreads into the local network using exploits like Eternal Blue and tools like PsExec and WMIC
Encrypts MFT (Master File Tree) tables for NTFS partitions
Overwrites the MBR (Master Boot Record) with a custom bootloader
Shows a ransom note demanding USD 300, same bitcoin wallet
Prevents victims from booting their computer
DNV GL © 2017
Trends
Cyber security threats are progressing and becoming a part of our daily business
Some examples from DNV GL on-board inspections and work with clients:
– Infected ECDIS chart updates cause EDCIS systems of 2 bulk carriers to shut down
– Ransomware on master’s PC leading to loss of main switchboard and loss of vessel operation for 3 days.
– While ongoing routine maintenance, a crew member of a vessel received an email made to look like it was coming from the shore side ship manager asking for system passwords ‘for confirmation’.
– A shipping company suffered a cyber attack in the office directed at the shore-based server. With corrupted data also on vessel as consequence.
7
2010: Drilling rig infected with malware
2011: Pirate Cyber Attack
2012: GPS jamming/spoofing
2013: Hacking of cargo tracking system
2014: U.S. Port hacker attack
2015-16: Significant amount of reported attacks
2017 ++: Ransomware explodes
!
19 days of shutdown – affecting even blow out preventer control system.
Suspected of exploiting cyber weaknesses targeting vulnerable shipments – Exploiting Automated Information System (AIS).
Ransomware attacks on container-ships.
Over 120 ships, including major Asian Coast Guard vessels, experience malicious jamming of GPS signals.
Drug smugglers hacked cargo tracking systems in major European port to avoid detection and get access to goods.
Shut down of multiple ship-to-shore cranes for several hours.
More than 50 cyber security attacks detected in Norwegian energy and oil & gas in 2015.
“WannaCry” virus affecting more than 200.000 users in at least 150 countries.NotPETYAseriously impacting maritime industry.
?
DNV GL © 2017
IMO – present requirements
Cyber Security brought into ISM/ISPS audits
– ISM Code 1.2.1 The objectives of the Code are to ensure safety at sea, prevention of human injury or loss of life, and avoidance of damage to the environment, in particular, to the marine environment, and to property.
ISM Code 1.2.2 Safety management objectives of the Company should, inter alia:
1. provide for safe practices in ship operation and a safe working environment;
2. assess all identified risks to its ships, personnel and the environment and establish appropriate safeguards; and
3. continuously improve safety management skills of personnel ashore and aboard ships, including preparing for emergencies related both to safety and environmental protection.
ISM Code 1.2.3 The safety and management system should ensure:
1. compliance with mandatory rules and regulations; and
2. that applicable codes, guidelines and standards recommended by the Organization, Administrations, classification societies and maritime industry organizations are taken into account
Conclusion: If Cyber Risks exist, the ISM and ISPS Codes contain mandatory requirements.
69
DNV GL © 2017
Impact: Outcome:
Cyber security regulations evolving
MSC 98 agreed that there is an urgent need to raise awareness on cyber risk threats and vulnerabilities
An important part of achieving this would be to consider cyber risk as part of existing safety management systems (ISPS and ISM codes)
MSC 98 adopted resolution MSC.428(98) on Maritime cyber risk management in management systems
The guidelines are not mandatory but Member Governments are encouraged to ensure that cyber risks are appropriately addressed in safety management systems, no later than the first annual verification of the company’s Document of Compliance after 1 January 2021.
9
Cyber risks should be addressed in safety management systems no later than the first annual verification of DoC after 1 January 2021. This is a non-mandatory requirement.
MSC 98 adopted the recommendatory MSC-FAL.1/Circ.3 superseding the interim guidelines
DNV GL © 2017
IMO proposal for new Strategic Plan
Assembly session of IMO, Nov 27th – Dec 6th 2017
Submission of “Strategy, Planning and Reform” with a proposal for a new Strategic Plan for the six-year period 2018 to 2023.
In the submission paper A 30/7 on page 8, para. 28 it is stated/proposed how IMO should handle cyber risks in the strategic direction SD 5:
Shipping operations are increasingly dependent on electronics and digital
technologies and as such are exposed to cyber risks. The Organization
will continue to monitor the issue and encourage a cooperative approach among
Member States and stakeholders.
10
DNV GL © 201711
The weakest linkThreats and vulnerabilities
DNV GL © 2017
Threats can be intended or accidental
36
intentional
unintentional
targeteduntargeted
Malware
Built-in software weaknesses
Spear-phishing
Disgruntled employee
Escaped proof-of-concept, runaway pentest
Falling victim to social engineering
Ransomware
Backdoors
User errorSocial media
DNV GL © 2017
Social Engineering
13
DNV GL © 2017
Just the other day, DNV GL received major phishing attack
14
Note seemingly valid @dnvgl.com sender!
DNV GL © 2017
Fake websites
15
DNV GL © 2017
Three pillars of Cyber Security
Holistic approach for maritime cyber security assessments
Training & Awareness
Professional skills & qualifications
Emergency drills
Authorizations & authentication
Physical Security
Management Systems
Governance Frameworks
Policies & procedures
Vendor/Third party contracts-follow up
Audit regimes
System design
Hardening of connections
Software configuration
Encryption protocols
Jamming & spoofing
Detection & monitoring
People
Process
Technology
17
DNV GL © 2017
Network Security
Example findings on Container, Tanker & Offshore production units
Are firewalls used according to policy?
• Firewall mounted in engine performance monitoring cabinet, but not connected
18
DNV GL © 2017
Physical security and access control
Example findings (continued)
No password change policy, passwords pre-set by shore IT
– Passwords printed on paper and posted on the wall
Checking access control
19
DNV GL © 2017
Physical security and access control
Example findings (continued)
Checking access control
20
DNV GL © 2017
Physical security and access control
Example findings (continued)
Unnecessary Administrator access on engine performance monitoring PC
No automatic lock out, and users stay logged in to workstations, because reporting tasks are so time consuming that they cannot be handled by a single person
Lack of physical security, all equipment in scope is accessible
Weak passwords, e.g. “123”
Checking access control
21
DNV GL © 2017
Network Security
Example findings (continued)
Personal use of company network
– E-mail (bypassing corporate filtering), browsing, and social networking on on-board PCs
4 base functions of on-board firewall disabled, including event-logging & Broadcast storm protection disabled in switches
Limited alarm and event logging
– Security products generate alarms, but there is no central collection or review of events
Lack of Windows patching & hardening
– Windows updated only during major upgrades, i.e. up to 3 years outdated.
– Windows installations configured with standard settings
– Default credentials on networking gear, e.g. switches, routers
15 Anti-virus alarms in a week on sample PC on-board
Network Security checks
22
DNV GL © 2017
Network Security
Example findings (continued)
Anti-virus installed on all hosts: However, no scheduled scans. Last scan in 2014
No monitoring/alarming of network load within Network panel of Alarm server HMI
Alarm servers running unused/unnecessary services
Adequate malware protection not installed on HMI PCs (Alarm monitoring and Engine Performance monitoring)
Alarm overflow: After a certain number, no further alarms can be received
OS security patches ~twice a year (except ship’s firewall)
Unencrypted e-mail communication
Network Security checks
23
DNV GL © 2017
Policies and Procedures
Example findings (continued)
Checks on policies and procedures
No defined policies to follow by associated vendors/service personnel
– Service provider technician uses own USB stick to print reports from on-board PCs
Dedicated USB stick for updating ECDIS, however physically not secured and no malware scanning
Single USB stick policy
– Single USB used to transfer loading condition data to shore via Bridge
– SD card used between camera and on-board workstations
– Gradually all of business network on-board infected
24
DNV GL © 2017
Policies and Procedures
Example findings (continued)
Checks on policies and procedures
All data and configuration backups stored in a single cabinet on-board
All backup HDDs stored in a single rack (together with all IT servers), and not transferred to shore
IT dept. responsible for comm. networks, but Master is responsible on the vessel
– No incident response policy defined. The Master would contact IT dept.
– AIS kept on in piracy area despite policy to switch off: No policy regarding sharing geo-tagged photos
25
DNV GL © 201726
The DNV GL approachHow to manage cyber risks!
DNV GL © 2017
DNV-OS-D203 – Integrated Software Dependent Systems
In Out
28
When welding is introduced to a
structure – how is this process
controlled?
DNV GL © 2017
When cyber physical systems are introduced to newbuild projects – then what?
In OutIn Out
29
DNV GL © 2017
SW lifecycle management model DNV-OS-D203 (ISDS)
30
Four roles:
Owner System integrator Supplier Independent verifier
Three confidence levels:
CL1 CL2 CL3
Lifecycle of five phases:
11 process areas, 119 activities
Basic Engineering Engineering Construction Acceptance Operation
A B C D E
M1 M2 M3 M4 M5
DNV GL © 2017
ISDS Process Areas addressing system emergent properties
1. Requirements Engineering
2. Design
3. Implementation
4. Acquisition
5. Integration
6. Verification and Validation
7. Reliability, Availability, Maintainability and Safety
8. Project Management
9. Configuration Management
10. Process and Quality Assurance
11. Risk Management
The ISDS ranking only focus on the applicable activities that are not already in place
(credit is given for already defined activities)
The ISDS projects only focus on the applicable activities that are not already in place(credit is given for already defined
activities) Bas
ic
Engi
neer
ing
Engi
neer
ing
Con
stru
ctio
nAcc
epta
nce
Ope
ratio
n
31
DNV GL © 2017
End to End from on shore to offshore
Basic Engineering Engineering Construction Acceptance Operation
Closing the gaps at each major milestones
32
Closing the ISDS gaps demonstrates vessel reliability
DNV GL © 2017
Cost of Rework in Fixed Price Project is not Apparent to Buyer, but Delay Is!
Requirements
Design Code Software Test
FAT
(2 mo.)
Commissionin
g(6 mo.)
Rework of Defects
Typically Internal to Supplier
Operation(7 mo. Delay)
Rework Requires Time
LatentCriticalDefects
(HIL)
Start ofReliable
Operation
Assumptions for Business Case: Defects detection and rework follows a Rayleigh Distribution. David Card, Managing Software Quality
with Defects, Crosstalk, March 2003 Rayleigh Distribution is approximated with a Triangular Distribution 7 months delay before operations due to necessary rework on defects based on latest DNV GL study
33
DNV GL © 2017
DNVGL-RP-0496
34
Wha
t
DNV GL © 2017
RP: 14 Iterations with customers from all segments)
35
− Cross industry and cross discipline workgroup− A number of representative external stakeholders
used as reference group− Learning from live cyber security projects− 1000 comments received and addressed from
internal and external cyber security experts− First impression feedback from customers confirm
that the RP is relevant, practical and needed
35
DNV GL © 2017
“Generally very good approach and
description of the requirements”
Gov. agency
“This RP makes a lot of sense”
Shipping manager
“We embrace this approach, thumbs up
for the initiative”Shipping manager
“This RP is absolutely useful in bridging the gap between the IT &
OT* worlds”Shipping manager
“Good overview of the recommended process with
supporting tables, examples, checklists
etc. Overall well done!”
Shipping manager
This RP is a comprehensive document that provides a good
approach to Cyber Security for ICS*“
Shipping manager
*OT: Operational Technology (Automation, Sensors, Industrial Control Systems (ICS)
“Looks really good, best CS guideline out
there”Cruise company
CUSTOMER FEEDBACK
CYBER SECURITY DNVGL-RP-0496
“Outstanding guidance that can be easily understood and
embraced by most organizations”
Flag state
37
DNV GL © 2017
Understanding Cyber Security threats/risks
38
Threat Agents
Threat Agents come in many flavours
DNV GL © 2017
Cyber Organised Crime*Boss
Underboss:Trojan provider and Manager of Trojan Command and Control
Stolen Data Reseller
Affiliation Network
Campaign Manager
Stolen Data Reseller
Affiliation Network
Campaign Manager
Stolen Data Reseller
Affiliation Network
Campaign Manager
Attackers Crimeware Toolkit OwnersTrojan Distribution in Legitimate website
*more organised than some governmental agencies…39
source: EC-Council
DNV GL © 2017
Saudi Aramco caseThe hackers were never identified or caught (that we know of)
On the morning of Wednesday, Aug. 15, 2012, files began to disappear, computers started shutting down. No more Internet, corporate email or office phones. Lengthy, lucrative deals needing signatures had to be faxed one page at a time…Temporarily stopped selling oil to domestic gas tank trucks and after 17 days Saudi Aramco relented and started giving oil away for free to keep it flowing within Saudi Arabia…Representatives flew directly to computer factory floors in Southeast Asia to purchase every computer hard drive being manufactured (50,000 hard drives)…Everyone who bought a computer or hard drive from September 2012 to January 2013 had to pay a slightly higher price for their hard drive…
Social engineering: Gaining understanding of emotional triggers
Who’s interested in a Saudi Aramco breach (9.5 million barrels per day production…)?
Mid-2012, One of the computer technicians on Saudi Aramco's information technology team opened a scam email and clicked on a bad link. The hackers were in
Supply specifically designed Trojan Toolkit
40
DNV GL © 2017
Understanding Cyber Security threats/risks
Nuts & Bolts of a threat scenario :
41
Threat Agents Motivation Capability Physical infrastructure
Opportunity(overlap of Capability and
knowledge of Physical infrastructure)
DNV GL © 2017
Establishing the prioritised action
plan
Determine Consequence
(2.3.2)
Determine Likelihood
(2.3.3)
IT OTIdentify critical systems (2.3.1)
Compare current safeguards with target
(2.3.5) Table 2-7
(Appendix E) (Appendix F)
System type
Determine cyber security risks (2.3.4)
DNVGL-RP-0496: Comprehensive, in depth approach
42
DNV GL © 2017
Understanding Cyber Security threats/risks
Identify critical systems
Rank risks (prioritisation)
43
Remote connection
Physically accessible
Connected and/or integrated
Requiring software updates Ease of Access
X - - - Medium
X - - X High
X - X
No effect on Ease of access
High
X X High
- - X Medium
- X - Medium
- X X Medium
X X X High
- - - X Medium
- - - - Low
Table 2-4 Example rating of ‘ease of access’ (likelyhood)DNVGL-RP-0496 - Cyber security resilience management for ships and mobile offshore units in operation
DNV GL © 2017
Determine consequences of successful attacks
44
DNV GL © 2017
Determine cyber security risks
45
DNV GL © 2017
Compare current safeguards with target
Assessment results defines the target safeguards based on:
BSI – German Federal Office for Information Security46
IEC 62443-3-3BSI GS
and
DNV GL © 201747
How to combine it allFinal remarks
DNV GL © 2017
What to do during the lifecycle of a cyber-enabled vessel?
Predictive & Proactive C
yber S
ecurity M
aturity
Cyber Security Improvement Roll-out
Reactive
Security Testing (e.g. pentesting)
Annual or n-year Inspections / Audits
Risk assessment
ISMS Gap analysis
ISMS Certification
Corrective actions/ Roll-out of Cyber Security
Management System
Letter of Compliance to DNVGL-RP-0496
48
Verification of corrective
actions
DNV GL © 2017
Conclusion
49
DNV GL © 2017DNV GL © 201
Thank you for your attention
50
Download the RP free of charge from
www.dnvgl.com/rpcs
DNV GL MARITIME [email protected] +49(0)40-361-493610