All Blogs

Your Vessel Exposed: 10 Potential Surprises to Expect from Your Maritime Cyber Risk Management Assessment

Author | Mission Secure

Cyber-related risk and threats to your vessel network are mounting, and so are the maritime industry cybersecurity compliance requirements. Between the upcoming International Maritime Organization’s (IMO) Resolution MSC.428(98) and other programs like the Tanker Management and Self Assessment (TMSA), you’ll need to get a handle on your vessel OT network before you can even commence. 

Read More

The Cyber-attack on Garmin: Exposing GPS vulnerabilities

Author | Mission Secure

The media reports primarily focused on the Garmin cyber-attack in light of its impact on millions of consumer devices. However, Garmin is also the creator of numerous other GPS-based technologies. Navionics (GPS plotter charts), flyGarmin (aviation database app), and inReach (satellite communication with GPS) users also experienced outages. Airplane pilots found themselves grounded, unable to download Garmin’s aviation database, “crucial for navigation and compliance with the FAA regulations.” Garmin Pilot...

Read More

IMO 2021: Three Steps to Ensure IMO/ISM Cybersecurity Compliance

Author | Mission Secure

New Year’s Day 2021 will not just be the start of a new year – it will also be a date of significance for those in the maritime industry. The International Maritime Organization (IMO) will be enforcing Resolution MSC. 428(98) that “encourages administrations to ensure that cyber risks are appropriately addressed in existing safety management systems (as defined in the International Safety Management (ISM) Code) no later than the first annual verification of the company’s Document of Compliance (DOC)...

Read More

Real-World Lessons Learned from Maritime Cybersecurity Incidents

Author | Mission Secure

If you’re in charge of cybersecurity for your maritime vessel networks, the last thing you want to wake up to is your mobile phone blowing up and your organization in the headlines because of a cyberattack. Between vessels being more connected than ever, the flourishing cybercrime economy and a global pandemic that has changed how we work, it seems that it’s all you can do to keep your vessel networks running. With a 400% increase in attempted cyberattacks targeting the maritime industry since...

Read More

Maritime Security Incidents: Disruptive Cyber-attack Cripples Port Facility

Author | Mission Secure

When we see a dangerous security vulnerability or debilitating cyberattack appear in the (almost) daily headlines, the story is usually the same: a hacker compromises an enterprise network and steals personnel data, credit card numbers, product roadmaps, confidential emails and more. And just for fun (and money), a hacker will hold the data for a sizeable ransom and threaten to publish the information if the payment isn’t received.But there is a whole other world of cyberattacks, where hackers target OT...

Read More

Maritime Security Challenges: The Physical Impact of Maritime Cyber Threats

Author | Mission Secure

When we see a dangerous security vulnerability or debilitating cyberattack appear in the (almost) daily headlines, the story is usually the same: a hacker compromises an enterprise network and steals personnel data, credit card numbers, product roadmaps, confidential emails and more. And just for fun (and money), a hacker will hold the data for a sizeable ransom and threaten to publish the information if the payment isn’t received.But there is a whole other world of cyberattacks, where hackers target OT...

Read More

Current Threats to Maritime Security: A Prime Target for Cyber Adversaries

Author | Mission Secure

Recent reports highlight the exponential growth in OT cyber-attacks targeting the maritime industry, increasing a staggering 900% over the last three years. As Marine Log reports, “Cyber-attacks on the maritime industry’s operational technology (OT) systems have increased by 900% over the last three years, with the number of reported incidents set to reach record volumes by year end.” Accounting for the carriage of 90% of world trade, maritime is one of the oldest industries and lifeblood of the global economy...

Read More

Industrial Control System (ICS) Security and Segmentation

Author | Paul Arceneaux

Network and device segmentation should be part of the defense in depth security approach for all critical industrial control system (ICS) environments. Frankly speaking, it is a physical security best practice learned over centuries, and an IT security best practice learned over the last several decades. Segmentation and micro-segmentation stop unbridled access in IT environments and should be doing the same in ICS environments. In fact, most industrial operations, like oil and gas, power, utilities...

Read More

Australia Targeted: Confronting a Nation-state Cyber Attack

Author | Mission Secure

On June 18, 2020, the Australian government's Cyber Security Centre issued Advisory 2020-008 regarding the "sustained targeting of Australian governments and companies by a sophisticated state-based actor." According to multiple reports, institutions such as hospitals and state-owned utilities have been under attack for months. In a notably rare occurrence, Australian Prime Minister Scott Morrison publicly acknowledge being under an ongoing state-sponsored cyber-attack. Morrison called for the public to be...

Read More

President declares National Emergency for cyber threats to grid—time to take action

Author | David Dresher

On Friday, the President of the U.S. declared a national emergency as foreign adversaries threaten the electric grid with cyber attacks. The Presidential Executive Order on securing the bulk-power system essentially prohibits power producers and distributors from purchasing and deploying equipment made by companies under foreign control by foreign adversaries.The Presidential Order goes on to say:"...the bulk-power system is a target of those seeking to...

Read More

Making Cyber Vigilance the New Modus Operandi

Author | Matt Malone

Over the last weeks, hackers unleashed a wave of cyber attacks. Computer Weekly reported, “The cumulative volume of coronavirus-related email lures and other threats is the largest collection of attack types exploiting a single theme for years, possibly ever.” For industrial operations like energy, power, and manufacturing, the mean incubation period for operational technology (OT) or industrial control system (ICS) networks infected with a computer virus or other types of malware is notoriously long. Havex, for example, had an incubation period...

Read More