Ships, planes, trains and automobiles! This article is not really about the awesome 1987 movie starring Steve Martin and John Candy, but rather a series of upcoming posts regarding the everyday transportation systems we all take for granted, how they are all remotely hackable and how to secure them with Tempered’s Secure IDN. First up; Ships.

Maritime vessels support two classifications of networks; a serial network and an IP network. A ship’s serial network hosts Industrial Control Systems for environmental controls like refrigerant and heat as well as ship operational controls for engines, navigation and steering systems. A ship’s IP network hosts its business systems including email, internet access and browsing. It’s also typical to see serial-to-IP devices that bridge these two networks together with the goal of extending that ICS and ship control data further into business systems.

As far back as 2010, warnings have been published regarding how hackable maritime vessels were and just as recently as yesterday, pen testers have reported ship networks are still vulnerable to cyber-attacks. Cyber Security Specialists have even taken steps to prove this point by using typical attack practices from reconnaissance to phishing, to discover vulnerabilities, back doors, exposed devices (like the ships satcom and serial-to-IP converters) to commit man-in-the-middle (MITM) attack scenarios. Phishing was also done to take control of laptops, which contained ship data and device credentials. Once the targets were compromised, the testers moved on to discover serial data spilling into the IP network where they could’ve easily manipulated environmental controls for shipping containers, the ships’ steering, navigation data, and so on. In other words, if any commercial or cruise ship is compromised, the ship, its shipment, and more importantly it’s crew and public seafarer lives, are in danger.

Because they are often left at default settings, satcom and serial-to-IP bridges are usually the focus of attacks on a ship. Satcom systems are the easiest way to get onto vessel networks and the serial-to-IP bridges are the means in which attackers can access the life dependent data. There are many ways to address commercial and passenger ship cyber-security like educating the crew on how to recognize socially engineered malware and phishing attempts, and through policies that can guide ship crews in implementing countermeasures for cyber-attacks. Countermeasures can range from securing satcom and serial-to-IP bridges with encryption, to changing default passwords, to encrypting data in motion. More importantly, segmenting business, bridge, engineering, crew and public Wi-Fi networks is key to further securing critical ship systems from unauthorized access.

Tempered Network’s Identity Defined Networking (IDN) solution can easily and securely segment your vessel’s serial ecosystem from your IP network, cloak your critical ship systems (including the Serial-to-IP bridging devices) from cyber-attacks and effectively make them invisible to hackers. Cloaking reduces the total attack surface area and eliminates the cyber kill chain at the Reconnaissance level, potentially eliminating the attack from further advancing. When your critical ship systems are cloaked by Tempered’s IDN, they are not scannable for IP addresses or running services. Hackers can’t hack what they cannot “see”.

 

 

In my recent post, Tempered Networks 5-minute IDN explainer, I mentioned that our IDN Enforcement appliances, the HIPservices, are part of a three component design responsible for applying the Zero Trust secure segmentation, cloaking, and encrypting data in motion. These attributes help protect your critical devices and the data passing between them. The HIPservices can also be applied as your serial-to-IP bridge to the IP Network, protecting your ship’s critical serial ecosystem. The following is the HIPswitch 250gd-s model; dual cellular with serial-to-IP support.


HIPswitch 250gd Serial-to-IP

According to current maritime vessel security articles, simple security flaws on ship network systems allow unauthorized access and control that can cause ships to go off-course, with loss of volatile merchandise due to unauthorized environmental manipulation, and worse - life threatening events. Tempered Networks provides secure networking that can protect your critical vessel environment from those simple security flaws in three simple steps.  Our IDN design objective is based on the principle that it must be easy to connect, cloak, segment, move, failover, and disconnect networks and individual resources. IDN unifies networking and security into a single platform, making it simple to create Zero Trust Overlays without having to modify existing network security infrastructure. Our point-and-click management console makes it easy to connect, micro-segment and manage all your networked devices—across any transport or location. And this approach comes at a fraction of the cost of alternative solutions. For a quick overview of what Tempered Networks IDN, Zero Trust, and cloaking can do for your ship networks, please see Tempered Networks 5-minute IDN explainer.

For more IDN details and use cases, please visit Tempered Networks.

Related Posts:

https://www.ssi.gouv.fr/uploads/2017/06/best-practices-for-cyber-security-on-board-ships_anssi.pdf

https://www.pentestpartners.com/security-blog/sinking-container-ships-by-hacking-load-plan-software/

https://www.reuters.com/article/us-cybersecurity-shipping/all-at-sea-global-shipping-fleet-exposed-to-hacking-threat-idUSBREA3M20820140424?feedType=RSS&feedName=worldNews,

https://www.scmagazineuk.com/hacking-container-ships-is-dead-easy-warn-security-consultants/article/700329/

https://mashable.com/2017/07/18/hacking-boats-is-fun-and-easy/#QiaUo9bW3aqw

https://www.pentestpartners.com/security-blog/osint-from-ship-satcoms/

0 Comments
Thursday, July 19, 2018 By Anonymous (not verified)