Welcome
About
News
Anonymous Reporting
Tools
MCA Chatter
Library
V-ID Terminal
Support
My Account

News

Icon representing US Coast Guard Bulletin: Cyber Adversaries Targeting Commercial Vessels
US Coast Guard Bulletin: Cyber Adversaries Targeting Commercial Vessels

June 21st 2019
Icon representing Would you pay $1m for a laptop full of malware?
Would you pay $1m for a laptop full of malware?

May 23rd 2019
Icon representing Singapore Opens Maritime Cybersecurity Operations Centre (MSOC)
Singapore Opens Maritime Cybersecurity Operations Centre (MSOC)

May 22nd 2019
 
 
 

ANDREW TIERNEY: PEN TEST PARTNERS

 
January 5th 2018
“Workboats remain one of the most risky environments, they have to deal with bad weather and a range of tricky operations,” said Andrew Tierney of Pen Test Partners. “That desensitises people to lesser risks, risks that these days are much more likely. Like cyber attack.”

He added that while last year’s ransomware assault on Maersk should have been a wake-up call to all and sundry, he knows workboat operations might see themselves as too small to bother with. However, he underlined that these days, workboats are more in danger from holes in the IT than holes in the hull, “and criminals will more likely target those that don’t have good defences”.

Mr Tierney himself crossed over to IT security from a background in electronic engineering. However, as internet applications and IoT developed, he found himself in demand by a number of high profile companies before joining Pen Test Partners (no, not a biro shop, it’s short for ‘Penetration Testing’). He explained that his job is to show the gaps in a system before a cyber attack does and find the most practicable ways to close them – which could be simpler than one might imagine. However, his feet have been in the water as a crewman and he’s not naive about the realities.

“Software piracy is common in smaller fleets. Downloading cheap charts and so on seems to save money, but the sources are less than legitimate, and installing software you can’t trust is not a good idea. It exposes the vessels to risk of viruses.”

More, he added nasties can lurk in an apparently innocent email attachment like a spreadsheet or on a memory stick: “The worst thing I’ve so far seen has come from crew members spreading malware via a USB stick. Very easy”.

This is meeting other factors in a perfect storm: “A few years ago vessels were relatively isolated, but now you are asking them to get online... even satellite services aren’t massively well secured: you find quite a few of the routers at exposed on the internet.” He added: “At the same time, support and tug boat crews are getting smaller and smaller, which means they are much more dependent on the software.” And he pointed out that any boat running on dynamic positioning “means there’s a massive reliance on the computer system”.

However, he added there’s probably just as much danger lurking in archaic systems, though he admitted it’s understandable: “Fleet owners often run old, unsupported software like XP or Vista, which can’t be updated and you’re left hoping they don’t break.” Unfortunately he added: “Onboard, you also don’t have unlimited bandwidth, so applying updates is usually left till you’re back at berth. So it’s all left to do in a few hours, and that leaves the machines vulnerable. Updates are a bad time... a compounding problem.”

“Don’t just cross your fingers,” he advised. “The risks - well, it’s the same onboard a vessel as any business. It can stop machines working – it can stop work – full stop.”

Source

Keywords