Nettitude Blog

By Tom MacDonald, Managing Principal Security Consultant at Nettitude

 Are ships as remotely isolated as often thought? While the answer to this question varies in complexity depending on marine sub-sector, for the cruise industry, remote isolation has long since passed, making cyber security a crucial concern. What are the primary cyber threats facing today’s cruise ship operators, and what are the industry best practices for mitigating against them?

ISO27701:2019, a new international standard concerned with the management of personal data, has been published. ISO27701 is a Privacy Information Management System (PIMS), and provides an extension to the better known ISO27001:2013 Information Security Management System (ISMS).

In this blog, we’ll take a brief look at the new standard, how it differs from ISO27001:2013, and how it can benefit your organisation.

By David Lenehan, Security Consultant at Nettitude

Leaving the forces and want a place in one of the largest growing fields in the IT industry? It’s very achievable providing you’re willing to put in the work and you’ll find you already have the hardest skills to teach.

By Phil Buck, Senior Threat Intelligence Analyst

Introduction

I was recently asked to provide a blog post about my role at Nettitude. Words cannot describe the emotion I felt; this particular Senior Threat Intelligence Analyst was overjoyed to start beating the Threat Intelligence drum, explaining the mission critical role I fulfil, the cutting edge technology I use and the countless lives I have saved so far (fine, the last point might be slightly outside the job description….) The actual reason I was asked is because I am part of the growing team of ex-service personnel currently employed at Nettitude. The time has come to build on the great blog post that Phil Kimpton produced in 2017. Here is my story.

By Graham Sutherland, Senior Vulnerability Researcher

The traditional online attack surface for ships is changing. Gone are the years where vessels were put to sea for months at a time with little or no contact made with the shore, with letters awaiting them at their next arrival port and unpredictable journey times and locations. Even with the advent of satellite phones, GPS tracking and computer-based navigation, a typical ship will still have a much more limited online presence compared to shore based organisations.

By Tom MacDonald, Managing Principal Security Consultant

This blog post is an update to our previous blog post, Soldier to Cyber by Phil Kimpton.

This post is part of a three part series by Nettitude consultants, from the network defender, threat intelligence and offensive penetration testing sides of the business, to show how they were able to map their military skills directly into the industry.

What is a zero day attack exploit?

Imagine setting sail with your bow doors still open. Or operating with an engine that leaked 50% of its fuel intake. Or if we let the bridge continue to operate with all the windows smashed.

According to one survey, 95% of organizations outsource part or all of their Security Operations Center[i], and that includes incident management. Is leveraging third party expertise the most effective way to obtain security incident management services?

Cyber Attacks Reported by US Coast Guard: Are Maritime Cyber Security Risks Unknown or Ignored?

The US Coast Guard issued a marine safety alert on July 8th 2019 following an "interagency response" to a cyber incident affecting a vessel bound for the Port of New York and New Jersey. This followed a more general briefing issued in May 2019 which warned of cyber adversaries attempting to gain sensitive information via phishing and malware intrusion attempts.

The investigation by the US Coast Guard and other agencies found that although the vessel's essential controls systems had not been impacted, the onboard computer system had been 'significantly degraded' by a malware infection. This had led the vessel to report the incident, and had exposed critical systems to additional risk. The alert highlights that although separate computers were used by the crew, the same network was used for official business, and it is assessed as likely therefore that an infection had been able to spread within the environment.

What is particularly noteworthy about this latest report is that the risk was 'well-known among the crew', and despite this, the same shipboard network was used to manage operations on the ship – to update electronic charts, manage cargo data and communicate with shore-side facilities, pilots, agents, and the Coast Guard. Is this because the crew were ignoring the risk, or were unaware of how likely it was that the issues could be exploited? More widely, is there adequate information available to organisations to make intelligence-backed risk decisions? The publication of this briefing, and the previous one in May, are to be welcomed as they bring greater attention to the likelihood of vessels being targeted in this way. Ideally, future reports will also include key technical indicators such as the type of malware, how the infection happened and what the intent was.

Tensions between the U.S. and Iran have soared in the last weeks. Washington and Tehran came close to a direct military conflict last month when the U.S. accused Tehran of orchestrating two attacks on oil tankers in the Persian Gulf region, which Iran denied. Then, after an Iranian missile shot down a U.S. drone, the U.S. ordered reactive airstrikes that were called off at the last minute. Instead, it was widely reported that the U.S. Cyber Command in the Pentagon launched cyber-attacks against the Iranian group that have been planning and orchestrating the tanker attacks in the region.