By Graham Sutherland, Senior Vulnerability Researcher
The traditional online attack surface for ships is changing. Gone are the years where vessels were put to sea for months at a time with little or no contact made with the shore, with letters awaiting them at their next arrival port and unpredictable journey times and locations. Even with the advent of satellite phones, GPS tracking and computer-based navigation, a typical ship will still have a much more limited online presence compared to shore based organisations.
However, this is changing rapidly. As the availability and reliability of internet connections aboard ships improves, it is natural that organisations will seek to leverage this connectivity for the purposes of remote monitoring and diagnostics. Equipment vendors may also opt to offer similar capabilities as part of their technologies in order to provide remote administration and maintenance. Such solutions are particularly attractive because they offer the opportunity to reduce the cost of maintaining on-board computer systems, both in direct financial terms and in improved turnaround times when resolving issues.
However, developing secure remote access solutions is a challenging task, particularly in an environment where availability concerns are paramount and connectivity is limited. As such, many aspects must be considered when evaluating an approach or vendor offering, including but not limited to:
- General application security of the management platform front-end – an attacker who gains access to the front-end may be able to perform unauthorised operations on a ship’s systems.
- General application security of agent software – the agent software on the gateway must not allow unauthorised users to access its features or the services it brokers access to.
- User authentication (two factor auth, active directory integration, etc.) – strong user access controls help prevent password guessing attacks, credential theft and credential stuffing attacks.
- User enrolment and deactivation – adding new users is a security-critical activity that must be closely controlled and monitored, and user deactivation is an often forgotten procedure when staff leave an organisation.
- Access control (enforcement, permission granularity, etc.) – user rights administration must be granular enough to allow for meaningful separation of user roles, and those rights must be correctly enforced by the solution as to avoid unauthorised access to functionality.
- Auditing and logging – while restrictive security controls are the first line of defence, auditing and logging help quickly identify accounts that have been compromised or misused. An audit trail is an invaluable piece of the puzzle in an incident response scenario.
- Communications between the management platform and agent, in particular resistance to man-in-the middle (MitM) attacks – security controls that validate the identity and authenticity of a user are ultimately invalidated if an attacker can steal credentials as they travel over the network or hijack legitimate user connections, so transport security (e.g. SSL/TLS) is important.
- On-ship communications between the agent and telemetry technologies (if applicable) – care must be taken to avoid allowing access between the general IT network on a ship and the separate network segment used by operational devices and sensors (e.g. GPS, AIS, engine management). This has, in our experience, been a key point of failure in many solutions.
- Ability to update the gateway device and agent software remotely without significant impediment – remote updates must be applied in a timely manner, which can be difficult on ships due to their limited internet connectivity. Software updates must also be appropriately verified for authenticity and integrity, to prevent an attacker from delivering a malicious update. It is important to ensure that each of these items are considered and assessed in order to help reduce the likelihood of security vulnerabilities which enable attackers to gain access to ships’ systems.
Nettitude conducts a wide range of vulnerability research across products used within the marine and offshore industries, helping organisations mitigate risks in the above systems, among others.
A recent project included vulnerability assessments and product assurance work for a vendor who have designed and developed remote management systems for vessels. The platform incorporated on-board appliances, 3rd party cloud services and vendor specific technology. In order to share the knowledge gained with the wider industry, Nettitude has developed a research report on the observations and findings from this work. We also looked at how this research relates to the risks and impacts found within remote access solutions more generally.