LRQA Nettitude Blog

By Nettitude

For many years, aerospace and aviation security has been primarily focused on the physical aspects of maintaining safety; from airside safety checks to ensure unauthorised personnel cannot access critical areas, to airport safety measures that ensure the safety of passengers and crew on board the plane. However, as passenger convenience and safety has advanced, as well as increased connectivity between airports, aboard a plane, and the outside world, the previous security model has become obsolete.

In line with this, we have recently seen the introduction of CAA ASSURE, a new cybersecurity audit model for third parties providing services to the Aerospace industry. Find out in the below post about what ASSURE entails and what Nettitude can offer in relation to this.

By Graham Sutherland, Senior Vulnerability Researcher

Developing and implementing secure remote access solutions can be a challenge in itself. As new threats continue to emerge and existing threats evolve, ensuring both your physical communications infrastructure and your communications operations are secure is vital to the day to day operations of your business. However, when factoring in the challenges of remote communications at sea, things can begin to get even more tricky if you don’t follow the correct procedures for establishing secure methods of remote communication.

At sea, the two main challenges are the availability of resources and connectivity. These two factors have over the past decade have been the driving force for the continual development of remote access solutions. Whilst today, we are in one of the best positions to defend our assets against ongoing threats, there are still an extensive set of considerations to be made when evaluating an approach or vendor offering.

Below, we will outline 9 key considerations which must be made when implementing remote access communications.

By Mike Buckley at LRQA Nettitude 

Effective network design is crucial for the smooth running of every business. As the heart of your business activity, your network is relied upon day-in, day-out by your staff to keep business flowing, and customers returning. As most of us have experienced before, when the network goes down, chaos usually follows. When this happens, it can often be a mammoth task to get everything back up and running and the time lost is irreplaceable. However, by following best practice for network design and configuration from the beginning, you could prevent many issues before they arise.

Below, we’ll explain why establishing a well-designed and configured network is important, as well as detailing the six factors that are essential to the smooth running of your network…

By Nettitude 

In the nearly fifteen years since Amazon launched its initial cloud computing offering, the ways we develop, deploy and manage applications have been changing at pace. More businesses are finding that the transition away from traditional data centre technology is offering advantages such as increased flexibility, more rapid time-to-market, and allowing them to scale to meet customer demand.

 Of course, many of the security considerations of using cloud infrastructure mirror those for more traditional infrastructure, and organisations should draw on existing expertise to manage them. However, different ways of working in the cloud mean that there are new aspects to consider to ensure that you are secured against the latest threats. It’s also worth remembering that these new ways of working can also offer an opportunity to adopt more secure ways of working at a lower cost – but only if deployed effectively.

Below, we’ll take a look at the main advantages of adopting cloud technology, as well as four key considerations your business should take.

By Graham Sutherland, Senior Researcher & Consultant at Nettitude

Modern ships utilise networked technologies in order to provide faster, more accurate, and more convenient operations of the vessel. This connectivity unfortunately brings with it new threats to the security of the vessel, its crew, and its cargo, while additionally bringing unique challenges in terms of systems maintenance.

Whilst the benefits of these technologies bring huge value to day to day operations, there are certain precautions which should be taken to offset any risks associated with integrating such technologies. Below are some of the most common security issues faced on today’s ships that you should be aware of.

By Nettitude

We are pleased to announce, Nettitude will be exhibiting at the 20^th PCI London event this month at Park Plaza, Victoria. The annual PCI events are well known for delivering the latest industry insights, updates and keynote talks on all things PCI-DSS, and are not to be missed by anyone working within the industry.

The shipping sector has traditionally stood apart from the developments in cybersecurity over the past decade. With the majority of critical functions and assets physically isolated by miles of ocean, the need to secure these resources against cyber threats has seemed similarly remote.

However, in recent years, this hands-off approach to cybersecurity and assurance has become riskier and ultimately, costlier. In the modern cyber threat landscape, less capable adversaries such as hacktivists and teenage virus writers take a back seat to organised criminals and even nation state-sponsored threat actors. The cyber-crime economy is now mature, well-established, and well-developed.

Below we will take a look at the key learnings for ship owners and operators which can be taken from previous research and attacks, most notably the NotPetya attack in 2017 which caused major implications for global shipping giant Maersk.

By Graham Sutherland, Senior Vulnerability Researcher

The traditional online attack surface for ships is changing. Gone are the years where vessels were put to sea for months at a time with little or no contact made with the shore, with letters awaiting them at their next arrival port and unpredictable journey times and locations.

Even with the advent of satellite phones, GPS tracking and computer-based navigation, a typical ship will still have a much more limited online presence compared to shore-based organisations. However, this is changing rapidly. As the availability and reliability of internet connections aboard ships improves, it is natural that organisations will seek to leverage this connectivity for the purposes of remote monitoring and diagnostics.

Below, we take a look at the new and enhanced risks posed by remote access communication on board ships and how we can approach a safer way of operating to protect the ship, its assets and the people on board.

The explosive growth in communications services over the last two decades has dramatically changed the way that businesses operate in all sectors, improving efficiency and providing new opportunities. In the maritime sector, we can see this from the original adoption of VHF a hundred years ago for ship communication through to more recent safety technologies such as AIS and satellite communication. However, the limited bandwidth and high cost of these technologies has historically limited the sector’s ability to leverage them in many of the ways seen in other industries.

Notably, when adding new technologies or capabilities to existing systems, it’s important to consider any additional risk that may be presented; this can be both from vulnerabilities in the underlying technologies themselves, or from the way in which they can interact with or expose other capabilities. Where risks are identified, mitigations should be put in place to reduce them to an acceptable level. Below we explore some of the ways in which this can be done, and some examples of widely used maritime technologies.

By Ben Densham, CTO at Nettitude

By 2021, Forbes estimates that there will be $6 trillion in damages caused by cyberattacks, a figure that exceeds the cost of all natural disasters in an entire year. However, cyberattacks and the impact they can have on organisations are now becoming much better understood, and more businesses are putting protocols and cybersecurity strategies in place to become proactive rather than reactive to cyber threats.

Creating a cybersecurity strategy involves working out what ‘good’ looks like for your business in terms of maintaining digital security, keeping cyber threats at bay and having a plan of action in place for the possibility of a breach. Your cybersecurity strategy should be a clear vision that’s well-articulated, has board-level engagement and is relevant to your industry. Whilst many businesses have a cybersecurity policy, this is no longer enough. It’s crucial to have a full strategy in place which instigates cultural change within your business ecosystem and isn’t just reactive to threats but proactively ensures your business is doing everything possible to protect itself from cyberattacks.

Here are 5 steps to consider when creating your effective cybersecurity strategy: 

.