Watch videos with subtitles in your language, upload your videos, create your own subtitles! Click here to learn more on "how to Dotsub"

Cyber Security

0 (0 Likes / 0 Dislikes)
A ship is a collection of systems, navigation, engine, steering, cargo, lifesaving, and more. Every year these systems become more interconnected by vessel networks and satellite links to the shore and internet. These complex computer systems are vital to vessel operations and company shore-based services, and they're increasingly vulnerable to sabotage or manipulation by third parties. For example, at one of the busiest ports in the world criminals breach the networks of the port and shipping companies in order to traffic drugs alongside regular cargo. The criminal organization intercepted network traffic stealing the pin codes required to retrieve containers from the port. The data was intercepted using hacking devices disguised as power strips and USB memory sticks. Digital records, communications and vessel data are now potentially vulnerable to criminal manipulation. This new threat has given rise to the important sector of cyber security. In this video, we'll cover Cyber Threats to the Maritime Industry, strong passwords, Phishing and Malware, Social Media, and System Security. The term Cyber Security has been used to mean a number of things. It has a connotation of concern about the hardware and the software that we use. But a broader sense it also needs to include the rules by which we use these systems. What are the procedures that discipline our behavior? How do we set policy for Cyber Security within our organization? Because in the end it comes down to the human being. It's not just the business of Maritime that's at risk of cyber attack. It's the ship itself. Previous attacks have left vessels sitting idle in port for days until they could be repaired. Computer viruses can disable key systems and the denial of service attack could cut a ship off from satellite communication while at sea. In several instances, pirates hacked into computers containing ships cargo manifests and targeted vessels with the most valuable cargo. Satellite communications provide the vessel with services like email, port information, system updates, and even internet and entertainment. This very important service also provides a gateway for attacks. And as the ship becomes more connected, the crew must tighten its security practices. Sophisticated hackers might breach firewalls to access the ship. But more frequently, it's a company employee that opens the door to cyber attack. Viruses can sit dormant on phones and USB sticks waiting for an honest seafarer to plug their device in. Alternatively, a virus might be hidden in a pdf or text document attached to an email waiting to be opened on a vessel computer. Strong passwords are the fist line of defense against intrusion into ship and shore networks. Hackers have lists of millions of popular passwords. and in some cases can test 300,000 passwords or more per second. It's up to you to chose a password that an adversary can't guess. In the old days, used to be able to hook up dictionary software and run through all of the words in the dictionary and people generally used a plain English term as a password and as soon as you hit, you're in. So you want to make it difficult for the adversary to penetrate your system. So a complex password is important. These 50 most used passwords. Is your password on this list? Passwords containing keyboard patterns are especially easy to guess. Like QWERTY or ZXCV. To be secure, passwords should be more than 8 characters, contain upper and lowercase letters, and contain at least one symbol. One good strategy is to take a phrase you know well and convert it into a strong password. Do not use personal details like your name or your birthdate in your password, as they can be easy to guess. Use different passwords for different applications and never share your password. Your company may have additional guidance on password security, like how often it should be updated. Criminals use other means to gain access to data as well. Phishing, P-H-I-S-H-I-N-G, is the idea that you can compromise a computer through clicking on a link that an adversary has sent out broadcast to any number of people on the internet hoping that somebody falls for it, clicks on the link and then malwares installed or it gives access in some way to the person's computer. Phishing could come in the form of a fake bank email asking you to enter your bank information on a website that looks very much like the real thing. This type of attack and others like it are known as Social Engineering. Sometimes it's easier for a hacker to ask for your password rather than trying to hack into a system. A phishing attack might even come in what looks to be an email from a colleague asking about system access or shipper requesting manifest information. Often the attack looks official. A notice that your account has been compromised or that you are under investigation. Maybe an email even claims that you've won a small lottery and you only need to share your bank details to collect the prize. Email attachments should always be regarded with caution. Downloadable files, like pdfs, word documents, and spreadsheets can all hide malware. Viruses, trojans and spyware are types of malware designed to disable systems or steal information, sometimes secretly. To protect against these attacks, verify independently that suspicious email is legitimate and only download attachments from sources that you trust. Having anti-virus is probably wise. Trusting anti-virus to get everything is not wise. So you do need layered defense. You need firewalls. You need all of those things, but you also need an informed user class that is aware of the way adversaries are getting around this technology to get directly to the user and inside systems. Good security practices can keep criminals out of vessel computers and networks. But sometimes adversaries don't need to hack to get what they need. In some cases, top secret information about vessel security or cargo is just out on the web in the form of a social media post or video upload. For example, pictures of ship hardening against pirates could reveal confidential information about the ships security plan and even place the vessel at risk of attack. Additionally, any photographs or videos of unprofessional or unsafe behavior could lead to dismissal or serious investigation in the event of an accident. Your company may have a social media policy that gives instructions about appropriate sharing. Be sure you understand the policy. And before posting anything from the ship, stop to think Will this compromise ship security? And will this hurt my career? The good news is that there are many ways to improve cyber security on board your vessel and ashore. The easiest thing you can do to improve security is to make sure that your computers and network equipment are updated frequently in order to patch any security vulnerabilities. Anti-Virus software, with up to date virus definitions should also be used frequently and maintained. Be sure to follow your company's protocols concerning personal devices. Plugging a phone or USB stick into a vessel computer could transfer dangerous malware. Some companies may lock or cover USB ports from use to prevent unauthorized access. At a ship level, cyber security may be part of the ship's security officer's duties. Ship networking equipment should be considered when conducting risk assessments. If a crew members computer becomes infected, could it infect other systems on the network? Exposing critical systems to the internet or email could lead to dangerous virus infection or disruption of operation. Vessel computers should not be used for personal reasons unless you are given specific permission. What you're doing is you're making it more difficult for adversaries to get past your defenses. So you want to have layers and you want to have defense in depth so that it's more difficult to break into you than to someone else. In this program we learned cyber adversaries can disable a ship or steal valuable information. Strong passwords are the first line of defense and should be unpredictable, long, and use special characters. Phishing attacks may try to get you to reveal secret information or download a malicious file. Casual social media use could compromise security or cost you your job unless you know the rules. And ship cyber security can be improved by using up to date software and protecting access to the network. All of this information is equally applicable on board your vessel, in the shore office, and in your personal life. Malicious internet activity is expected to grow increasingly in the future and it's up to you to do your part to protect the ship and office.

Video Details

Duration: 10 minutes and 40 seconds
Country: Andorra
Language: English
License: Dotsub - Standard License
Genre: None
Views: 5
Posted by: maritimetraining on Mar 20, 2017

Cyber Security

Caption and Translate

    Sign In/Register for Dotsub to translate this video.