Maritime Cybersecurity: A Guide for Leaders and Managers by Shepard Steven & Kessler Gary

Author:Shepard, Steven & Kessler, Gary
Language: eng
Format: epub, pdf
Published: 2022-02-03T00:00:00+00:00

Communications Platforms

AmosConnect™ is a maritime communications system that works with a ship’s satellite equipment to integrate vessel and shore-based office applications and Internet access for the crew, e-mail, messaging, position reporting, weather reporting, and more. This system is usually deployed on a ship’s IT network backbone, but should be separate from the navigation systems, Industrial Control Systems, and other networks. AmosConnect, a product of an Inmarsat subsidiary, is used on thousands of ships around the world.

Two vulnerabilities in AmosConnect version 8 (AC8) were reported in 2016. One was a flaw called an SQL Inject, which allows a nefarious user to enter bogus data in the login form and gain access to the system; the other was a built-in backdoor account with full system privileges. The flaws were reported to Inmarsat. In late 2016, Inmarsat notified users that AC8’s end-of-life would be in mid-2017 and suggested that users downgrade to AmosConnect 7. A patch to AC8 was issued in early 2017 and the current AmosConnect software remains at version 7.

Shipboard Networks

Ships today employ wireless network access to the Internet for the same reason that shore-based facilities use it: ease of deployment, ease of connection, and high-speed access. And, shipboard Wi-Fi networks suffer from the same vulnerabilities as their shore-based counterparts. First, the network is vulnerable to unauthorized access unless it is using the strongest security. Second, personal or ad hoc access points put in place by crew or passengers are difficult to detect and may not be adequately secured, potentially weakening the security of the entire network. Third, unsecured Wi-Fi access points attached to control system and other shipboard networks, including entertainment systems and vendor POS terminals, can provide another vector for unauthorized access.

Even wired networks provide a vector for rogue users. Unused network jacks that are connected to a network switch allow anyone to plug in and gain access to the network backbone. One common attack vector is to find an unused jack in a wiring closet and hide a rogue wireless access point, giving an attacker undetected 24/7 access. Alternatively, an attacker can find any obscure active network jack and insert a hub; this allows the attacker to surreptitiously add a new network device or rogue wireless access point at any time, without disabling any current devices.

Finally, many public-facing networks are secured against users doing unauthorized activities from the graphical user interface (GUI) or Web browser, but are not protected from command line tools. In one case, public computers on a cruise ship limited users to applications accessible via the Windows GUI. It did not adequately protect, however, against a user opening the command line interface. Once they were at the DOS prompt, the user was able to explore the entire file system of the computer and, using command line network utilities, move to other computers on the ship’s network.

Other Cyberthreats to Shipboard Computer Systems

Direct physical attacks on computers and networks remain a viable insider threat to the cybersecurity of a ship. Some researchers have reported finding “mystery systems” present on shipboard networks.

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.