This message was sent to ##Email##
To advertise in this publication please click here
|
|
.NMLEA NEWS
Four of the World's Biggest Maritime Shipping Companies Have Been Hit — Who's Next?
As reported by ZDNet, all four of the world’s largest shipping companies have now been hit by cyber-attacks. Maersk, Mediterranean Shipping Company, Cosco will all victims, and now the French company CMA CGM has been hit by a ransomware attack. What makes this significant is the fact that no other industry sector has seen its top four giants suffer major cyber-attacks.
This illustrates a point made by the NM Lea’s Executive Director during a presentation at the Transport Security Congress on September 29th: The maritime industry is the enemy’s biggest target. “When you combine the maritime domain’s mission-critical infrastructure with a dramatic increase in IoT operations, in edge devices, in services and in digital traffic over a more complex global operational management environment, you’ve exponentially increased the attack surface for the adversaries,” said Mark DuPont during his talk and subsequent panel discussion. “What adds to the urgency and magnifies the crisis is the point that the maritime industry is large in scope, but small in cybersecurity maturity… put simply, we’re behind the curve.”
DuPont explained how ships, ports, and shipping operations are continuing to rapidly advance automation and cloud based applications, but they have not kept up with protecting those ever increasing “touch points” (or “entry points” for the attacking adversary,) by securing each end of the information chain. He added that the solution can be found in three things: Establishing “Zero Trust” networks, becoming Proactive vs. Reactive, and most importantly, training your people.
DuPont encouraged participants in the Transport Security Congress by saying “This is a wake-up call, and maybe now is a good time to look at your cybersecurity posture, and see how you can become Proactive vs. Reactive. Maybe it's also time to think about being a part of our Maritime Cybersecurity Pilot to explore how a "Zero Trust" network can be set up in minutes and tested in your operational environment for 30 days ... at no cost to you.”
For more information on the Maritime Cybersecurity Pilot Program or to explore how you can increase your security posture, contact the NMLEA cyber team at cyber@nmlea.org.
|
|
Critical Cyber Vulnerability Reported by NMLEA STAR Partner — RiskSense
An NMLEA STAR Partner ("Service Tested - Academy Recognized"), RiskSense revealed yet another cyber attack vulnerability, just like they did in predicting the WannaCry Ransomware attack, as cited by the Department of Justice Report.
The technical description is this: The vulnerability was discovered on the Netlogon Remote Protocol RPC interface used by Microsoft Active Directory Domain Controllers for password database synchronization. This attack leverages a design weakness in the Netlogon Remote Protocol login process, and allows an attacker to log in and perform critical operations using a password consisting entirely of zeros. This attack is highly successful - on average - in 1 of every 256 login attempts!
In an effort to help the security community, RiskSense developed the first publicly available exploit and implemented the attack as reported in a Secura whitepaper (https://www.secura.com/blog/zero-logon ). Further, RiskSense created a modified version of the Secura scanner that performs the complete attack chain including reversing the attack to restore the original domain controller machine password. The sample exploit code can be found at https://github.com/risksense/zerologon/.
This is another example of why RiskSense continues to earn recognition as the leading innovator in cyber risk management.
And its another reason why we at the NMLEA are supporting a Maritime Cybersecurity Pilot Program, providing tools like this to selected ports, shipping companies, cruise companies, terminal operators, oil and gas facilities, and other stakeholders within the private and public sectors... at no cost. To find our more, or to become a part of the Pilot Program, email us at cyber@nmlea.org.
|
|
.OTHER NEWS
Being cyber resilient is critical for the maritime industry
tripwire
Cyber-attacks against maritime and shipping organizations are only increasing. Notwithstanding the IMO’s requirement for organizations in this sector to achieve cyber resilience by 2021, more and more entities are being crippled by malicious attacks.
|
|
Study proves boating and being at water benefits health and wellbeing
News of the Area
A study from internationally renowned and award-winning marine biologist Dr Wallace Nichols, has revealed that boating delivers significant physiological and psychological benefits. His work includes research into the vast cognitive, emotional, psychological, social, physical, and spiritual benefits that can be associated with time on or around the water.
|
|
Boating at a social distance
Marina Dock Age
When COVID-19 forced the country to essentially shut down in an effort to slow the spread of the coronavirus, the marina industry had to face the fact that business was not going to proceed as usual. With non-essential businesses forced to close and stay-at-home orders issued in many states, operations at marinas and boatyards came to a screeching halt.
|
|
Keep commerce flowing: Strengthening a vital Coast Guard partnership
Maritime Executive
The devastation in the Gulf of Mexico in the wake of Hurricanes Laura and Sally is the latest reminder of the extraordinary dedication of the men and women of the U.S. Coast Guard. They are, as the Coast Guard motto conveys, Semper Paratus — Always Ready — to put themselves in harm’s way in service to our nation.
|
|
Improving maritime cybersecurity and operational resiliency
Security Boulevard
The World Economic Forum cites cyberattacks on critical infrastructure, including transportation, as the world’s fifth highest risk in 2020.1 At the same time, transportation and logistics organizations are rapidly evolving to improve their service levels and efficiency.
|
|
It's national safe boating week
Echo Daily
During National Safe Boating Week, boaters are being urged to check forecast weather and sea conditions before heading out after five people were rescued from the water when they were recently caught in a fierce Southerly Buster.
|
|
Is COVID-19 accelerating digital engagement in maritime?
Ship Technology
After tackling crew engagement post COVID-19, shipping management company V.Group has released the findings from its second 'Life After Lockdown' discussion paper, as part of a series that looks at the ramifications of the pandemic on the sector.
|
|
In a new initiative, the US coast guard targets illegal fishing
Forbes
After a long absence, fish and fishery patrols are back as a U.S. Coast Guard priority. In a little-noticed event earlier this month, the U.S. Coast Guard announced a new focus on “Illegal, Unreported, and Unregulated Fishing,” sketching out a broad plan to track and, in time, start rolling back the systemic and often State based depredation of seas worldwide.
|
|
|
|
|
|
7701 Las Colinas Ridge, Ste. 800, Irving, TX 75063
|
