Αngel stops its first attack

750 354 Navarino

Developers of the first cyber security service designed and tested specifically for maritime use say their product has already prevented its first real-world cyber-security attack on a shipping target.The new cyber security platform – called Angel – was developed by Navarino and formally launched at the end of October.

Navarino’s solutions architect Stratos Margaritis told Marine Electronics and Communications about the new system and the attack it prevented.“It was a denial of service attack that was immediately caught and blocked. The attack was isolated from the network. That’s how Angel operates.”
Mr Margaritis was unwilling to specify which company had been targeted in the attack.
He said that cyber attacks and security breaches of shipping systems are often kept secret and cited other unreported cyber incidents he is aware of within the shipping industry.“I do know of two or three of them [unreported cyber attacks], yes. They [shipping companies] have been compromised from inside … but I don’t know if they want to go public with it.”Mr Margaritis said that crew posed a threat to cyber security in shipping, and described an incident where a crew member infected a vessel’s ECDIS system.“I know of one [attack] where someone actually put his phone to charge on the ECDIS – and the ECDIS was compromised. Things like that can happen, and the crew is not exactly aware of … the mass damage they can do.”A fear of reputational damage is driving companies affected by cyber attacks to keep quiet, according to Mr Margaritis.

He cited the June cyber attack on container shipping giant Maersk as evidence that reporting a cyber attack can, contrary to that worry, actually enhance a company’s reputation.

“In the Maersk case, it didn’t do them any harm to come forward. It didn’t ruin their reputation, it actually gave them a plus because they were forward with this and it actually promoted their reputation.”

This view was echoed in a recent International Maritime Industry Forum seminar where Hill Dickinson’s global head of shipping told a Maersk vice president his company was owed a debt of gratitude by the industry for its transparency during the biggest cyber attack the shipping sector has faced to date.Mr Margaritis said Navarino is working hard to convince shipping companies to report cyber attacks when they happen. Transparent reporting brings a net benefit to the industry by allowing companies to take measures that will protect their systems from attack.
Even if more open reporting practices are agreed, Mr Margaritis said one thing he felt sure of is the likelihood of more cyber attacks. Following on from the Maersk incident in which a so-called ‘zero-day’ virus known as NotPetya took out the container shipping giant’s systems, Mr Margaritis said the Angel service also supports zero-day attacks. The term zero-day describes a virus that is written to exploit a previously unknown vulnerability for which no antivirus software signatures have been developed.

Angel is built to monitor the traffic and learn the behaviour of computer applications on the systems it protects. After being in place for a period of time, Angel learns to recognise the typical patterns and types of use that occur on each of the individual PCs on board a ship, for example. Requests for behaviour that contravenes what Angel sees as normal use are isolated and flagged to Navarino’s Athens-based team who man the Security Operations Centre (SOC) 24 hours a day, seven days a week. The SOC team investigate the issues flagged by Angel and notify crew on board with what they find. It’s not 100% protection from attack, but it is as close as you can get, Mr Margaritis said.

This level of protection does not necessarily require VSAT, but it helps, according to Mr Margaritis, “because the amount of data to be transmitted onto the vessel is about 300-500 MB, in general, for a month.”

Navarino Angel is compatible with all satellite networks and IP-based networks and is paired with a traffic gateway Navarino calls Infinity. The Infinity system includes both bandwidth optimisation as well as a firewall.

“In front of Angel, we have Infinity which is a gateway, which supports all types of communication. That means 3G, 4G, wifi, satellite Ku-band, Ka-band, whatever you can imagine. That means all the traffic is going to Infinity and being passed over to Angel for inspection.

“The UTM is right behind the firewall. It’s actually interconnected with the firewall, and that means from the outside that once an attack has been identified the UTM (Angel) is able to send direct commands to the Infinity in front in order to drop the service right where it comes from instead of allowing it to pass through the firewall and breach past into the UTM.”

Mr Margaritis said all signatures and databases are updated in real-time and responses are pushed to the vessels. Angel is built on Juniper’s SRX software, and Neurosoft configures the system and carries out the monitoring.

Source: Marine Electronics & Communications
Author: Jamey Bergman