T1 12 Maritime Cyber Security - Fotis Sofronis

Security BSides Athens 2018 (Sat, 23/Jun/2018) Maritime Cyber Security - Fotis Sofronis Abstract: With multiple points of entry, Maritime vessels and ports are at an acute risk of a Cyber attack. Presentation will cover: Vulnerable on-board systems: Propulsion and engine controls (ICS, SCADA, Remote management) Cargo management (RFID, Tracking systems) Navigation and positioning systems (AIS GPS, ECDIS) Communication systems (NavTex, VSAT, WII, Email, VoIP) Crew and passenger management and welfare systems Alarm and access control systems A number of recent high-profile attacks in the Maritime industry. These include: Ships have been fooled in GPS spoofing attacks Hackers have recently shut down a floating oil rig by tilting it. An oil rig was so riddled with malware that it took 19 days to make it seaworthy again. Somali pirates employed hackers to infiltrate a shipping company’s computer system, to identify vessels passing through the Gulf of Aden with valuable cargos. A group of drugs smugglers hacked computers connected to a major port, to delete the shipping records of the containers used to smuggle contraband. They then made off with their smuggled drugs. Case Study: Researchers have demonstrated that it is possible to change a ships direction by faking a GPS signal Maritime technical security modules: This section will go through the general structure (Network Architecture / Firewall,Physical Security, etc.) of the Shipboard. We will take a close look at the implementation and verify coherence. Bio: Fotis currently serves as a Supervising Senior member at KPMG’s Cyber Security practice, in Greece. His experience is focused in the areas of Security Transformation, Cyber Attack and Defence, specializing in Penetration Testing of network infrastructures and web applications. His educational background includes a B.Sc. in Informatics & Telecommunication, (Un. of Macedonia) and a M.Sc. in Innovation and Technology, (Un. of Sheffield).