Security is an important aspect of MSW development. Thus, the AnNa project has put a lot of efforts and resources on getting to grip with the subject. Also in the perspective of developing an Interim master Plan for the future (Extended Collaboration). The AnNa security research relates to an assessment of the problems involved, some remedies for the current construction of MSW's (see http://annamsw.eu/component/zoo/category/subactivity-1-3-security.html?Itemid=276) and a perspective on how to deal with security in a policy perspective. Concerning the latter please find hereunder a rather elaborate analysis - it can be used as a stepping stone for further development (it does not necessarily represent the views of all AnNa partners).
Introduction (Analysis of data mining and security threats and opportunities)
With the shift from industrial manufacturing to knowledge creation and service delivery, the value of information and the need to manage it responsibly have grown dramatically. At the same time, rapid innovation, global competition and increasing system complexity present profound challenges for information security and privacy.
Nowadays, cyberspace touches nearly every part of our lives. Industry or domains such as governments, military, corporations, financial institutions, and hospitals collect, process and store a great deal of confidential information on computers and transmit that data across networks to other computers. With the growing volume and sophistication of cyber attacks, ongoing attention is required to protect sensitive business and personal information. Cyber-security is most important especially at government affairs when sensitive and national security information is exchanged between user and government officers.
As the global transport community moves further into a digital environment, facilities are increasingly connected to, and dependent on, cyber systems. This includes almost every facet of their operations, such as financial and human resources management, security systems, navigation, communications and the operation of key systems and equipment. As industries worldwide have turned towards greater reliance on cyber-systems, organized crime, state-sponsored hackers, terrorists and other malicious actors have turned towards exploiting weaknesses in cyber-security to gain intelligence, facilitate illegal activities and cause economic and physical damage.
Just as an example of cyber-security issue of relevance to the transport community, around 1,400 passengers of the Polish airline LOT were grounded at Warsaw’s Chopin airport on June 21, 2015 after hackers attacked the airline ground computer systems used to issue flight plans. The computer system was hacked in the afternoon and fixed after around five hours, during which 10 of the state-owned carrier’s national and international flights were cancelled and about a dozen more delayed.
Fights against cyber threats to information assets is really a top-priority, and harmonised approach should be undertaken to prevent successful hacking.
About cyber security concerns in the maritime domain
The maritime sector is not immune to these potential vulnerabilities: multiple examples of actual breaches have been experienced, and cyber defenses do not appear to have been developed adequately addressing the threats being faced. In the following a not exhaustive list of successful cyber attacks that affected the maritime domain has been reported to provide a deeper insight to the problem and provide some useful evidences:
- The Iranian shipping line IRISL suffered from a successful cyber attack in 2011 that damaged all the data related to rates, loading, cargo number, date and place such that no one knew where containers were, whether they had been loaded or not, which boxes were onboard the ships or onshore;
- In late 2013 it was made public that the Port of Antwerp had been subjected to a persistent cyber attack, whose penetration allowed the cyber criminals to have remote access to the terminal systems, and thereby they were able to release containers to their own truckers without knowledge of the port or the shipping line. Furthermore, the access to port systems was used to delete information as the existence of the container after the fact.
- Eight logistic companies underwent a cyber attack to their hardware scanners. These equipment were infected with a malware that was pre-installed within them before delivery to the companies. As a consequence, when the scanners were plugged into the companies’ network it launched a series of automated attacks searching the company network for the ERP financial server with the scope to compromise it;
- An attack was detected in 2013 to Japanese and Korean targets in a few business sectors whereof shipbuilding and maritime operations were explicitly listed. These attacks ware aimed at providing a backdoor access into the targeted companies in order to extract documents, email account credentials as well as passwords allowing access to resources within the network;
- In 2012 crime syndicates had penetrated the cargo systems operated by the Australian Customs and Border protection, allowing them to check whether their shipping containers were regarded as suspicious by the police and customs authorities, As a consequence, the containers with contraband were abandoned whenever such attention was identified by the criminals;
- In 2010 a drilling rig was being moved at sea from its construction site in South Korea towards South America. Its critical system became infected with malicious software to such a degree that it had to shut down for 19 days in order to clear the issue.
Unauthorized access or alteration of cyber-systems could result in compromised strategic, proprietary, or personal information, exploitation of cyber-systems for nefarious purposes, or temporary loss of, or damage to, critical systems. Insufficiently robust cyber-security practices could therefore potentially lead to a loss of life, increased criminality in the maritime sector or, given the importance of the maritime sector to international trade and supply chains, an operational disruption with significant adverse economic consequences.
Advancement in broadband technologies and the move toward ‘Big Data’ will leave the maritime industry much more vulnerable to cyber-crime unless a better awareness of ICT security is developed and security best practices specifically targeting maritime industry cyber threats are established.
Therefore, it is strongly recommended the establishment of common initiatives aiming to implement measures that will protect and enhance the resiliency of cyber systems supporting the operations of ports, vessels, marine facilities and other elements of the maritime transportation system, and ultimately safeguard the maritime industry from cyber-crime and protect very sensitive data.
Extended collaboration for a common cyber security strategy
The main goal of AnNa project is to support the effective and sustainable development of national Maritime Single Windows (MSW) in line with the EC Directive 2010/65/EU. A Maritime Single Window should allow for an advanced national electronic data flow management between ship-to-shore, the various administrations within a country and countries on an EU scale.
At the time being, security initiatives have been undertaking in AnNa in order to assist the authorities involved in the establishment of the EC Directive 2010/65/EU in ensuring the availability, integrity and confidentiality of the information managed within and among the National MSW’s. But it is not enough especially if we consider the potential growth of the network interconnecting the MSW’s and ICT systems related to the other transport modes as a result of the opportunities offered by the above Directive.
To go further, as pointed out in the “Extended Collaboration Strategy Paper” the successful implementation of a MSW can only be achieved when:
- A clear view on the feasibility on what can be realistically be achieved has been established (identified in various AnNa Activities);
- A common vision on the road ahead towards a future design is established, i.e. integrating the MSW into the general context of Single Window developments.
These two aspects identify the potential for further cooperation and harmonization of the national MSWs beyond those identified as necessary for the implementation of 2010/65/EU.
Within this contest, proposed cyber strategic priorities should cover measures in support of the following future developments:
- Toward the construction of an European Single Window House;
- Toward cloud computing approaches;
- Toward wider usage of the internet of things;
1. Towards the construction of an European Single Window House
National Maritime Single Window(s) can substantially contribute to the development of a common European digital maritime transport platform able to provide the European maritime transport industry "a place to stand on". A harmonized approach and interconnectivity of systems are indeed key factors in making the development of a high-performing value system possible so as to allow put the basis for the establishment of an EU Digital Single Market and global supply chain.
In addition to the relationship management issues between the public and private domain, which have a dramatic impact on performance of any initiatives pursuing information management in the maritime transport domain, the lack of a common security strategy can affect the implementation of an European Single Window House able to guarantee an effective fulfillment of the reporting formalities in the electronic format, to face growing cyber risks and prevent data breaches, which could have profound impacts on the performance of the entire network.
Impact on IT security:
While both public organizations and private companies are becoming increasingly dependent on their information assets, these same assets are even more vulnerable to attack. As more sensitive, confidential information and business data are moved to the digital space, the need to prevent them from being destroyed, stolen, hacked, extorted, or compromised requires the establishment of harmonized effective security approach to protect an European digital maritime transport platform against threat actors by continually monitoring the IT network to identify potential anomalies early on to prevent network wide problem.
At the same time, privacy needs to be protected by encouraging organizations to both drive and demonstrate their commitment to privacy than strict adherence to technical definition of compliance. The value to business of protecting privacy has been consistently demonstrated. Good privacy equals good business. The benefits of taking a proactive approach to privacy have many long- term benefits for businesses and their customers, which come from fostering customer trust and consumer confidence.
An harmonized framework for cyber-security policy and guidelines need to be developed and agreed by all involved parties in order to define a plan to achieve an adequate level of security associated to the overall Single Window platform. It would include requirements and recommendations to meet by all the systems and the network interconnecting them in order to achieve the desired level of security. Harmonisation of data management policies and measures throughout all involved parties is the key priority. A minimum common set of measures shall be identified and made applicable to all the involved authorities. Each authority will then have the freedom to add further and more constrained requirements, according to national laws but a baseline at EU level shall be defined.
The policy needs to be applied to all central, national or local systems. The security requirements presented in the policy shall be met by all stakeholders. Implementation recommendations to fill the requirement are proposed and they could be applied. The effectiveness of the measures outlined within the proposed policy is subject to their implementation and their regular update, in accordance with policy modifications, by EC and Member States.
The policy should address all the following points:
- legal compliance requirements;
- governance requirements;
- technical requirements;
- training requirements.
There is an increasing awareness that innovation, creativity and competitiveness must be approached from a “design-thinking” perspective. The same perspective is being applied to security and privacy. Both concepts must be incorporated into networked data systems and technologies, not as an afterthought, but at design phase, since their conception. Moreover, these must become integral to organizational priorities, project objectives, design processes, and planning operations.
A “security by design” approach needs to be applied in order to ensure that any ICT platforms and the network interconnecting them are designed from the ground to be secure and scaled accordingly to the needs and goals that wants to be achieved. Doing so, malicious practices are taken for granted and care is taken to minimize impact when security vulnerability is discovered or on invalid user input. It is essential to impose a security-by-design approach to the whole process, in order to make it effective and adopted by the users. Therefore a precise analysis and risk assessment shall be carried out to identify the possible weak points and evaluate the information leakage threats.
In particular, the following three aspects of security by design approach are encouraged to be taken into consideration to provide solutions that are both holistic, robust, and are embedded by default:
- Software security assurance: it includes the development and implementation of methodology and practices for weaving security into the design, building, testing, and maintenance of software systems in order to decrease the risk of introducing security vulnerabilities. Therefore, design and functional specifications should have specific sections covering security assurance issues ranging from handling data correctly, through mandatory security training for development and the use of automated analysis and testing tools to secure configuration guidance at installation. Equally important are transparent security vulnerability disclosure and remediation policies, including security alert programs and security patching through managed system updates. Further key areas of system development are data validation, user management, session management, and auditing and logging.
- Preserving privacy in the overall environment: identity-related data protection and the ability to preserve the confidentiality of information are becoming the top-priority concerns when it comes to governance and legal compliance. It becomes essential to agree a common Identify Governance Framework (IGF) for the definition of administrative policies to securely and confidently share sensitive personal information between systems that need such data, without having to compromise on business agility or efficiency. These include rules for application access, policies about the use of personal or corporate data, legal and regulatory requirements
- Ensuring identity across different systems: the interoperability of systems required to make the integrated SW network possible needs to ensure that identities are passed securely across multiple users supporting heterogeneous applications and security systems. Specific standards (e.g. Secure Socket Layer, SSL) need to be implemented to encrypt a communication between two parties so that the messages transmitted between them are not vulnerable to attackers, while in transit-
The “privacy by design” approach is based on seven main principles:
- Proactive not reactive, preventative not remedial: the privacy by design approach is characterized by proactive rather than reactive measures. It anticipates and prevents privacy-invasive events. It does not wait for risks to materialize, nor does it offer remedies for resolving infractions once they have occurred. It aims to prevent them from occurring. In short, it comes before the fact, not after;
- Privacy as the default setting: privacy by design seeks to deliver the maximum degree of privacy by ensuring that personal data are automatically protected in any given IT system or business practice. If an individual does nothing, his or her privacy remains intact. No action is required on the part of the individual to protect his or her privacy. It is built into the system, by default;
- Privacy embedded into design: privacy is embedded into the design and architecture of IT systems and business practices. It is not bolted on as an add-on, after the fact. The result is that privacy becomes an essential component of the core functionality being delivered. Privacy is integral to the system, without diminishing functionality;
- Full functionality – positive-sum, not zero-sum: privacy by design seeks to accommodate all legitimate interests and objectives in a positive-sum or doubly enabling “win-win” manner, not through the dated, zero-sum approach, where unnecessary trade-offs are needlessly made. It avoids the pretense of false dichotomies, such as privacy vs. security, demonstrating that it is possible, and far more desirable, to have both;
- End-to-end security – full lifecycle protection: privacy, having been embedded into the system prior to the first element of information being collected, extends throughout the entire lifecycle of the data involved, from start to finish. This ensures that at the end of the process, all data are securely destroyed, and in a timely fashion. Thus, privacy by design ensures cradle to grave, lifecycle management of information, end-to-end;
- Visibility and transparency – keep it open: privacy by design seeks to assure all stakeholders that whatever the business practice or technology involved, it is in fact, operating according to the stated promises and objectives, subject to independent verification. Its component parts and operations must remain visible and transparent, to users and providers alike. Remember, trust but verify;
- Respect for user privacy – keep it user-centric: above all, privacy by design requires architects and operators to keep the interests of the individual uppermost by offering such measures as strong privacy defaults, appropriate notice, and empowering user-friendly options. Keep it user-centric – focused on the individual. Respect for user privacy (like the other privacy by design principles) is not a stand-alone principle. It is intertwined with the remaining principles, enabling users to become empowered to play an active role in the management of their personal data. This in turn creates an effective check against abuses and misuses, and ensures higher levels of data quality and accuracy
The developments in both security by design and privacy by design have demonstrated a need to move beyond compliance, to focusing on technical and regulatory rules. There is a growing body of evidence to suggest that these paradigms are both converging and complementary and thereby should both be embedded, by default, into the architecture, design and construction of information processes. This will also allow for avoiding any possible conflict between privacy and security or, even worse, between the hardening of the system and its performances.
2. Towards cloud computing approaches
The MSW development is strongly correlated with the evolution of the global supply chain toward a digital connected environment. Indeed, an integrated Single Window should help foster the collaboration between the public and private domain, and create trust between the different operators within the supply chain itself. To reach this goal, the definition of a common approach to create synergies in ICT related maritime and land transport freight flows – supply chain integration is really envisaged.
In this contest, it becomes essential to recognize that many more machines and devices will be increasingly involved in the emerging digital connected supply chain. The on-going digital revolution is not expected to mark the end of the machine age, but the Internet and digital communications are indeed going to take machines to entirely new levels of interaction, productivity and usefulness. With the rise of the Internet of Things, widespread mobility and information everywhere, machines and devices across the supply chain are on the cusp of delivering their full value to transform the way companies operate. As a consequence, costs are reduced while productivity and competitiveness are increased along the line.
On the other hand, this will inevitably result in the generation of enormous amount of data, which have to be stored, processed and accessed. Cloud computing has long been recognized as a paradigm for big data storage and analytics. The combination of cloud computing and IoT can enable ubiquitous sensing services and powerful processing of sensing data streams beyond the capability of individual “things”, thus stimulating innovations in both fields. For example, cloud platforms allow the sensing data to be stored and used intelligently for smart monitoring and actuation with the smart devices. Novel data fusion algorithms, machine learning methods, and artificial intelligence techniques can be implemented and run centralized or distributed on the cloud to achieve automated decision making. These will boost the development of new applications such as smart cities, grids, and transportation systems.
Impact on IT security:
New challenges however arise when systems meet cloud and when functionalities are widespread. There is an urgent need for novel network architectures that seamlessly integrate them, and protocols that facilitate big data streaming from machines or devices to the cloud and integrating functionalities and services physically residing in different places but logically interconnected. In addition, data security, privacy, and reliability are critical concerns during this integration process as cyber-risk exposure is expected to enhance significantly. It will take extensive security and the establishment of high levels of trust before stakeholders are comfortable implementing full supply chain connectivity. The challenge then is to make the connected supply chain a safe reality, as free as possible from cyber-risks.
Billions of connected machines and devices will equate to billions of discrete digital identities. As this multitude of machines communicate each other, their unique digital identities will have to be secured and managed to enable the safe exchange of data from system to system, and from systems to people and their mobile devices.
Given the huge number of machines and devices that will be involved in a fully connected supply chain, and the fact they will all be Internet-connected, a centralized cloud-based platform approach to identity management and security will be the optimal solution. Identities can be managed using role-based and contextual information, changes and updates can be centrally managed, and the cloud-based processing infrastructure will be able to scale smoothly and economically.
It is also worth pointing out that cloud security concerns about data loss and privacy due to the shared nature of cloud services and the loss of physical control still continue to frustrate broader adoption. The general thinking is that if you have the data and equipment in your possession, then it’s less likely to be compromised as if things outside of our own control are innately less secure. Nowadays, Cloud Service Providers (CSP) claim to protect customer data by offering strong cloud encryption, such as AES 256-bit cryptography. This could mislead organizations to think that since their CSPs already offer encryption, there’s no real need to add any more, particularly if adding more means increasing their cloud security investment. Unfortunately, the types of encryption that many CSPs provide just are not enough. CSPs’ security policies should indeed include both encryption “in transit” and encryption “at rest”. Encryption “in transit” is simply encryption of data traffic as it passes between your machine and the CSP’s data center, or vice versa. Encryption “in transit” can protect data in motion from hackers and spies who are attempting to intercept it. Encryption “at rest”, on the other hand, encrypts data while it is in storage on the CSP’s servers. As cybercriminals set their sights on cloud hosting providers, encryption at rest certainly matters. It protects the data when it is neither in motion nor in use by the cloud application - while it is at rest, in other words. Encryption at rest keeps data secure in case the CSP’s storage infrastructure is compromised and the data it contains exposed.
The real trouble today, and much more in the future time, is that cloud computing makes it possible to log in from any device and any location at any time. As a consequence, data are very unlikely to spend much time at rest therefore the information risk remaining much time not protected.
For true cloud data security, what is really required is a third flavor of encryption: encryption “in use”. Encryption “in use” will keep data safe from unauthorized viewers even while the data is being handled by the cloud application, preserving key functionality like search and sort without sacrificing a moment of security. With attacks on the cloud on the rise, encryption “in use” is becoming increasingly critical.
A possible solution to ensure organization’s data privacy in the cloud is the development of tools that offer functionality-preserving encryption in use, such as Searchable Strong Encryption (SSE). With SSE applied at a granular, field-level basis to the types of data required to be used most often in the cloud, and then it will be possible to keep sensitive information protected when it would otherwise be at its most vulnerable: while in use by the cloud application of choice.
3. Towards the wider usage of the Internet of Things (IoT)
The Internet of Things (IoT) will be one of the most transformative technological trends to impact global society since the invention of the World Wide Web.
Transportation has already been very active in the Internet of Things development, with transportation and logistics companies being some of the first to adopt IoT in their daily business. The transformative power of IoT has already made an impact on the traditionally conservative maritime industry. In fact, maritime has an advantage over many other industries when it comes to IoT implementation and adoption. For decades, ships have been carrying a multitude of sensors onboard, collecting data that, until recently, has not been utilized and analyzed to optimize the maritime operations. The Industrial IoT may be as disruptive for maritime as the steam engine or the introduction of cargo containers were in the past. Accelerated by open source software, wireless, and mobile technologies, the adoption of IoT by the maritime industry has already begun.
Impact on IT security:
While the opportunities for embracing IoT are incredibly exciting, it is essential to be aware that success in the Internet of Things is strongly dependent on security. It is well recognized that security and personal privacy, data privacy and protection from malicious attack, and general integration and data management are the top challenges in designing, deploying and engaging customers with IoT applications.
At its most basic level, security for the Internet of Things depends on ability to identify devices and their masters, and protect the data that those devices and masters manage and share. A trusted device is one we can reliably identify and associate with a manufacturer or provider. The devices should be able to communicate with the masters, as well as other devices of the same type. A trusted master is expected to securely communicate with dependent devices, and issue firmware/software updates to those devices in a way that provides assurances that the code is authentic and unmodified.
From such a perspective, change opens new and unfamiliar vulnerabilities for cyber criminals to exploit. Therefore, it is crucial to ensure encryption is an integral component of how information is shared. Equally, the processes have to be user-friendly, device agnostic and at a network-level if they are to succeed. In addition to that, it is strongly recommended the development of appropriate protection technologies to enable security in the wireless communication between small devices.
Encryption is the foundation of trust for IoT. Communication between devices and their masters requires encryption as it validates who can talk to whom and validates what is sent as being valid. In addition, as sensitive data travels through the cloud and IoT environment, it should be encrypted to prevent interception. Likewise, stored data should be transparently and seamlessly encrypted to prevent theft.
As an example, an interesting emerging protection technology is based on a random number generator: it grants two parties that conduct wireless communication access to a synchronized sequence of random numbers. From this sequence cryptographic keys can be derived so that these keys are only shared by pairs of communication partners and not by all devices within the network. Thus, the problem associated with a single key shared by all devices has been solved. Doing so, attacks may scale strongly. Moreover, the key changes regularly; thus, many advanced attacks become less effective and, ideally, inapplicable.
Other initiatives to foster extended collaboration on cyber-security
Further two elements of possible extended collaboration have been also identified. First concern is about the poor level of awareness of cyber-security issues in the shipping industry, which suggests establishing cooperation with on-going and future initiatives at the shore level. Second issue is associated with emerging technologies which could be adeguately further develop to deal with the increasing number of users logging into cyber-systems.
Shipowners against cyber attacks
In line with the future development of MSW’s, ship-owners should begin struggling against cyber threats to their assets, and the industry should be doing much more to develop secure onboard networks. Cyber security is becoming an increasingly important issue even for the maritime industry as ships are becoming more connected and consequently get open to a growing number of threats including those associated with the need to fulfill the reporting formalities in electronic formats.
The main cyber threats are the hacking of onboard systems, the hijacking of communications between shore and the ship, and the infection by malware in key ship systems. And as more onboard systems are run by computers, hackers may gain access to those that control ship operations, potentially causing shutdowns, vessel downtime and equipment damage. Hackers may be able to access ship data and information sent to shore, such as monitoring or cargo reports, which could be used for economic espionage. They may gain access either from remote connections, such as through the satellite link, or from onboard equipment. These can include IP-linked networked peripheral devices, such as public announcement speakers and external CCTV cameras, or diagnostic ports on equipment, and removable storage devices. Hackers could also access systems through network routers and gateways, or via short range wireless connections, such as Bluetooth and WiFi, or from optically readable codes and radio frequency identifiers. The issues will become even more important as the industry develops e-navigation and considers more onboard automation.
To deal with these issues, IMO’s Facilitation Committee launched two inter-sessional working groups to examine ways to improve information security. The need to protect and enhance the resiliency of systems supporting the operations of ports, vessels, marine facilities and other elements of the maritime transportation system should encourage the development of international guidelines on cyber security practices covering even the security of communications to vessels. It is therefore strongly recommended that shipping stakeholders enforce their collaboration with IMO’s Maritime Safety Committee (MSC) in the identification of appropriate measures to implement secure interfaces between the integrated communications and shipboard systems. In this context, IMO’s MSC may take benefit of the on-going initiatives in AnNa on security of MSW platforms to foster the definition of international standards to improve security levels of integrated ship-to-shore networks.
A look at the remote future
With the increasing number of users logging into cyber-systems, which contains sensitive or private information and/or controlling critical equipment or processes, it becomes much more critical the need to manage and monitor their access to protect the information against cybercriminals.
Online authentication mechanisms have grown increasingly difficult for IT security teams as employees and customers expect to access online services and e-commerce sites from a myriad of devices. With password fatigue reaching new heights, many security professionals want stronger authentication methods that eliminate the complexities and risks associated with the integration of online credentials and identity management.
A possible way forward to cope with this need is the implementation of specific technologies like those based on the Fast Identification Online (FIDO) protocol that make possible to identify a user using a biometric scanner, such as a scan of your retina or your ear, for example, right out of the device’s box.
FIDO (Fast ID Online) is an open standard for a secure and easy-to-use universal authentication interface created to address the lack of interoperability among strong authentication devices. Microsoft will support the latest biometric authentication methods as an alternative to passwords in Windows 10 in a move that will put a smile on the face of both enterprise customers and consumers alike.
The move means that Windows 10 will support the next version of the Fast Identification Online (FIDO) specification thus letting laptops and other devices running Windows 10 use any one of a wealth of biometric readers instead of a regular password.
What’s interesting about FIDO is that the technology is not limited to a System Logon. While all of this sounds very attractive, in reality it has a long way to go before we see ourselves logging onto a network with our eyeballs, transferring funds using a finger scan or logging onto web portals using a PIN number.
Nevertheless, it would be worth putting the basis for the implementations of this exciting technology by starting develops technical specifications to define an open, scalable, interoperable set of mechanisms able to reduce the reliance on passwords to authenticate users logging onto MSW systems.