Category Archives: Internet Security
Learning from Lets Encrypts 10 years of success – InfoWorld
Foundations have a hit-or-miss success rate in software, generally, and open source, specifically. Im on the record with 908 words of eyerollfor the Open Enterprise Linux Association and OpenTofu, given the conspicuous absence of cloud vendor support. Yet Ive also recommendedprojects like Kubernetesprecisely because of their foundation-led community support. Foundations can help foster community but are in themselves no guarantee of success.
This is why Lets Encrypt and the Internet Security Research Group (ISRG) are so fascinating. There is no obvious reason they shouldve succeeded, yet 10 years in, ISRGs Lets Encrypt has issued more than four billion certificates to secure more than 360 million websites. Its also likely that the nonprofits Prossimo, a memory safety project, and Divvi Up, a privacy-preserving metrics system, will follow that pattern, even as many other foundations fail to deliver similar victories (OpenStack, anyone?).
The question is why. Why did Lets Encrypt succeed, and what can other nonprofits or open source projects learn from it?
One key reason for Lets Encrypts success is that it solved a big problem. When Lets Encrypt was founded in 2013, just 28% of page loads were secured on the web. There were plenty of options that were available [like TLS and SSL], says Sarah Gran, vice president of communications at ISRG, but they were not widely used. In order to really advance the security of the web, this needed to change, and it needed to change more commensurate with the pace of the growth and dependence on the Internet that people were having every single day.
Lets Encrypt didnt try to change things with public service announcements. They focused on automation and reducing the complexity of getting a certificate. The more easily developers could adopt and apply certificates to their websites, the more likely they were to use them. Convenience is the killer app for developers, asRedMonks Steve OGrady has posited.
It also helped that ISRG and its Lets Encrypt initiative werent trying to compete with commercial certificate authorities. Were not here to be heroes, says Gran. All were trying to do is solve a problem. By working alongside proprietary providers of certificates, Lets Encrypt could focus on solving the problem of Internet security, not collecting credit for doing so.
When I asked Gran to identify the secret for ISRGs success with Lets Encrypt, she didnt hesitate: We know what we do well, and we stay in that lane. And what we do well is tackle difficult engineering infrastructure problems, particularly as they relate to Internet security, which ISRG tackles through the lens of automation, efficiency, and scale. ISRG focuses on solving discrete problems, and in so doing has achieved outsized success with Lets Encrypt. That same foundation-led focus should help it with Prossimo and Divvi Up.
Clearly, ISRGs foundation approach has worked, enabling it to work alongside corporate competitors without being competitive. However, its important to note that foundations arent essential to a software projects success. In the world of certificate authorities, Comodo and Digicert thrive alongside Lets Encrypt. Outside the realm of Internet security, its much the same story. It would be hard to argue that HashiCorp, MongoDB, Elastic, etc., arent wildly popular with attendant business success. Nor is it true that introducing a foundation to a market guarantees it will trounce single-vendor products. Speaking of HashiCorp, even as he launchedthe OpenTofu projectto provide an open source, foundation-backed fork of HashiCorps Terraform, Linux Foundation CEO Jim Zemlin told me that he believes both Terraform and OpenTofu will succeed for different reasons.
Terraform, in his view, will succeed because its great software with a credible company behind it. He also sees OpenTofu taking a big share of the market: Nobody wants to invest large engineering resources into a project that isnt neutrally owned or is owned and controlled by a single commercial entity. This will lead to better investment in OpenTofu. Despite the relatively small companies contributing to OpenTofu today, Zemlin believes downstream vendor dependence on the codeveloped OpenTofu will create a larger ecosystem as more providers reinvest to improve their downstream products.
Maybe. Foundation-led projects fail all the time.
Why did Kubernetes succeed while OpenStack failed, despite both being filled to the brim with foundation-led communities? According to Zemlin, it turns out containers [Kubernetes] were the right abstraction for cloud computing workloads and not VMs [OpenStack]. Technology matters. No foundation can overcome being on the wrong side of customer choice for particular technologies.
This brings us back to ISRG and its mission. Similar to its observation in 2015 about website security, today ISRG sees an equally big issue with memory safety. As Gran puts it, We looked at our infrastructure and various infrastructures out there that the Internet is reliant upon, and we saw how much of it is written in C and C++, with all their problems of memory safety, bugs, and vulnerabilities. Why is this a problem now? After all, such languages have had issues for a long time. Gran credits Microsoft and Google for acknowledging that the vast majority of their vulnerabilities stemmed from memory safety problems, which pinpointed memory safety as a big issue, and one that could be solved through languages like Rust.
Will they succeed in a similar way as Lets Encrypt? Nothing is certain, but the confluence of a big problem with a clear technology that can help (Rust, in this case) makes success far more likely. Whether youre a nonprofit foundation or a for-profit company, a focus on solving a customer problem, along with a bit of luck in customer technology choices, seems to guarantee success.
Go here to read the rest:
Learning from Lets Encrypts 10 years of success - InfoWorld
High severity flaw patched in widely used curl tool – CSO Online
The developers of the curl open-source software application and library have released patches for two vulnerabilities in the widely used command-line tool. One of the flaws is rated with high severity and could potentially be exploited by rogue servers to execute malicious code on systems that access them with curl under certain conditions.
Curl, which is short for client for URL, is a cross-platform and portable command-line tool designed to transfer data or files to and from URLs. Dating back 27 years, it supports many internet communication protocols and technologies including DICT, FTP, FTPS, Gopher, HTTP 1/2/3, HTTP proxy tunneling, HTTPS, IMAP, Kerberos, LDAP, MQTT, POP3, RTSP, RTMP, SCP, SMTP, and SMB. In addition to the command-line tool, curl also provides a library called libcurl that many other applications can integrate to benefit from the functionality.
Daniel Stenberg, the maintainer of curl, made an announcement last week that an important security patch will be released on October 11 to fix probably the worst curl security flaw in a long time. The flaw, tracked as CVE-2023-38545, is a heap buffer overflow and affects curl versions 7.69.0 to 8.3.0 and was patched in version 8.4.0 released Wednesday.
The second flaw, CVE-2023-38546, affects only libcurl and allows for arbitrary cookies injection into a program that uses libcurl. However, the issue is considered low severity.
A buffer overflow is a type of security vulnerability that happens when a program writes data in an allocated memory buffer in a way that exceeds the size of the buffer and the data spills into other memory regions overwriting data there. Buffer overflows can at the very least result in application crashes (denial of service), but in many cases, controlled exploitation can lead to arbitrary code execution.
This is also the case with CVE-2023-38545. While proof-of-concept exploits have only demonstrated denial of service for now, researchers believe its only a matter of time until code execution is achieved. The good news is that only certain configurations of the tool are vulnerable, and they are not the default ones.
Seeing that curl is an ubiquitous project it can be assumed with good confidence that this vulnerability will get exploited in the wild for remote code execution, with more sophisticated exploits being developed, researchers from DevOps security firm JFrog said in their analysis. However - the set of pre-conditions needed in order for a machine to be vulnerable is more restrictive than initially believed. Therefore, we believe the vast majority of curl users won't be affected by this vulnerability.
The vulnerability is located in curls implementation of the SOCKS5 proxy handshake. SOCKS5 is a network protocol for tunneling data from a client to a server through a proxy server and is widely used on the internet.
When curl is asked to access an URL through a SOCKS5 proxy it can behave in two ways: if the hostname of the URL is 255 bytes long or less, it will ask the SOCKS proxy to resolve it. However, if the host is longer than 255 bytes, the application will switch to local hostname resolution because the SOCKS5 protocol doesnt allow for hostnames longer than 255 bytes. After resolving the hostname locally, curl will only forward the resulting IP address to the proxy.
Due to a bug, the local variable that means let the host resolve the name could get the wrong value during a slow SOCKS5 handshake, and contrary to the intention, copy the too long hostname to the target buffer instead of copying just the resolved address there, the curl developers said in their advisory.
This can lead to a buffer overflow if the allocated download buffer is too small to fit the long hostname. An attacker could trigger this from a malicious server by performing a redirect to an address with a long hostname.
For an overflow to happen it needs a slow enough SOCKS5 handshake to trigger the local variable bug, and the client using a hostname longer than the download buffer, the maintainers said. Perhaps with a malicious HTTPS server doing a redirect to an especially crafted URL. Typical server latency is likely slow enough to trigger this bug without an attacker needing to influence it by DoS or SOCKS server control.
Multiple pre-conditions need to be met for an exploit to work and they are different for libcurl and the curl CLI tool. According to JFrog, the libcurl library is only vulnerable if used in any of the following ways:
The Curl CLI tool is only vulnerable if any of the following conditions are true:
Moreover, even if these conditions are met, exploiting this flaw using a hostname is not easy because the curl parser only allows ASCII characters in URLs and will invalidate any arbitrary bytes. This makes it hard to build a payload.
More:
High severity flaw patched in widely used curl tool - CSO Online
Newest Ransomware Trend: Attackers Move Faster with Partial … – Check Point Blog
On Wednesday morning, May 3, 2023, security personnel with the City of Dallas were horrified when their security software alerted them that they had likely become the target of a ransomware attack. Multiple servers across a range of departments were affected: 911 dispatchers, courts, and police services couldnt use their computers for days.
It later emerged that sensitive data had been stolen[1]800,000 files containing full names, home addresses, Social Security numbers, dates of birth, and the health and insurance data of at least 30,000 city employees and other individuals. Two weeks later, the Royal ransomware group, which took responsibility for the attack, threatened to release the information. In particular, police officers and others whose data had been stolen feared the data could fall into the hands of violent offenders who might try to retaliate[2].
The City of Dallas wasnt the first government to be hit by ransomwareor the first ransomware attack where lives could have been lost. The Royal ransomware group was originally part of the Conti group, which previously took credit for bringing the entire Irish healthcare system to a halt in 2021[3].
One of the reasons Royal was able to strike so quickly and effectively in Dallas is that they took advantage of todays fastest-growing ransomware trend: partial encryption.
The term partial encryption may sound more benign at first than traditional attack strategies, since theoretically less damage is being done. However, in fact, its no less devastating to organizations that find themselves under attack.
In this post, well explore the emergence of partial encryption as a strategy to make cybercrime even more profitable, which industries are at risk, and finally, a few key steps to help you protect your business.
Encryption is a tried and true strategy for malware actors. Malware within the victims systems leaves their data in place but completely inaccessible. Attackers then demand a price to unlock the data so victims can resume business as usual. In a second-tier strategy, in the event that victims refuse to pay, attackers can still make money by selling the compromised data.
Based on this model, ransomware has become big business over the last decades. And like all big businesses, attackers are always seeking to optimize their operations and find more efficient, cost-effective ways to achieve the same or better results.
Encryption in particular can be very time-consuming, especially for large amounts of data. This has led attackers to seek more efficient, effective ways to render victims data inaccessible unless they pay the ransom.
Partial encryption, also known as intermittent encryption, has emerged as just one example of increasingly sophisticated attack tactics, often in readily available off-the-shelf ransomware products that are openly sold on the darkweb much like traditional software.
Rather than encrypt the entire compromised system, partial encryption does just that: It encrypts a portion of the victims files either at random, encrypting a predetermined percentage of the data, as Royal ransomware does[4], or encrypting only the most important files, as determined by fingerprinting: financial documents, photos, and personal information. Ransomware can also selectively encrypt files related to a particular project or task, bringing it to its knees until payment is made.
For attackers, the advantages of partial encryption over complete encryption are clear:
Royal ransomware is particularly insidious because it not only uses partial encryption but also a multithreaded model, another increasingly popular strategy. In a single attack, there is only one ransomware process; a multithreaded attack uses multiple CPU cores to encrypt files simultaneously. This can quickly overwhelm the available processing power and make the attack more difficult to stop; even if one or two child processes can be stopped, the others will continue to encrypt files. This means that multithreaded ransomware attacks can be very destructive.
Even more frightening, todays attackers have begun using a triple extortion strategy. With a double extortion strategy, as previously described, attackers not only hold the encrypted drives for ransom, they threaten to release or sell encrypted data if the organization does not pay. For the victim, this means that even if files can be restored from a backup, they must still pay to avoid data leakage.
However, a triple extortion strategy unfolds, as the name suggests, over three stages:
However, whether ransomware attackers use one of these new strategies or a more traditional approach, the goal is always the same: to extort money. And the truth is that even after paying up, few organizations can reconstruct 100% of their compromised data.
Therefore, the best defense against todays ransomware is thwarting attacks altogether.
When combating ransomware, its important to understand who youre up against. Todays ransomware attackers are far from the stereotypical hooded criminal-in-a-basement, although that may have been who was behind very early ransomware, 10 to 15 years ago. Attackers back then would use broad-scale, fairly obvious, and generally imprecise attacks that succeeded in bringing in small amounts of money.
Today, like all technology industries, ransomware has matured beyond these modest origins. Ransomware gangs have formed larger-scale enterprises and brought talented developers on board to research and implement increasingly sophisticated techniques, methods deployed against wealthier targets to reap the highest rewards.
And these illicit enterprises have found safe havens in places like Russia, Asia, and Eastern Europe. Today, in addition to these large and highly professional enterprises, hostile governments and other nation-state entities are using ransomware for nation-level intelligence-gathering operations. And beyond literal warfare, ransomware has become a powerful digital weapon in corporate warfare as well.
There are numerous hacking groups out there, but a few leading ones deserve a mention.
A likely nation-state group and the developer of Pipedream, U.S. law enforcement has called this modular industrial control system (ICS) toolset a Swiss army knife for attacking utility companies[5] (electricity, water, natural gas) in the U.S. and Europe.
An opportunistic group affiliated with Iranian hacking groups Phosphorus and Nemesis Kitten, Bentonite leverages known vulnerabilities in maritime oil and gas, government, and manufacturing infrastructure.
BlackCat is a relatively new ransomware group that popped up in late 2022. It is known for its sophisticated encryption and ability to target a wide range of organizations. It is believed BlackCat is operated by a group of Russian-speaking cybercriminals and is known to use intermittent encryption[6] via customizable byte-skipping patterns.
Before being brought down by the U.S. FBI, German law enforcement, and the Dutch National High-Tech Crime Unit, this ransomware group had extorted over $100M by terrorizing healthcare organizations, schools, and public infrastructure worldwide. While the investigation is ongoing, Hive is believed to have ties to the Kremlin[7].
In just the first half of 2023, 48 ransomware groups including these and otherssuch as Ryuk, Medusa, Play, LockBit3, and many morehave breached over 2,200 victims, 45% of whom are in the U.S.
These groups use two main vectors to introduce ransomware: through software vulnerabilities, which are unintentional weaknesses or flaws in applications or code libraries that can go unpatched for years, and social engineering techniques, such as phishing. Attacks often combine these two strategies, or use variations such as callback phishing attacks, which are commonly used by the Royal ransomware group, the group behind the Dallas attack.
Regardless of how individual groups operate, and which encryption technologies theyre using, the consequences can be dire, as in an August 2023 ransomware attack on two Danish cloud hosting companies that resulted in the total loss (to encryption) of all customer data[8]. An unidentified attack group demanded 6 bitcoins in ransom (approx $155,000 as of this writing), an amount CloudNordic was unable to pay; the company has since shut down its operations.
There are several sectors that find themselves frequently targeted by ransomware attacks.
Medical IT departments are both the most obvious and the most sensitive target since lives are most clearly on the line. When the Rhysida ransomwaregroup, which had gained notoriety for its attack on the Chilean army, attacked Prospect Medical in August of 2023[9], the companywhich operates 16 hospitals and numerous clinics all over the U.S.was forced to use paper charts until systems could be restored.
Healthcare data is both sensitive and valuable; it also features a large threat surface and a wide range of device types, including a mix of old and new technologies. This type of environment is hard to securely administer and update. This is especially true of medical IoT devices, which are often not built securely by design. Finally, healthcare organizations are historically more likely to pay ransoms compared with other industries, specifically so that life-saving operations will not be interrupted.
The year 2022 brought an average of 1,426 attempted breaches per week per organization in the healthcare industry, a 78% year-over-year increase. There was also a distinct uptick in mortality following a cyber attack, although attributing deaths directly to ransomware is almost impossible due to the complexity of the events involved.
Deaths connected with ransomware attacks can come about due to slowdowns, meaning delays in important surgeries and other care, as well as a lack of electronic health records, leading to a higher chance that patients will be given the wrong medication or an incorrect dose. In a recent Ponemon study of healthcare IT professionals, almost half (45%) said ransomware led to increased complications from medical procedures[10], up from 36% just a year earlier.
Just as school was starting back in September of 2021, Howard University, one of the U.S.s five largest historically black colleges and universities, was forced to cancel classes due to a ransomware attack[11].
Attacks against higher education institutions are on the rise, with at least eight reporting ransomware attacks[12] since December 2022. Why are attackers targeting these schools? Colleges and universities are seen as attractive targets because they hold valuable data and their IT departments are often understaffed and outdated, with limited security resources. Educational institutions are also considered slower to recover than other sectors.
Despite the fact that 64% of higher education institutions experienced attacks[13] in the past year, many are still unwilling to discuss these incidents due to the negative influence they may have on a schools reputation. Unfortunately, because of this silence, others in the sector may not realize that they are at riskfurther perpetuating the cycle.
In February of 2023, MKS Instruments, a little-known U.S.-based supplier to major players in the semiconductor industry, woke up to every manufacturers worst nightmare: a ransomware attack. Hackers compromised production and business systems, leading to predictions of $200M in losses from the attack. But the worst may be yet to come: Employees have filed a class action suit[14], claiming that the company did not adequately protect their sensitive personal data.
Attacks on semiconductor companies have continued: Taiwan Semiconductor Manufacturing Company (TSMC) itself, the worlds largest chip manufacturer, was hit by the LockBit ransomware group in June 2023. The group demanded $70M, adding: In the case of payment refusal, also will be published points of entry into the network and passwords and logins company.
But the semiconductor sector is not alone; almost every major field of manufacturing is being targeted. In fact, the manufacturing sector has been the industry most heavily hit by ransomware[15]. The primary vector is unpatched vulnerabilities, particularly in industrial control systems. Manufacturers may also be more likely to pay ransoms to avoid production disruptions and financial losses, as well as devastating repercussions up and down the supply chain.
Although these three industries are among the most frequently targeted, attacks like the one in Dallas, the cloud providers in Denmark, and other victims profiled above reveal the broader truth that any organization storing sensitive data is at risk today, from financial services and insurance to retail and logistics.
Thats especially true now, with partial encryption likely to increase in popularity as ransomware gangs study one anothers techniques. As more and more adopt this hyperefficient technique, they will find it easier and more effective than ever to steal your assets and avoid interception. So regardless of your industry, now is the time to take a few important steps to protect your organization from ransomware.
All comprehensive security strategies begin with a comprehensive assessment of what you need to protect, including OT assets that may be the weakest link in your organization.
When it comes to ransomware attacks, hackers usually take advantage of times when people are not as vigilant. In the past year, most breaches have occurred on weekends and holidays.
Keep up to date with a rigorous patching regimen, since known vulnerabilities are a popular attack vector. Also, automate patching wherever possible.
Trojan malware infections like Trickbot, Emotet, Dridex, and Cobalt Strike should be dealt with immediately, as these can all be used to let ransomware in the door; similarly, taking steps to prevent phishing and train users can help foster a culture of security.
Store multiple copies of data in different locations (cloud, on-premises, and physical locations), and establish a backup testing regimen. Remember, never attach an uninfected backup to an infected computer. This could spread the ransomware to the backup and make it impossible to recover your data.
Reduce the impact of a potential attack with security measures such as strong user authentication and network segmentation to limit the radius of an attacks spread.
It is important to note that none of these measures can provide complete protection. And particularly in light of the fact that partial encryption is notoriously difficult to detect, your best bet is a comprehensive anti-ransomware solution.
The best way to keep your organization safe is effective threat prevention with an organization-wide anti-ransomware solution that uses up-to-the-minute threat intelligence data along with advanced algorithms that work automatically in the background, around the clock.
Check Point Harmony is the first unified security solution that protects users, devices, and internet connections from the most sophisticated attacks, including phishing, zero-day ransomware, and more. It also ensures that users only have access to the applications they need, which helps reduce the risk of data breaches.
Check Point Harmony delivers peace of mind with a total, holistic defense against malware:
Check Point Harmony is prevention-focused, stopping attacks before they become a threat to your organization. Powered by real-time threat intelligence through Check Points ThreatCloud AI and backed by the industry-leading Check Point Research team, Check Point Harmony gives you todays best security, hands down.
Talk to one of Check Points ransomware experts and get started safeguarding your business from todays most urgent ransomware threats.
Register for the Webinar on October 18th: Concerned about Ransomware? Understand the Inner Workings of an Attack:
[1] https://statescoop.com/dallas-ransomware-sensitive-data/
[4] https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-061a
[5] https://www.wired.com/story/pipedream-ics-malware/
[7] https://www.theguardian.com/us-news/2023/jan/26/hive-ransomware-servers-seized-us
[8] https://techcrunch.com/2023/08/23/cloudnordic-azero-cloud-host-ransomware/
[10] https://www.healthcareitnews.com/news/ransomware-stakes-are-life-or-death-says-ponemon-report
[11] https://techcrunch.com/2021/09/07/howard-university-cancels-classes-after-ransomware-attack/
[14] https://www.scmagazine.com/news/mks-instruments-lawsuit-ransomware-attack
Continue reading here:
Newest Ransomware Trend: Attackers Move Faster with Partial ... - Check Point Blog
Generative AI is scaring CISOs but adoption isnt slowing down – CSO Online
The march of generative AI isn't short on negative consequences, and CISOs are particularly concerned about the downfalls of an AI-powered world, according to a study released this week by IBM.
Generative AI is expected to create a wide range of new cyberattacks over the next six to 12 months, IBM said, with sophisticated bad actors using the technology to improve the speed, precision, and scale of their attempted intrusions. Experts believe that the biggest threat is from autonomously generated attacks launched on a large scale, followed closely by AI-powered impersonations of trusted users and automated malware creation.
The IBM report included data from four different surveys related to AI, with 200 US-based business executives polled specifically about cybersecurity. Nearly half of those executives -- 47% -- worry that their companies' own adoption of generative AI will lead to new security pitfalls while virtually all say that it makes a security breach more likely. This has, at least, caused cybersecurity budgets devoted to AI to rise by an average of 51% over the past two years, with further growth expected over the next two, according to the report.
The contrast between the headlong rush to adopt generative AI and the strongly held concerns over security risks may not be as large an example of cognitive dissonance as some have argued, according to IBM general manager for cybersecurity services Chris McCurdy.
For one thing, he noted, this isn't a new pattern -- it's reminiscent of the early days of cloud computing, which saw security concerns hold back adoption to some degree.
"I'd actually argue that there is a distinct difference that is currently getting overlooked when it comes to AI: with the exception perhaps of the internet itself, never before has a technology received this level of attention and scrutiny with regard to security," McCurdy said.
Global think tanks have sprouted up to study the security implications of generative AI, he highlighted, and although there's a great deal of education that needs to happen in C-suites, organizations are generally moving in the right direction.
"In other words, we're seeing that security isn't an afterthought, but a key consideration in these early days," McCurdy said.
It's important to recognize that the positive impact of generative AI on business operations has the potential to be transformative, he added. If security, to say nothing of governance and compliance, are part of the conversation from the beginning, cyber threats don't need to stand in the way of progress.
"There is a lot of focus on how AI will impact organizations positively, but it's our responsibility to also consider what guardrails we have to put in place to ensure the AI models we rely on are trustworthy and secure," McCurdy said.
More here:
Generative AI is scaring CISOs but adoption isnt slowing down - CSO Online
3 ways AWS is helping to make the internet more secure – About Amazon
At the end of August, AWS security teams noticed a new type of HTTP request flood targeting customers. Request floods are a type of distributed denial of service (DDoS) attackdeliberately designed to make a website or application unavailable to users. These kinds of attacks have unfortunately become a common problem for cybersecurity teams to fend off. But this one was different, and of a size and scale not seen before.
DDoS attacks are evolving. People have found a way to talk to web servers much more aggressively and at much higher rates than in the past, said Tom Scholl, AWS vice president and distinguished engineer. A request flood is essentially someone asking for data. The server goes to get that data, but then the requester doesnt want it. Its a bit like calling someone repeatedly and hanging up as soon as they answer. If you have more than 100 million requests at once, this can consume large amounts of resources and prevent normal traffic from being processed. This particular attack, known as the HTTP/2 Rapid Reset Attack, was driving more than 155 million requests per second.
If a DDoS attack succeeds, it can cause havoc for businesses, drive up costs, and affect people just trying to go about their daily lives. It could, for example, stop you from making bank transfers, viewing information from your health care provider, or watching your favorite show. If gamings your thing, you might not be able to log on, or you could get disconnected halfway through playing.
Thanks to the efforts of AWS engineers, AWS customers were quickly protected from this new DDoS attack. Together with other tech companies, AWS also worked on developing further mitigations, to improve how such attacks are handled across the industry.
We come at a problem like this from several angles, said Scholl. We bring together all of our in-house expertise to rapidly work on fixes, while at the same time we identify other areas that might be vulnerable. In the case of a new kind of DDoS type, we also build a reproduction in our labs of whatever the bad actors are doing, to better understand how their attack works and to test the strength of our systems against it.
Scholl said that collaborating with industry peers to share knowledge on the most effective engineering approaches is also vital to preventing attacks.
Ultimately, were trying to make the internet a safer and more secure place, not only for our customers, but for every legitimate web user, wherever they are in the world, he said.
Here are three ways AWS is helping to prevent DDoS attacks and disrupt the infrastructure responsible for generating them.
Attackers often use botnets to power their DDoS attacks. A botnet is a network of computers that has been infected by malware or other destructive software designed to interfere with normal programming. The affected machines, which could total tens of thousands, are controlled by a server. The server can instruct them to carry out an attack at the same time, in an attempt to overwhelm a system. Through our MadPot threat intelligence tool, we can detect and identify botnets, and identify where the botnet is being controlled from. Well then engage with domain registrars and hosting providers to shut down that point of control. This stops the botnet itself from being able to participate in any attacks.
One common technique that DDoS actors use is IP spoofing, sending messages as part of an attack while disguising the source to make it hard to stop the activity. Historically, IP spoofing has been a challenge for security teams to deal with because its so hard to identify the true source. (Imagine if you simultaneously received a thousand calls on your phone from a thousand different numbers. You would need to trace back step-by-step to find each messages originating network.) Because AWS runs a large global network footprint, interconnecting with thousands of unique networks, we can directly engage with our peer networks to trace an attack back to the source and shut it down. We work with a variety of network operators to engage in trace-back exercises to shut down the infrastructure used for these kinds of attacks.
A proxy server is a computer that acts as a kind of gateway between a user and the internet. Popular examples include software packages, like Squid. DDoS actors take advantage of freely open proxy servers, which anyone can use, to hide their attacks. They will actively scan for open proxies to use them when they generate HTTP request floods, allowing them to hide their true origin when attacking a target. When a target observes an attack, they see it coming from the thousands of proxy servers that are live on the internet, rather than from the true source. With our MadPot threat intelligence tool, were able to trace back the true sources connecting to these proxies and engage with the upstream hosting provider to shut them down.
Here are three tips for how you can keep your business more secure online.
Security is a collaborative effort, according to Scholl. Thats where services such as Amazon CloudFront can help, whether your business is a startup or an established enterprise. CloudFronts global footprint, DDoS mitigation systems, and traffic management systems are designed to handle large influxes of traffic, good or bad. Scholl said a useful metaphor for thinking about how CloudFront works is to imagine an incredibly strong, reinforced front door. If someone threw a heavy rock at it, they might be able to scratch a tiny part, but the door itself would remain intact. When combined with AWS Shield services to specifically address DDoS, customers have a good set of tools at their fingertips to address DDoS-related threats.
Making sure you regularly patch and update the software your business relies on is crucial to ensure you have the latest security updates. These updates are designed against the latest known vulnerabilities. We recommend that customers who operate their own HTTP/2-capable web servers check with their web server vendor if they are affected by this recent attack and, if so, install the latest patches from their vendors to address this issue.
One of the best ways for you to protect yourself and your business online is through multi-factor authentication (MFA). This is a security best practice that requires a second authentication factor in addition to your username and password sign-in credentials. It offers an added layer of protection to help prevent unauthorized individuals from gaining access to your systems or data. AWS customers can learn more in this blog post about MFA.
For more information on how AWS keeps its customers secure, visit the AWS Cloud Security website. For a deeper dive on how we helped disrupt the DDoS attack in August, visit the AWS Security Blog.
Follow this link:
3 ways AWS is helping to make the internet more secure - About Amazon
Internet Security Firewall Market By Sales, Production, Price and Forecast to 2029 | SAP, Hewlett Packard E… – SeeDance News
In its detailed study Global Internet Security Firewall Market, by MarketQuest.biz extensively evaluates the large companys entire current situation and central factors. It effectively generates the necessary information and computational methods to help in the making of the best work plan and determining the correct trajectory for optimal available bandwidth for retail investors, which is accomplished by selecting to stay on top of the significant drivers, recent developments, undiscovered prospects, accusations, and limitations, as well as challenges and fundamental regional centres for the Internet Security Firewall market.
The inquiry begins with examining the Internet Security Firewall markets terminology, classification, and market surveys. Nonetheless, it is well-versed in the various product characteristics, supply networks, manufacturing processes, and value propositions. The analysis is divided into regions, kinds, and applications to offer a comprehensive picture of the components of this worldwide sector Internet Security Firewall.
Get Exclusive Sample Pages of Internet Security Firewall Market https://www.marketquest.biz/sample-request/147590
It assesses the market in terms of divisions, nations, manufacturers/companies, and revenue share and sales by powerful countries in each of these regions (2023-). The report considers the worldwide Internet Security Firewall markets growth and restraint factors. Our analysts have used various techniques to collect dependable data for stating growth drivers in the worldwide Internet Security Firewall market.
The key companies featured in the global Internet Security Firewall market report are
The study identifies the following research applications:
The study includes the subsequent segmentation based on product types:
The following are the key regions and countries highlighted in the worldwide Internet Security Firewall market research:
To Learn More Details, Read the Report: https://www.marketquest.biz/report/147590/global-internet-security-firewall-market-2023-by-company-regions-type-and-application-forecast-to-2029
It will provide acceptable parameters for building a plan for capitalizing on commercial opportunities for their companies health and profitability. Furthermore, the worldwide Internet Security Firewall market research includes a critical assessment of the customer journey to assist organizational decision-makers in making an effective plan to convert more prospects into customers.
Major Points Covered In The Report:
Customization of the Report:
This report can be customized to meet the clients requirements. Please connect with our sales team (sales@marketquest.biz), who will ensure that you get a report that suits your needs. You can also get in touch with our executives on +1-201-465-4211 to share your research requirements.
Contact UsMark StoneHead of Business DevelopmentPhone: +1-201-465-4211Email: sales@marketquest.biz
Other Related Reports:
See more here:
Internet Security Firewall Market By Sales, Production, Price and Forecast to 2029 | SAP, Hewlett Packard E... - SeeDance News
Internet Security Firewall Industry Is Expected To Experience … – The Meade County Messenger
A recently uploaded market research study on Internet Security Firewall Market 2023 from Marketintelx focuses on industry growth, market scope, development trends, as well as initial and future estimation of the market. The key highlights and features of the global Internet Security Firewall industry report represent the essential features and characteristics of the industry. The report analyzes the Research Methodology overview including Primary Research, Secondary Research, Company Share Analysis, Model including Demographic data, Macro-economic indicators, and Industry indicators: Expenditure, infrastructure, Research Limitations, and Revenue Based Modeling.
Request a Sample Report of Internet Security Firewall Market @ https://marketintelx.com/sample_request/6138
Introduction And Overview:
The market analysis consists of key development trends, industry trend analysis, future opportunities in the global Internet Security Firewall market, product growth factor analysis, and key market segments of the market. The report analyzes and offers ideas of exhaustive research on ancient and recent market size. The report provides a detailed analysis of competitors analysis and their key strategies, key company profiles, product scope, market overview, opportunities, breakdown of upstream raw material suppliers and downstream buyers. It also describes product types, applications, and regional analysis that is trending in the market.
The key companies profiled in the report are:
Sap, Hewlett Packard Enterprise, Cellusys, Openmind Networks, Tata Communications, Anam Technologies, Amd Telecom, Adaptive Mobile, Infobip, Evolved Intelligence, Mobileum, Omobio
Market Segmentation
By type
Cloud-BasedOn-Premise
By application
Small And Medium EnterpriseLarge Enterprise
The cost analysis of the Global Internet Security Firewall Market has been performed while keeping in view manufacturing expenses, labor cost, and raw materials and their market concentration rate, suppliers, and price trend. Other factors such as Supply chain, downstream buyers, and sourcing strategy have been assessed to provide a complete and in-depth view of the market. Buyers of the report will also be exposed to a study on market positioning with factors such as target client, brand strategy, and price strategy taken into consideration.
The report then includes an assessment of various drivers, technological innovations, upcoming technologies, opportunities, market risks, restraints, market barriers, challenges, trends, competitive landscape, and segments which gives an exact picture of the growth of the global Internet Security Firewall market. The report offers different facts and figures for a basic understanding of the business. The study then strategically profiles the key players and analyzes their development, mergers and acquisition, and the R&D investment created by the competitors.
Critical Features Of The Report:
The report provides regional-level analysis for regions covering:
The report helps global Internet Security Firewall market players build future business master plans and discover global competition. Different market forecasts related to market size, production, revenue, consumption, CAGR, gross margin, price, and other key factors are provided for 2023 to 2030 time-period. In addition, the report includes regional analysis and market dynamics. The development scope, feasibility study, market concentration, and maturity analysis are elaborated in this report.
Chapters Covered in Market Report Are as Follow:
Buy Exclusive Report @ https://marketintelx.com/checkout/?currency=USD&type=single_user_license&report_id=6138If you have any special requirements, please let us know and we will offer you the report at a customized price.
Contact us
Sarah Ivans | Business Development
Phone: +1 805 751 5035
Phone: +44 151 528 9267
Email: [emailprotected]
Website: http://www.marketintelx.com
Go here to see the original:
Internet Security Firewall Industry Is Expected To Experience ... - The Meade County Messenger
Internet Security Market to grow by USD 23.34 billion from 2021 to 2026 | Growth Driven by Rapid adoption of BYOD policy- Technavio – Yahoo Finance
NEW YORK, Oct. 6, 2023 /PRNewswire/ -- The "Internet security marketby solution(products and services),geography (North America, APAC, Europe, South America, and the Middle East and Africa) - Forecast and Analysis 2022-2026" report has been added to the technavio offering.With ISO 9001:2015 certification, Technavio has proudly partnered with more than 100 Fortune 500 companies for over 16 years. The potential growth difference for the internet security market from 2021to 2026 is USD 23.34 billion, according to Technavio.The rapid adoption of the BYOD policy is a key factor driving market growth.In an evolving business environment, it is becoming essential for organizations to create mobile workforces so that they can compete. Implementation of BYOD results in the elimination of hardware device costs. Such policies are preferred by employees as they allow them to use a single device for both personal and professional work. In addition, a secure network management package that can be provided by corporate routers is needed because of the increased adoption of BYOD policies. The focus will be on 3G and 4G wireless routers for SMEs and individual customers who use high volumes of data.Hence, these factors are expected to drive market growth during the forecast period.Get deeper insights into the market size, current market scenario, future growth opportunities, major growth driving factors, the latest trends, and much more. Buy the full report here
Technavio has announced its latest market research report titled Global Internet Security Market 2022-2026
Market Challenge
The high cost of deployment is a significant challenge restricting market growth.The cost of a strong internet security system will be dependent on the price of licensing products, i.e., what level of customization is necessary in line with the end user's particularities and how long they maintain these products. Due to new cybersecurity hackers' easy access to traditional security features, like firewalls, enterprises should invest in more efficient and automated solutions that can flag anomalies before they become a problem. The cost of software licensing, system design and modifications, implementation, training, and maintenance for a single organization shall be part of the overall installation costs.Hence, these factors are expected to restrict market growth during the forecast period.
Story continues
Learn about additional key drivers, trends, and challenges available with Technavio. Read Free Sample PDF Report Now
The internet security market is segmented bySolution(Products and Services),and Geography (North America, APAC, Europe, South America, and Middle East and Africa).
The internet security market share growth by the productssegment will be significant during the forecast period. A higher level of sales of hardware security components is expected to have a positive impact on product segment revenue. Year over year, the rapid adoption of hardware components providing comprehensive security, e.g., firewall and intrusion detection and prevention mechanisms, as well as ITDPs to secure network infrastructures, are projected to lead to an increase in annual growth rates for hardware security components. Developed countries have used many smart medical technologies; Emerging countries such as India and China have also started using such technologies. Additionally, multiple cases of malware attacks have affected hospital networks. As a result, hospitals are increasingly using IoT security solutions to prevent malware attacks on devices such as pacemakers, insulin pumps, and defibrillators.Hence, these factors are expected to drive segment growth during the forecast period.
View FreeSample Report for insights into the contribution of all the segments and regional opportunities in the report.
Key Companies in the Internet Security Market:
AO Kaspersky Lab, Cisco Systems Inc., Dell Technologies Inc., Fortinet Inc., HCL Technologies Ltd., Hewlett Packard Enterprise Co., Infineon Technologies AG, Intel Corp., International Business Machines Corp., Microsoft Corp., NortonLifeLock Inc., NTT Corp., Palo Alto Networks Inc., Penta Security Systems Inc., SecureLink Inc., Sophos Ltd., Tata Consultancy Services Ltd., Thales Group, Trend Micro Inc., and Wipro Ltd.
Related Reports:
TheUnified Endpoint Management(UEM)marketis estimated to grow at aCAGR of 36.96%between 2022 and 2027. Themarket size is forecast to increase byUSD25,741.83 million.
Thenetwork security software marketis estimated to grow at aCAGR of 11.14%between 2022 and 2027. Themarket size is forecast to increase byUSD 17.51 billion.
ToC:
Executive Summary
Market Landscape
Market Sizing
Historic Market Sizes
Five Forces Analysis
Market Segmentation by Solution
Market Segmentation by Geography
Customer Landscape
Geographic Landscape
Drivers,Challenges, &Trends
Company Landscape
Company Analysis
Appendix
About Technavio
Technavio is a leading global technology research and advisory company. Their research and analysis focus on emerging market trends and provide actionable insights to help businesses identify market opportunities and develop effective strategies to optimize their market positions.With over 500 specialized analysts, Technavio's report library consists of more than 17,000 reports and counting, covering 800 technologies, spanning across 50 countries. Their client base consists of enterprises of all sizes, including more than 100 Fortune 500 companies. This growing client base relies on Technavio's comprehensive coverage, extensive research, and actionable market insights to identify opportunities in existing and potential markets and assess their competitive positions within changing market scenarios.
Contacts
Technavio ResearchJesse MaidaMedia & Marketing ExecutiveUS: +1 844 364 1100UK: +44 203 893 3200Email:media@technavio.comWebsite:www.technavio.com
Global Internet Security Market 2022-2026
Cision
View original content to download multimedia:https://www.prnewswire.com/news-releases/internet-security-market-to-grow-by-usd-23-34-billion-from-2021-to-2026--growth-driven-by-rapid-adoption-of-byod-policy--technavio-301949787.html
SOURCE Technavio
The rest is here:
Internet Security Market to grow by USD 23.34 billion from 2021 to 2026 | Growth Driven by Rapid adoption of BYOD policy- Technavio - Yahoo Finance
ClearDATA to add SaaS option for its health data security and … – SiliconANGLE News
Healthcare data security and compliance company ClearDATA Inc. announced today that itshealthcare-native cloud security posture management CyberHealth Platform will soon be available as a software-as-a-service offering and that its expanding its services and support options for all customers.
The ClearDATA CyberHealth Platform is designed toensure security, compliance and privacy in the healthcare sector. The platform is equipped with hardened images aligned with Center for Internet Security benchmarks and possesses in-depth documentation of healthcare technical reference architectures.
Architectures are mapped to various regulatory frameworks such as the U.S. Health Insurance Portability and Accountability Act, the Health Information Trust Alliance and the European Unions General Data Protection Regulation, ensuring a robust security infrastructure to safeguard sensitive healthcare data.
The core of the CyberHealth Platform involves cloud security posture management, or CSPM, which ClearDATA argues is crucial for automating and enforcing continuous cloud security and healthcare compliance. The platform allows healthcare organizations to securely scale their operations within the public cloud domain.
The platform provides protection and scalable management of sensitive healthcare data, applications and devices, with support for Amazon Web Services Inc., Microsoft Azure and the Google Cloud Platform. The company says it has the ability to prevent, detect and remediate compliance drift and sensitive data security gaps, ensuring a secure and compliant cloud environment.
When data is in the cloud, hospitals can provide better services, pharmaceutical companies can manufacture better medicines, and physicians can provide better care good data can save lives and is one of the most valuable and most vulnerable assets in healthcare, said Chief Executive Rick Froehlich. ClearDATAs solutions ensure data is readily accessible and completely secure, so healthcare organizations can confidently and successfully modernize their healthcare delivery without sacrificing the security of their patients.
ClearDATA is a venture capital-backed company, having raised $102 million, according to Tracxn, including a round of $25 million in 2015. Investors in the company includeHeritage Group LLC, HLM Venture Partners LLC,Flare Capital Partners LLC, Norwest Venture Partners LP, Merck Global Health Innovation Fund LLC and Excel Venture Management LLC.
TheCUBEis an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate thecontent you create as well Andy Jassy
THANK YOU
See the original post:
ClearDATA to add SaaS option for its health data security and ... - SiliconANGLE News
Digital Piracy Returns to Sea: Protecting Autonomous Ships from … – War On The Rocks
In June 2017, the shipping giant Maersk was hit with a major cyber attack. Malicious software locked files on employee computers, completely halting Maersks port operations. Even with a supposedly quick response from Maersk, the attack shut down 76 port terminals and ended up costing the company $300 million.
Commercial shipping has made major strides in recent decades toward digitalization. Supply-chain concerns, green technology, and costs across the industry have led to a new push for automation. This promises greater efficiency, but it also creates a massive new target for cyber attacks. Where the internet once borrowed the term piracy from the maritime domain, we are rapidly reaching the point where it will be possibly to digitally hijack a container ship on the high seas.
To address this risk, the International Maritime Organization should issue specific guidance and standards for securing large autonomous networks, including listing uniquely vulnerable systems. Many have questioned the enforcement capabilities of the International Maritime Organization. But its guidance works, both in building consensus and in driving specific changes within the global shipping industry. Working with port authorities, shipping companies, and national governments will require major adaptations to the existing cyber security space. The threat environment will continue to evolve. The shipping industry should adapt to new cyber security challenges to stay afloat.
Existing Vulnerabilities
Commercial ships are already equipped with many systems that can be exploited by cyber attacks. Traditionally, system vulnerabilities are broken up into those that effect information technology and operational technology. Information systems deal with data and business information, whereas operational systems deal with a vessels onboard hardware and software. The Maersk attack was identified primarily as an information system attack, affecting ships only through business side delays and changes. When traversing maritime spaces, ship operations rely on limited business data and information systems. Thus, the primary concern with onboard cyber security surrounds operational systems. However, as interconnectivity becomes increasingly common and necessary, this distinction is quickly becoming outdated.
With billions of dollars worth of goods crossing the ocean every day, a close watch on what occurs on each ship and the proceedings of crews is a necessary part of the industry. All large commercial ships contain vital operational systems including global positioning systems, which track the position of each ship, automatic identification systems, which communicate with ports for ship identification purposes, and electronic chart display and information systems, which provide advanced navigation. Combined with a handful of other navigation and communication systems (including dynamic vessel positioning, NAVigational TEleX, and radar), these electronic networked systems constitute the conventional operational cyber attack surface area.
The most effective attack vector on traditionally networked ships is physical onboard intrusion. Intrusions onto ships and advanced at-sea piracy remain threats to physically based systems. Even docking at port can precede physical intrusion, as onboard systems can be infected with the injection of malicious software through careless use of USB-based storage devices. If chart display systems are tampered with, ships can be pushed off course, resulting in major delays at best and deliberate ship collisions at worst. Penetration testing of major chart manufacturer systems revealed multiple vulnerabilities that can be exploited relatively easily.
In addition to physical intrusion on individual ships, relevant operational subsystems are networked to each other with internationally standardized protocols, namely National Marine Electronics Association (NMEA) communication standards. The standardization of shipborne control networks under unified protocols means that an individual or group that can access one ship can likely already access an untold number of ships. The current industry standard, NMEA 0183, controls a variety of subsystems, including propulsion, steering, and global positioning systems. The shift from physical cable communication and intraship remote networking creates significant vulnerabilities. NMEA 0183 can be easily accessed through a variety of means, including physical computer-based attacks and, more recently, remote attacks. Remote network intrusion or phishing attacks can occur on modern vessels, but operational systems are traditionally best accessed through physical intrusion. This is why current cyber security guidance starts with the crew. These guidance principles are still upheld, but increasing connectivity has started to make them less relevant.
Risks of Autonomous Shipping
In recent years, new developments in autonomous ships have emphasized cost savings and logistical efficiency. First, autonomous ships offer major financial benefits, as crews account for 30 percent of current maritime shipping costs. Second, human error accounts for up to 96 percent of maritime accidents. This, coupled with improvements in energy efficiency and environmental concerns, makes autonomous ships an inevitable development in shipping. The International Maritime Organization has defined the development path of maritime autonomous surface ships in four degrees: automated processes, remote-controlled ships with onboard crews, remote-controlled ships with no onboard crews, and fully autonomous ships. The United Nations has already called for updated legal frameworks and rulemaking to accommodate the development of new ships and systems. But despite international attention and massive potential benefits, a future of fully autonomous ships creates even more security threats.
While the International Maritime Organization has been at the forefront of developments in autonomous ships and has been important in standardizing and guiding autonomous ships, it has lagged in understanding the cyber security risks. The future of autonomous shipping relies on interconnected networks, not only within ships, but also between ship and port. The development of remote-controlled systems means operational systems will be connected to information systems. This means the International Maritime Organization will have their work cut out for them, as regulation and guidance enforcement will be in the hands of port regulators and port authorities. Cyber security is already a large component of port security, but direct access to shipping operational systems will inevitably increase risk.
On the boats themselves, human-in-the-loop systems necessitate that a remote pilot have access not only to ship propulsion systems but also to external data collection and analysis systems. As an interim to full autonomy, semi-autonomous control with or without onboard crews revolves around the increased digitization and networking of almost all shipborne systems. More specifically, semi-autonomous ships rely not just on decision-making processing centers, but also on a robust sensor package that integrates information and operational systems. This includes voyage information, real-time navigation information, and object detection. The integration between situational awareness tools, voyage logistics systems, and ship propulsion systems has been traditionally provided by human pilots and onboard crew. Without a human pilot, however, these previously disconnected systems are routed through a decision-making processing unit, marrying information and operational. Integrating multiple systems through a central processing center increases the area in which an attack can occur. This highlights the importance of break once, break everywhere resistance.
Automation will significantly increase remote hijacking risk. International organizations will have to be aware of the massive amounts of information coming in and out from each ship and the risks associated with different port authorities and different boats. With crewless ships, the development of systems to ensure the safety of cargo and shipping assets will be paramount for effective maritime security. Furthermore, special care should be taken for different ships. The amount of information shared between larger ships with more complex systems will likely be greater than between smaller ships with fewer systems.
Connections between ship and control center are increasingly provided by the Long Range communication technique. Within the Long Range umbrella, Long Range Wide Area Network protocol has become the strongest candidate for novel ship networking. The Long Range Wide Area Network is a unique tool that allows for remote command and control, allowing for a center to track and evaluate ship movements from thousands of miles away with real-time connectivity. Additionally, the navigational challenges that rougher waters, like the Arctic, present are ones that Long Range Wide Area Network communication protocol is uniquely equipped to tackle.
Unfortunately, Long Range Wide Area Network communication is vulnerable to hijacking. Internet device communication through the network can be intercepted, decrypted, and spoofed. These methods are already known to attackers, giving malicious actors access to ship systems anywhere in the world. Moreover, internet devices are designed to augment and enhance existing systems. NMEA 0183 is currently being phased out for the more modern NMEA 2000 protocol. NMEA 2000-compatible and internet-enabled devices are increasingly common. However, NMEA 2000 appears no more secure than other existing ship communication protocols and exhibits the same issues as NMEA 0183. This means that not only can remote hijacking of communication packages occur but, in many cases, attackers also will be able to access operational systems like propulsion, steering, and ballasting. In the event that a ship is hijacked with no physical crew onboard, remote systems patching is the only possible way to deter or resolve potential cyber attacks.
Another emerging technology that could potentially replace Long Range techniques is SpaceXs Starlink system. Columbia Shipmanagement has begun to try out Starlink systems on vessels already, testing robust connections between information and operational systems through the internet. Because of the novelty of Starlink, cyber attack development is at a much earlier stage than it is with Long Range communication. However, Starlink has its own vulnerabilities. Satellite networks mean that global access would be theoretically possible given the right attack vector. With relatively simple and cheap off-the-shelf devices, researchers have already accessed Starlink-enabled devices, which in a maritime context could give attackers access to ship systems.
Impacts of Autonomous Cyber Security Risk
Systems that are interconnected will need to be protected differently than conventionally separated and relatively isolated systems. The capacity to defend the shipping industry from cyber threats no longer revolves around the crew alone, but also involves international standards, central planning, network vendors, and network administrators.
Current attack vectors on self-driving cars are a glimpse of possible effects on autonomous ships. The most visible threat is direct hijacking of ship propulsion and steering through access to operational systems. These threats are most apparent in second- and third-degree autonomous ships, where propulsion systems can be controlled remotely. Hijackers taking control of a ship and causing a major shipping delay through deliberate collisions or simply throwing ships off course would cost stakeholders billions of dollars. The blocking of Suez Canal traffic in 2021 cost $9.6 billion per day. A capable actor with malicious intent could feasibly do significantly more damage to even more trafficked areas like the English Channel. On ships with active crews, hijacking could lead to not only billions of dollars in financial loss, but loss of life as well.
Increasing the degree of autonomy on shipping shifts the threat environment. With fourth-degree autonomous ship routes, direct remote control of propulsion subsystems becomes more difficult. However, studies indicate that the more vulnerable subsystems in autonomous ships will be in their navigation systems. Intercepting and tampering with global positioning system communication or chart systems would not only give attackers access to up-to-date and specific information on ship whereabouts (increasing potential physical security risks) but would also give attackers the ability to replace input navigation data. Relative isolation between navigational systems and propulsion is impossible for fully autonomous systems. With fully autonomous ships relying on navigation data to move, faulty inputs or blocked data could lead to collisions or altered courses, resulting in the same hefty financial losses as direct hijacking.
New Guidance for New Threats
Increased cyber security vulnerabilities via autonomous ships are not an unknown development. Security frameworks are actively being developed by independent researchers, and many different actors are trying to do their part. To their credit, the International Association for Classification Societies, the Digital Container Shipping Association, and the International Chamber of Shipping have published their own studies and guidelines for autonomous cyber security. As recently as 2022, NATO published its own study on cyber security, including explicit analyses of information and operational systems, although it did not establish guidelines for autonomous ship development.
However, a major gap in guidance exists coming from the International Maritime Organization. As an organization under the United Nations, this body has a crucial responsibility to fulfill. The International Maritime Organization does publish cyber security guidance, giving a broad overview of potential issues in shipping. The most recent version of the organizations guidance contains two references to automation, both in the introduction. Updated International Maritime Organization standards between 2021 and 2022 do not include updated guidance for the automated shipping environment despite accelerating developments in autonomous ships occurring each year.
Staying ahead of the curve requires that the International Maritime Organization predict and adapt quicker than it historically has. The International Maritime Organizations 107th Maritime Safety Committee session convened in June 2023 and promised to discuss, among other things, issuing new cyber security risk guidelines for autonomous ships. New guidance has not been published yet, nor has the existing the information/operational distinction been reconsidered. Instead, the Maritime Safety Committee cyber risk management guidance doubles down on it. To combat cyber vulnerabilities, the International Maritime Organization should break away from the notion that information and operational will remain separate and mutually exclusive.
Understanding the convergence of information and operational technology will allow individual shipping companies and the industry writ large to better harden themselves against cyber attack. International Maritime Organization cyber guidance remains a series of recommendations. However, they can draw attention to the need for network encryption and the isolation of operation-critical instruments, thereby pushing the industry to improve its practices. The best case scenario would be for the International Maritime Organization Legal Committee to establish legal guidance with binding effects. At the very least, International Maritime Organization guidance can encourage more frequent risk assessment and emphasize the risks specifically associated with autonomous ships. If its cyber security guidance does not reflect an expansion in cyber attack vectors, the future of security in autonomous shipping is in dire straits.
Alex Li is a masters of international affairs student at the School of Global Policy and Strategy at the University of California, San Diego. His work and research have focused on conflict and national security, particularlythe intersection between industrial economies and war.
Image: U.S. Navy photo by Chief Mass Communication Specialist Roland Franklin
Continued here:
Digital Piracy Returns to Sea: Protecting Autonomous Ships from ... - War On The Rocks