Maritime, one of the oldest and most competitive industries, requires the integration of new technologies, to increase collaboration, efficiency and sustainability. Adopting advanced technologies may bring benefits, but also carries risks. Ships are increasingly relying on the automation, networking and digitalization of workflows. As technology continues to develop, on-board IT and OT systems are being networked together – and are often available over the Internet.

As ships become smarter and more connected, the threat landscape expands. In the same time, attackers are evolving their tools and techniques. Therefore, the maritime industry should constantly evaluate its risk posture.

Experience

CENSUS has conducted several assessments covering different aspects of the maritime ecosystem. External Penetration Tests were performed to evaluate the security posture of the network perimeter of maritime organization infrastructures, and to ensure a hardened configuration of the satellite communication terminals that are deployed in vessels worldwide. CENSUS has also conducted Internal Penetration Testing assessments to uncover vulnerabilities in the maritime organizations’ internal network segments and to mitigate threats from evil-maid attacks or malicious insiders. Similar assessments have also been performed on the IT and OT network segments for a variety of vessel types. These assessments were conducted remotely over VPN.

Wireless Assessments were also performed on-site, to audit the wireless networks available at the organization premises and on-board the vessels. These networks are a common entrypoint for adversaries that wish to establish a foothold in the organizations’ internal networks.

To evaluate the staff and crew cybersecurity awareness, CENSUS has conducted specially designed Social Engineering campaigns for the challenging environment of the shipping industry, that included phishing attacks, client-side attacks, and credentials harvesting techniques (with content related to the customary communication workflows found in the industry).

Furthermore, the team has conducted Security Architecture Reviews and Design Level Reviews on corporate systems that are used to allow external entities to exchange information with maritime organizations. These reviews have taken place during the development process of these systems, to ensure the earliest possible mitigation of any identified issues and the delivery of robust, secure and safe services.

Finally, CENSUS has performed Web Application Security Testing on Data Acquisition and Fleet Management (SaaS) platforms (incl. ones that are based on Machine Learning and Artificial Intelligence algorithms) to investigate all of the exposed functionalities for security vulnerabilities that could compromise the organization's operations.

Services Overview

Backed by cutting-edge research, scientific processes and world class security engineering talent, CENSUS offers services to help maintain an organization’s cyber resilience and to meet the highest security standards on each vessel's internal and external network.

To overcome cybersecurity challenges in the Maritime sector CENSUS provides a variety of services including:

• Threat Modeling
• Pre-emptive Security Reviews for Design & Architecture documents of new digital solutions
• Tiger Team, Red Teaming, Penetration Testing and Social Engineering Attacks towards the organization
• Source Code Auditing or Application Security Testing services for any deployed software solutions
• Specialized IoT and OT Device Security Testing services to identify cybersecurity risks in individual electronic devices
• Vulnerability Research to uncover unknown vulnerabilities in a vessel's infrastructure
• Security Training & Consulting

More information about the industry’s challenges and solutions that CENSUS provides, can be found in the relevant whitepaper.