Managing safety globally throughout the fleet
Aeromarine has reached an agreement with the company S2-Grupo, specialized in cybersecurity products and services, to offer turnkey solutions for the naval and maritime sectors, adapting them to each customer needs
Aeromarine has reached an agreement with the company S2-Grupo, specialized in cybersecurity products and services, to offer turnkey solutions for the naval and maritime sectors, adapting them to each customer needs
a specific solution for every need
The ships that are currently operating do not have protection systems that reduce the risks of cyber-attacks. We offer the services, hardware and software necessary to implement cyber-resilience on board, starting from the stage each customer needs.
IMPLEMENTATION STAGES
- Assets´Inventory
- Risk and Vulnerability Analysis
- Definition and implementation of cybersecurity frameworks: policies, procedures and technical controls
- Development of Asset Use Guidelines
- Integration of the Cibersecurity Plan with the ISM
- Specialized training and awareness for the crew and the rest of the organization's personnel
- Analysis of the existing Cybersecurity Plan
- Onboard Assets Inspection
- Architecture and communications analysis
- Evaluation of the controls deployed effectiveness
- Penetration Test
- Prioritized action plans (short, medium and long term)
- Installation, deployment and operation of cybersecurity monitoring hardware and software at the ship:
- Sensors / Connectors (Argos)
- Alert Correlation Engine (Tritón)
- ATP analysis (Carmen)
- installation of cybersecurity monitoring software at the office:
- Management Module (Emas)
- Dashboards (Hera)
- S2 Grupo SOC Monitoring
- Management Module (Emas)
- Dashboards (Hera)
IMPLEMENTATION STAGES
- Assets´Inventory
- Risk and Vulnerability Analysis
- Definition and implementation of cybersecurity frameworks: policies, procedures and technical controls
- Development of Asset Use Guidelines
- Integration of the Cibersecurity Plan with the ISM
- Specialized training and awareness for the crew and the rest of the organization's personnel
- Analysis of the existing Cybersecurity Plan
- Onboard Assets Inspection
- Architecture and communications analysis
- Evaluation of the controls deployed effectiveness
- Penetration Test
- Prioritized action plans (short, medium and long term)
- Installation, deployment and operation of cybersecurity monitoring hardware and software at the ship:
- Sensors / Connectors (Argos)
- Alert Correlation Engine (Tritón)
- ATP analysis (Carmen)
- installation of cybersecurity monitoring software at the office:
- Management Module (Emas)
- Dashboards (Hera)
- S2 Grupo SOC Monitoring
- Management Module (Emas)
- Dashboards (Hera)
sAFETY DEFINITION IN EACH STEP OF THE SHIPBUILDING
It allows introducing safety as one more parameter to take into account when building a ship. It facilitates the decision to buy and implement resilient equipment and the adoption of cybersecurity standards, which allows to obtain a cyber-resilient ship. We offer the services, hardware and software necessary to guide shipyards throughout the process.
IMPLEMENTATION STAGES
- Project planning and management
- Analysis and identification of the cybersecurity requirements of the new build
- Development of the documentation needed to stat the project
- Coordination with shipyard, integration and suppliers
- Documentation analysis of all assets to protect
- Consulting and support to shipyard, integrators and suppliers
- Solution review
- Assets tests
- Assets and Systems Integration Testing
- Compliance tests with applicable standards
- Acceptance Tests
- Installation, deployment and operation of cybersecurity monitoring hardware and software at the ship:
- Sensors / Connectors (Argos)
- Alert Correlation Engine (Tritón)
- ATP analysis (Carmen)
- installation of cybersecurity monitoring software at the office:
- Management Module (Emas)
- Dashboards (Hera)
- S2 Grupo SOC Monitoring
- Management Module (Emas)
- Dashboards (Hera)
IMPLEMENTATION STAGES
- Project planning and management
- Analysis and identification of the cybersecurity requirements of the new build
- Development of the documentation needed to stat the project
- Coordination with shipyard, integration and suppliers
- Documentation analysis of all assets to protect
- Consulting and support to shipyard, integrators and suppliers
- Solution review
- Assets tests
- Assets and Systems Integration Testing
- Compliance tests with applicable standards
- Acceptance Tests
- Installation, deployment and operation of cybersecurity monitoring hardware and software at the ship:
- Sensors / Connectors (Argos)
- Alert Correlation Engine (Tritón)
- ATP analysis (Carmen)
- installation of cybersecurity monitoring software at the office:
- Management Module (Emas)
- Dashboards (Hera)
- S2 Grupo SOC Monitoring
- Management Module (Emas)
- Dashboards (Hera)
GLORIA, system used by the CENTRO CRIPTOGRÁFICO NACIONAL (CCN)
It is a global solution: an integrated platform for the monitoring of technological environments and data collection, applying advanced intelligence through the complex correlation of events generated from different sources, with allows an effective management of security threats.
Based on SIEM systems, it offers greater flexibility supervising OT and IT environments and allowing to:
- Detect attack patterns key indicators
- Prioritize actions
- Relate data with its source
- Manage all information centrally
To achive this, Gloria is made up of different modules:
Collects and model data from different sources, helping further analysis. In addition, it allows the centralized visualization of the monitored data and the collection of security logs. Argos displays a comprehensive and visual analysis of each source, also including the ability for forensic analysis.
A set of complex correlation rules capable of adapting to the characteristics and needs of each environment. This applied intelligence module develops and setup the correlators, optimizing threat detection. In addition, it allows to automate the response, issuing action orders to curb risks when required.
Carmen detects compromises by Advanced Persistent Threats (APT) in the intrusion phase. It uses advanced Sandboxing techniques and static analysis to detect improper use.
It works considering that the objective has already been compromised, and focus on the acquisition, processing and analysis of internal and outgoing network traffic, to identify exfiltrations or communications with Command & Control systems, as well as habitual mechanisms for maintaining persistence or the theft of information in the corporate network.
It is the console for collecting incidents that is part of the Service Management module. Emas tracks the life cycle of each registered incident, automatically or manually, using the database of assets to protect and the procedures defined in the service. All incidents are managed according to SLAs (Service Level Agreements).
Dashboard that offers an analysis of the main indicators to see the historical and real time evolution. There are two available views: internal, which show the efficiency, effectiveness, risk and load of the system; or external, designed to follow up the status of the system
Collects and model data from different sources, helping further analysis. In addition, it allows the centralized visualization of the monitored data and the collection of security logs. Argos displays a comprehensive and visual analysis of each source, also including the ability for forensic analysis.
A set of complex correlation rules capable of adapting to the characteristics and needs of each environment. This applied intelligence module develops and setup the correlators, optimizing threat detection. In addition, it allows to automate the response, issuing action orders to curb risks when required.
Its objective is to support the APT Threat Hunting investigation process.
Carmen, run a protection mechanism through detection in the intrusion phase (Breach Detection) applying advanced Sandboxing techniques and static analysis to incoming traffic. It works considering that the objective has already been compromised, and focus on the acquisition, processing and analysis of internal and outgoing network traffic (C&C and exfiltration), to identify exfiltrations or communications with Command & Control systems, as well as habitual mechanisms for maintaining persistence or the theft of information in the corporate network.
It is the console for collecting incidents that is part of the Service Management module. Emas tracks the life cycle of each registered incident, automatically or manually, using the database of assets to protect and the procedures defined in the service. All incidents are managed according to SLAs (Service Level Agreements).
Dashboard that offers an analysis of the main indicators to see the historical and real time evolution. There are two available views: internal, which show the efficiency, effectiveness, risk and load of the system; or external, designed to follow up the status of the system
Is it enough to comply with IMO regulations?
IMO has published the resolution MSC.428(98), which obliges shipping companies to establish a cybersecurity plan as part of the ship's ISM, auditable in the first ship inspection from January 2021.
To develop a cybersecurity plan, it is necessary to undertake a series of steps to ensure that: the responsibilities for information security at all levels are identified, all ship's IT / OT assets are analyzed, the associated risks and vulnerabilities are studied, the procedures and controls are created and implemented, the good practice guides are generated and distributed, and the entire crew is trained.
To simplify the cybersecurity plan implementation, an information security standard , as ISO/IEC 27001, or a good practice guide, as BIMCO, could be used.
However, the creation of the cybersecurity plan does not imply that our ship is resilient to cyber attacks. To increase the security of the information, it is necessary to carry out intrusion tests, install hardware and software that allows to receive alerts and constantly monitor the ship to anticipate possible attacks.
IMO has published the resolution MSC.428(98), which obliges shipping companies to establish a cybersecurity plan as part of the ship's ISM, auditable in the first ship inspection from January 2021.
To develop a cybersecurity plan, it is necessary to undertake a series of steps to ensure that: the responsibilities for information security at all levels are identified, all ship's IT / OT assets are analyzed, the associated risks and vulnerabilities are studied, the procedures and controls are created and implemented, the good practice guides are generated and distributed, and the entire crew is trained.
To simplify the cybersecurity plan implementation, an information security standard , as ISO/IEC 27001, or a good practice guide, as BIMCO, could be used.
However, the creation of the cybersecurity plan does not imply that our ship is resilient to cyber attacks. To increase the security of the information, it is necessary to carry out intrusion tests, install hardware and software that allows to receive alerts and constantly monitor the ship to anticipate possible attacks.
Nature of cyberattacks
What is a cyber attack?
A cyber attack is a set of offensive actions against IT / OT systems to: damage, alter or destroy information, alter or stop its operation, destroy companies / institutions or Steal / hijack information.
Cyber Attack Types
Not targeted: Our company is not the target, it indiscriminately attacks systems, companies or individuals (phishing campaigns, botnets, ransomware ...)
Targeted: The attack is designed and directed specifically against our company (spear-phishing attacks, CEO fraud, Human Operated Ransomware, APT campaigns ...)
Origin of Cyberattacks
80% of cyberattacks are originated inside the company due to: Ignorance, Errors, Lack of Professionalism or Discontent of Employees
20% of cyberattacks are external
What is a cyber attack?
A cyber attack is a set of offensive actions against IT / OT systems to: damage, alter or destroy information, alter or stop its operation, destroy companies / institutions or Steal / hijack information.
Cyber Attack Types
Non-Targeted: The company is one of many potential targets (Malware, Social Engineering, Phishing, Scanning…)
Targeted: The attack is aimed at our company (brute force, denial of access to users….)
Origin of Cyberattacks
80% of cyberattacks are originated inside the company due to: Ignorance, Errors, Lack of Professionalism or Discontent of Employees
20% of cyberattacks are external
Who is attacking us and why
MOTIVATION
Damaging the image of the company, its products, brands, managers or commercial operations.
OBJECTIVE
- Destruction / modification of data
- Publication of sensitive data
- Media attention
- Denial of access to a system or service
MOTIVATION
Damaging the image of the company, its products, brands, managers or commercial operations.
OBJECTIVE
- Destruction / modification of data
- Publication of sensitive data
- Media attention
- Denial of access to a system or service
MOTIVATION
- Economic Gain
- Industrial espionage
- Commercial espionage
OBJETIVE
- Sale of stolen data
- Data Hijacking
- Hijacking of the operability of a system
- Organize fraudulent cargo transportation
- Obtain information for a more sophisticated future attack (travel plans, cargo, planned ports, etc.)
MOTIVATION
- Economic Gain
- Industrial espionage
- Commercial espionage
OBJETIVE
- Sale of stolen data
- Data Hijacking
- Hijacking of the operability of a system
- Organize fraudulent cargo transportation
- Obtain information for a more sophisticated future attack (travel plans, cargo, planned ports, etc.)
MOTIVATION
The challenge of breaking the security defenses of a certain company
OBJECTIVE
- Penetrate security systems
- Economical gain
MOTIVATION
The challenge of breaking the security defenses of a certain company
OBJECTIVE
- Penetrate security systems
- Economical gain
MOTIVATION
- Political gain
- Business, industrial or state espionage
OBJECTIVE
- Knowledge
- Affect the economy or critical infrastructure
- Alter electoral processes
MOTIVATION
- Political gain
- Business, industrial or state espionage
OBJECTIVE
- Knowledge
- Affect the economy or critical infrastructure
- Alter electoral processes
Cybersecurity help information
OMI MSC FAL 1-Circular 3
Resolución OMI MSC.428(98)
Cyber Security Onboard Ships
Protocolo 1.0 del NIST
ISO/IEC 27001
