Maritime Cybersecurity in the South Baltic Sea

More documents

Recommendations

Info

Improving anonymity and untraceabilityAnonymity and untraceability are increasing and being enhanced through more dynamic VPNtunnels, TOR, ProtonMail, crypto-messengers, and other end-to-end encryption. Thesedecentralize the source, making it harder to perform forensic investigation. Without theanonymous feature of cryptocurrencies, ransomware is not easy to implement. Financial paymentin cryptocurrencies offer criminals a reduction in the chance of apprehension and raise a sense ofsecurity that further lowers cognitive barriers.Misused technologyCybercriminals often use familiar technologies to deliver attacks and commit cybercrime: Cloudcomputing such as Google Cloud and Amazon AWS are being used as “command and control”points for malware. Cloud-based storage systems such as Google Drive® and DropBox® are beingused to deliver infected attachments for phishing emails. Some features of the global DNS systemare used to deploy scam websites and deliver phishing emails. Infected IoT devices are being usedto build botnets that will deliver phishing attempts, host fake websites, and mobilize other threats.Open-Source Intelligence (OSINT) toolsCybercriminals use data sources including social networks, stolen data, and special techniques toinquire about potential agents and victims in the development of socially engineered attacks. Agood example of this is Shodan, which allows one to search for internet connected industrialcontrols attached to the internet.DarknetCybercriminal communities share, sell, and rent their knowledge and assets in a semi-criminal wayby using web sites in the TOR network that represent the Darknet’s neural network. In other words,Darknet is a combination of financial and anonymous IT technologies and human efforts that existin a distributed way without having an individual leader or coordination locus.Quantum computingQuantum computing is evolving at a faster pace than anticipated by any past expert opinion onthe subject. Most major world regions (US, Europe, Asia-Pacific) are advancing investment plans,capabilities, and quantum technology Minimum Viable Products (MVPs), be it on the hardware ornetworking side, with software quickly evolving and the object of vibrant R&D. The firstsmall-factor, room-temperature commercial products are now available, 11 the basis upon whichthe "single point-of-failure" current TCP-IP based and non-BFT compliant internet, derived fromARPANET, and including all the mainstream cloud tools we use on a daily basis, may eventuallydecay or be phased out and disrupted by a BFT-compliant P2P/DLT multi-net, which may notrequire blockchain protocol as it would be natively anti-eavesdrop. Because there is no evidence ofany attack using quantum computing, this technology remains speculative.2.2. ORGANIZATION TRENDSMore information sharingWhile once it may have been possible to characterize the cybercriminal as a “lone wolf” operatingin isolation, improving anonymity and untraceability allow for increased informationdissemination, processing, and collaboration, reflective of organization.11Quantum Brilliance, 2021. https://quantumbrilliance.com/ retrieved 07-Dec-2021.8
Improved organization of cyber criminalsCyber criminals share information, resources, and organize multifaceted killchains in collaboration,and are increasingly planning, consolidating, coordinating, and co-delivering attacks.Organizational effectiveness attracts financing, making activities run for longer periods of time,increasing the duration that an attacker can be active. Unsuccessful attackers, acting individually,may not be able to learn fast enough to retain an advantage, and as defences and detectionimproves, and the risks of capture increases until the criminal decides that the potential benefitsno longer outweigh the risks.Increasing fluidity of temporary networked actorsThe cyberwar landscape is complexifying with the formation of time-interlaced multilevel webs ofthreat actor networks. The dominant organizational structure can be characterized as thetemporary networked organization, one that emerges and organizes for a specific purpose, anddisbands once that purpose has been fulfilled. Then, fluid actors may join other temporarynetworked organizations for a new objective. Over time, reputations and referrals becomeimportant for marketing skill sets for enabling value capture from the operation.Improved division of labourOrganization leads to division of labour, specialization, and niche competencies. The valueproposition of specializing in different facets of cyber-criminality (i.e., intrusion, reconnaissance,lateral movement, protocol spoofing, payload deployment, etc.) allow for specialized skill sets to becontracted and applied on demand. This, then, is the manifestation of labour market principles inwhich services are competitively priced for the value they provide and the scarcity of the supply ofskills.Resource brokeringActors engage in brokerage activity by arranging transactions between a buyer and a seller for acommission. Brokers may pose non-transparently as a seller or as a buyer, or both. This allowsthem to procure and recruit products and services on the one hand, and interface with customersor financing organizations on the other. Competing brokers attempt to thwart or reveal theactivities of their rivals.State-supported cybercrimeAnalysing and trend-comparing international budget allocations for cyber-security and defencecapabilities show an upward spending trend. Civilians and corporates occasionally becomecollateral damage within this new context. This trend may further alienate governments from theirconstituencies' interests, and further motivate the formation of secure transborder peer-to-peersocio-industrial cyber defence ecosystems.In some cases, state actors “capture” cybercriminals in their countries, and convert previously“independent” criminals into agents of the state through threats of violence: Penalties, jail, safety,or the safety of their family members. They are added to the pool of resources from which the statecan draw upon when it desires to mount an attack against an adversary. With large budgets andopaque accounting traceability and oversight, states will hide payments to cybercrime brokers forservices.Diverging motivationsDifferent from the mission- and vision-based organization operating in a competitive market,networked cybercrime is enabled by a diversity of individual motivations: financial, disgruntled,extortion, boredom, addiction, ideological, hatred. Among these, expectations for financial gainsremain the most important motivating factor for cybercriminal behaviour. Sums in the hundreds9
Page 1 and 2: LoremipsumMaritimeCybersecurityin t
Page 3 and 4: 1. INTRODUCTIONThe maritime industr
Page 5 and 6: Until recently, vessels have operat
Page 7: 2. ATTACKER TRENDSACROSS INDUSTRIES
Page 11 and 12: 2.2. ORGANIZATION TRENDSMore survei
Page 13 and 14: Software code that is developed ope
Page 15 and 16: 4. DIGITALIZATIONOF MARITIMEThe fut
Page 17 and 18: 5. SCENARIOS: MARITIMEIN 2035Scenar
Page 19 and 20: B) INDUSTRY FRAGMENTATION AND POLAR
Page 21 and 22: 21
Page 23 and 24: 23
Page 25 and 26: to establish their effective in a h
Page 27 and 28: Lorem ipsum dolor sit amet, consect

Maritime Cybersecurity in the South Baltic Sea

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?