Untitled Quiz

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What are the two main categories of cyber threats that can affect companies and ships?

Physical and Cyber attacks

Internal and External attacks

Directed and Indirect attacks

Undirected and Directed attacks (correct)

What is malware?

A software that is designed to access or damage a computer without the owner's knowledge (correct)

A software that is used to fix errors in a computer system

A software that is used to scan the internet for vulnerabilities

A software that helps to secure a computer

What is the purpose of ransomware?

To encrypt data in a computer system

To scan the internet for vulnerabilities

To decrypt data in a computer system

To encrypt data in a computer system until a ransom is paid (correct)

What is a phishing attack?

A type of attack that establishes a fake website to exploit unsuspecting visitors Signup and view all the answers

What is the purpose of an exploit?

To use a software or code to exploit and manipulate a problem in another software or hardware Signup and view all the answers

What is a vulnerability in a computer system?

A weakness in a computer system that can be exploited by an attacker Signup and view all the answers

What is the purpose of a scan attack?

To search the internet for vulnerabilities that can be exploited Signup and view all the answers

What is a typo squatting attack?

A type of attack that takes advantage of typographical errors made by users when entering a website's URL Signup and view all the answers

What is the main concern of cybersecurity in the maritime industry?

Protection of TI, OT, information, and data against unauthorized access Signup and view all the answers

What is a potential consequence of a cyber incident on a ship?

Disruption of navigation systems Signup and view all the answers

What is an example of a cyber incident that can occur during maintenance?

Use of an infected USB drive Signup and view all the answers

What is the most common vector of attack by threat actors?

Phishing Signup and view all the answers

What is an example of critical data that can be compromised in a cyber incident?

Sensor data for navigation Signup and view all the answers

What is the primary goal of cybersecurity on a ship?

To protect TI, OT, information, and data Signup and view all the answers

What is a potential consequence of a corrupted ECDIS system?

Loss of navigation data Signup and view all the answers

What is an example of a system that can be affected by a cyber incident?

GPS system Signup and view all the answers

What is a vulnerability of providing access to Internet and email on a ship?

It makes the ship's systems and data more vulnerable to cyber attacks. Signup and view all the answers

What type of systems should not be connected to critical systems for security on a ship?

Uncontrolled systems with internet access Signup and view all the answers

What is a recommended feature of communication systems on a ship?

Encrypted communication Signup and view all the answers

What should be considered when implementing cyber defense mechanisms on a ship?

Implement additional measures beyond the service provider's mechanisms Signup and view all the answers

What type of information is transmitted to authorities via communication systems on a ship?

Ship's location and cargo information Signup and view all the answers

What is a risk of using VSAT signals on a ship?

They are vulnerable to exploitation Signup and view all the answers

What is a capability of communication systems on a ship?

Collecting data from container devices Signup and view all the answers

What should be strictly implemented on a ship's communication systems?

Access control and authentication requirements Signup and view all the answers

What is the primary goal of identifying vulnerabilities in a system?

To discover weaknesses that can be exploited Signup and view all the answers

Who can facilitate the identification of vulnerabilities in a system?

Both internal and external experts with maritime industry knowledge Signup and view all the answers

What caused the failure of all the ECDIS computers on the ship?

Outdated operating systems Signup and view all the answers

What was the consequence of the failure of the navigation systems on the ship?

The ship had to navigate using radar and paper charts for two days Signup and view all the answers

Why did the software update on the navigation computers fail?

The operating systems were outdated Signup and view all the answers

What was required before the ship could set sail again?

New navigation computers were installed and classification inspectors had to attend Signup and view all the answers

Who was responsible for the costs of the delays?

The shipowner Signup and view all the answers

What was required by the company after the incident?

A notification of near-accident Signup and view all the answers

What is the main emphasis of the incident?

The potential for software failures due to obsolete software Signup and view all the answers

What is the primary goal of a network evaluation on a ship?

To identify vulnerabilities in the ship's systems Signup and view all the answers

What type of vulnerabilities can a ship's systems be prone to?

Any combination of design flaws, implementation errors, and procedural errors Signup and view all the answers

What is the benefit of having independent systems on a ship?

They are less vulnerable to external cyber incidents Signup and view all the answers

What should be considered when designing a ship's network?

Both the technical and human factors in system implementation Signup and view all the answers

What is a potential consequence of a ship's systems being connected to uncontrolled networks?

Increased vulnerability to cyber incidents Signup and view all the answers

What type of systems might be included on a ship?

A range of systems, including cargo management and digital systems Signup and view all the answers

Why is it important to understand how critical systems on a ship connect to uncontrolled networks?

To identify potential vulnerabilities and mitigate risks Signup and view all the answers

Study Notes

Ciberseguridad y Gestión de Riesgos

Ciberseguridad es importante porque puede afectar a la tripulación, el barco, el medio ambiente, la empresa y la carga.
La ciberseguridad se ocupa de la protección de TI, OT, información y datos contra el acceso no autorizado, la manipulación y la interrupción.

Tipos de Ciberamenazas

Existen dos categorías de amenazas cibernéticas: ataques no dirigidos y ataques dirigidos.
Ataques no dirigidos utilizan herramientas y técnicas disponibles en Internet para localizar, descubrir y explotar vulnerabilidades generalizadas.
Ataques dirigidos tienen como objetivo previsto los sistemas y datos de una empresa o un barco.

Ciberamenazas Específicas

Malware: software malicioso diseñado para acceder o dañar una computadora sin el conocimiento del propietario.
Existen varios tipos de malware, incluyendo troyanos, ransomware, spyware, virus y gusanos.
Ransomware cifra los datos de los sistemas hasta que se paga un rescate.
Malware puede aprovechar deficiencias y problemas conocidos en software empresarial desactualizado o sin parches.
Exploitar: utilizar un software o código para aprovechar y manipular un problema en otro software o hardware de computadora.
Pozo de agua: establecer un sitio web falso o comprometer un sitio web genuino para explotar a visitantes desprevenidos.
Escaneo: buscar al azar en grandes porciones de Internet vulnerabilidades que podrían ser explotadas.
Errores tipográficos: también llamado secuestro de URL o URL falsa, se basa en errores como errores tipográficos cometidos por usuarios de Internet al ingresar la dirección de un sitio web en un navegador web.

Sistemas Vulnerables

La identificación de vulnerabilidades implica un análisis de las aplicaciones, sistemas y procedimientos para descubrir debilidades que podrían ser aprovechadas por amenazas potenciales.
Puede ser facilitado por expertos internos y/o respaldado, según corresponda, por expertos externos con conocimientos de la industria marítima y sus procesos clave.
Sistemas independientes serán menos vulnerables a los ciberincidentes externos en comparación con aquellos conectados a redes no controladas o conectados directamente a Internet.
El diseño y la segregación de la red se explicarán con más detalle en el Anexo 3.
Se debe tener en cuenta el elemento humano, ya que muchos incidentes se inician por acciones del personal.

Incidentes Cibernéticos

Un barco con un sistema de puente de navegación integrado sufrió un fallo de casi todos los sistemas de navegación en el mar, en una zona de mucho tráfico y visibilidad reducida.
La causa del fallo se atribuyó a sistemas operativos obsoletos.
El incidente enfatiza que no todas las fallas informáticas son el resultado de un ataque deliberado y que el software obsoleto es propenso a fallar.

Sistemas Críticos a Bordo

Sistemas de gestión de carga y carga: sistemas digitales utilizados para la carga, gestión del barco o el bienestar de la tripulación son particularmente vulnerables cuando se proporciona acceso a Internet y correo electrónico.
Sistemas de comunicación: la disponibilidad de conectividad a Internet vía satélite y/u otras comunicaciones inalámbricas aumenta la vulnerabilidad de los barcos, y acontecimientos recientes indican que, por ejemplo, las señales VSAT son vulnerables a la explotación utilizando productos de bajo costo y disponibles en el mercado.
Se deben considerar sistemas de comunicación con cifrado.

Studying That Suits You

Use AI to generate personalized quizzes and flashcards to suit your learning preferences.