As different sectors adopt more technology to improve their communications and infrastructure, there is a parallel rise in cyber threats to these networks.
The UK Government’s Cyber Security Breaches Survey shows that 32% of UK businesses and 22% of UK charities identified cyber security breaches or attacks in a 12-month period.
Only just over a third of them have cyber security policies in place. Furthermore, the survey states that those businesses and charities reporting cyber threats typically experience more of them.
In the global shipping industry, cyber threats and risks are breeding where there are gaps in systems they can exploit.
In planning cyber defence strategies, shipping companies need to take a proactive approach, to ensure they can mitigate the threat from cyber-attacks.
A key way of doing this, as we will explain, is through simulation.
A cyber-attack can be a form of modern-day piracy, involving a hostile attack on a vessel’s communication system, allowing the pirates to then direct it to a port of their choice. Alternatively, it might occur within a shipping company’s own head office, attacking its servers. The consequences can be catastrophic.
In fact, the shipping industry has been the target of one of the most devastating cyber attacks in history. This occurred at the headquarters of AP Møller-Maersk in Copenhagen in 2017.
On the afternoon of June 27, a virulent form of malware attacked the company’s computer network, turning screens black by the hundreds and shutting down internal security systems. Panic spread throughout the organisation as employees rushed to unplug computers before the malware could infect them.
The staff had to disconnect Maersk’s entire global network. All employees had been ordered to switch off their computers. The network had become seriously corrupted, to the extent that the company’s IT team was powerless to do anything.
Maersk was responsible for 76 ports across the globe and nearly 800 vessels used at sea. These ships would typically expect to carry tens of millions of tons of cargo. They represented around a fifth of the world’s shipping capacity. When the cyberattack happened, none of this infrastructure would work or could move.
What was at the origin of the attack?
NotPetya was a highly effective, and destructive, a piece of malware created by Russian agents arising from the country’s conflict with Ukraine.
Hackers had already demonstrated their reach by causing blackouts from widespread power outages in the area and had destroyed huge amounts of data belonging to organisations such as railway companies. Now they released the NotPetya malware through the servers of the Linkos Group, without anyone there being aware of it.
It was extremely fast-acting and spread rapidly beyond Ukraine’s borders. While Maersk was one of its most prominent victims, NotPetya also attacked a pharmaceutical company, a French construction company and even a Russian state oil company.
For Maersk, the disruption soon spread, shutting down operations at terminals from New Jersey to Los Angeles, Rotterdam to Mumbai. Maersk could not make any new bookings, which effectively cut off its revenue. The implications of this went further, however, because the system it normally relied on underpinned the global economy.
It took around two weeks to bring Maersk’s services back online.
To be effective, cyber security must be proactive. This is a lesson Maersk, and the shipping industry, has learned the hard way.
For any organisation to plan and prepare effective cyber defence strategies, it must first develop a clear understanding of how resilient its current communications fabric is.
The shipping industry is recognising the importance of safeguarding against cyber risks, and the International Maritime Organisation (IMO) has published guidelines about this.
Ship owners now have a deadline of 1 January 2021 to incorporate cyber risk management into their vessels’ SMS Code Safety Management.
Just as technology is the source of cyber threat, so it can provide a solution to protecting companies against it.
This solution is network testing. In regard to network testing, the terms emulation and simulation are often used interchangeably. In most cases, either term will generally get the point across, but there’s a big difference between a network emulator and network simulator, both practically and semantically.
It is important to understand what weaknesses and vulnerabilities a network has in order to defend it against cyber threats and attacks.
A network simulator uses mathematical formulas to create a theoretical and entirely virtual model of a network. Simulators are software solutions and different types are available for different applications. While used primarily for research and educational purposes, they can also act as crucial testing tools in the design and development of a network. This allows a network architect or engineer to build and evaluate an experimental model of a network, including its topology and application flow.
Since a variety of theoretical scenarios can be introduced to a network where anything can be built and applied, performance can be hypothesised before the network itself has even been implemented within the real-world.
Network simulation is a cost effective way of analysing performance and identifying potential problems, and discovering what the root causes of these problems are. However, network simulators aren’t without their limitations, as certain events can’t be anticipated independently of a physical network.
Network emulators (or WAN emulators), on the other hand, are used to test the performance of a real network. These devices can also be used for such purposes as quality assurance, proof of concept, or troubleshooting. A network emulator allows network architects, engineers, and developers to accurately gauge an application’s responsiveness, throughput, and quality of end-user experience prior to applying making changes or additions to a system.
Emulation involves creating an at-scale, accurate model of the network and its operating environment. To do this, we use a network emulator software application known as EXata, developed by our partner SCALABLE Network Technologies.
This application provides sophisticated means of emulating an entire network, and it will also predict the behaviour of networked environments. As an advanced tool, EXata creates a highly realistic, but synthetic network working at real time speeds.
If you can predict a communication gap, or a weakness in a network, you can then anticipate any issues or threats and work to protect yourself against them.
Network simulations can capture, with great accuracy, the fundamental dynamics of a network by modelling its dynamic interplay, the type of traffic using the network and any relevant environmental conditions, which can affect it.
Along with analysing the structure of a network, the critical aspect of simulation is in showing the relationships between different parts of a network and whether they are self-determined or determined by external factors.
The simulated network can interact with one or more layers of protocol, and with real external devices to test capabilities. It forms an exact reproduction of network behaviour, indistinguishable from the real thing. This is extremely useful in assessing existing networks, but also when designing new systems.
Simulation and emulation provide the perfect testing ground for new networking technologies, and for developing new communications protocols. It means that when developers ask the “what if?” question, they can do so in an environment which will accurately provide them with answers.
They can test the parameters of a network by using the emulated model to vary elements such as power, routing protocols and timers. Even where wireless networks have hundreds of devices, EXata can evaluate them accurately and efficiently.
Real applications will run on the model, as if they were running on a real network. This includes fundamental communications applications such as VoIP, internet browsers and video streaming.
Regardless of the potential of technology to assist in the fight against cyber-attacks, people have a crucial part to play. If companies recognise the threat, they must then act to train their staff to support their efforts in improving cyber security.
In fact, employees can be the source of an organisation’s greatest cyber vulnerability. The seemingly minor use of a non-encrypted device can be a gateway for malware into an entire network. Plus, there are ongoing risks from phishing and social engineering.
EXata provides the perfect training tool, because, through testing, it enables staff to train with a network before the company deploys it.
Simulation and emulation are a cost-effective means of analysing network performance and applications and developing strategies for cyber defence.
However, it is still a tool, and therefore using it requires a systematic, strategic approach with the emphasis on best practices. This means looking at the subject network, the level of detail required, and understanding what the objectives of the simulation are.
The best approach is step-by-step, starting with a simple model of the subject network and building on it. From this basis, it is then about adding more traffic to test that the model works correctly and then refine the model. This can mean increasing the network, the fidelity of the model, or adding more realistic applications and traffic.
All the time, testing is important, using visualisation and statistics. The best approach is to increase the size and fidelity of the network simulation in stages, until you get to final analysis, following multiple test runs. Ultimately, the objective is to develop resiliency in your actual network, to combat and protect against the threat of cyber attack.
As the example of NotPetya demonstrates, a cyber attack can be non-discriminatory in its choice of victim. While much media focus is on banks, critical infrastructure or large, well-known names, the risk applies to any business or organisation dependent on network communications. Cyber defence is an issue across a broad range of sectors, including aerospace, maritime, ports, defence and critical infrastructure.
What is critical is that victims and potential victims take a proactive approach to prevent cyber-attacks. Network simulation is a highly adaptable application when it comes to formulating an effective cyber defence strategy. Because it is based on reality, it helps convert analysis and testing into practical, workable solutions.