jump to navigation

CyberSecurity & Piracy December 17, 2011

Posted by Chris Mark in InfoSec & Privacy, Piracy & Maritime Security, Uncategorized.
Tags: , , , , , , , , ,
add a comment

This past summer I was interviewed by Maritime Executive on the topic of CyberPiracy.  The article discussed the need for increased information assurance practices among shipping companies.  As shipping companies increasingly turn to armed guards and ships increasingly adopt BMP4, hijackings have decreased.  In response the pirates, and those who fund and support the pirates, are looking for new ways to increase their likelihood of successfully hijacking a ship while minimizing the risk to the pirates.  Increasingly, pirates are turning to high tech, and not so high tech, solutions.  It is an established fact that pirates are using information found on the AIS system as well as GPS and satellite phones to locate and coordinate attacks.  Now information is coming forward that the pirates groups are using sources within ports, and shipping companies to identify those vessels that they want to attack.  It has been reported that hackers are being employed to steal data related to cargo as well as the user of armed guards.  While this topic is too broad to discuss in a blog post, I will begin posting a series of articles on cyber security and steps shipping companies can take to minimize the risk of their data being compromised.

This past Fall, I had the opportunity to speak at Hanson Wade anti-piracy event in London.  If you have not attended a Hanson Wade event, they are very worthwhile.  I have spoken at literally scores of events over the past 10 years and few, if any, were as well organized.  The next event is scheduled for April, 2012 in Hamburg Germany.  As luck would have it they have a section on CyberSecurity.  Take a look and see if it is worth attending..

InfoSec 101: Social Engineering December 17, 2011

Posted by Chris Mark in Uncategorized.
Tags: , , , ,
add a comment

I just received a call from a friend of mine who wanted to talk about a phone call they had received.  A person with an Indian accent called their house from 999-901-3307 and explained that he worked with Microsoft and that their computer: “was infected with a number of viruses.”  He asked them to visit a few screens and verify some ‘warnings’.  He then asked them to allow him to access their computer to fix the issues.   Luckily my friends were savvy enough to hang up the phone and not provide access.  This is a classic example of what we call Social Engineering.  Many people mistakenly believe that the easiest way to ‘hack’ or compromise a computer system is through technical means.  In reality, it is often quicker and easier to simply have someone ‘invite’ the hacker into the system.  If you ever receive a call, email, letter or any other communication from someone professing to be from Microsoft or some other vendor, you are well served to hang up.  They will not call you directly, and without your request, to ask for access to your computer system.

New Domain! www.GlobalRiskInfo.com December 17, 2011

Posted by Chris Mark in Uncategorized.
Tags: , , , , , , , , ,
add a comment

Starting tomorrow (Sun, Dec 18th, 2011), the blog will have a new domain.  You can find us at the current wordpress subdomain of https://maritimerisk.wordpress.com or you can simply type www.GlobalRiskInfo.com (not case sensitive).  The blog will be expanding into other areas of risk including information assurance, physical security, and financial risk.

Tanker pirated while conducting STS operations off West Africa! September 14, 2011

Posted by Chris Mark in Uncategorized.
Tags: , , , , , , , ,
add a comment

The IMB has reported that a tanker was pirated off the West coast of Africa and 23 of her crew taken hostage. The attack occurred Wednesday about 62 nautical miles from Benin’s capital of Cotonou. The bureau said the pirates took over the vessel, kidnapped its crew and sailed to an unknown location.

Updated reports indicate that the master sent SSAS alert, the crew locked themselves in engine room and contacted their companies CSO. Sometime later the pirates left the vessel. The crew came out of the engine room and conducted a search for the pirates and found the vessel to be safe. The crew regained control of the vessel.

Attacks off West Africa are becoming more and more common and brazen.  Companies are urged to take proactive measures to ensure that events such as this have less of a chance of occurring.  While the outcome was positive and the pirates ended up leaving the ship, the situation could have been far worse.

3rd Wave of Pirates? Law Enforcement Needed? (really?) September 7, 2011

Posted by Chris Mark in Uncategorized.
Tags: , , , , ,
add a comment

According to Jay Bahadur, author of The Pirates of Somalia, a new wave of more younger, more violent pirates may be on the rise.   You can read the interview here.  While I agree with Mr. Bahadur on many of his points, he states that the immediate solution to piracy is ‘law enforcement on land’.  I feel this is a ludicrous statement.  ‘Law enforcement’ in a failed state provides no purpose.  To have effective law enforcement you must first have governance.  Right now Somalia is largely a lawless land.  The per capita income is estimated at around $0.89 US per day.  The incentive for piracy is simply too great to dissuade piracy.  While I applaud Mr. Bahadur for his efforts at writing the book, his suggestion that law enforcement on the land will stop piracy is another example of an arm chair quarterback taking a very linear, simplistic view of a complex situation.  Law enforcement is needed but is simply not possible until there are a number of other pieces put into place.