上海国际海事信息与文献网

翻译：国际海事信息网 黄子倩 张运鸿

 

        自今年2月起，受疫情影响，航运业人士在家办公、使用技术的频率大幅提升。与此同时，黑客攻击也翻了四倍。

 

        该数据援引自以色列网络安全公司Naval Dome。Naval Dome认为疫情使航运业和海上能源业变得更易受到网络攻击。

 

        Naval Dome把恶意软件、勒索软件和钓鱼邮件的暴增归咎于新冠疫情，并补充说旅行限制、隔离措施和经济衰退正开始侵蚀企业保护自身的能力。

 

        Naval Dome的CEO伊泰·塞拉（Itai Sela）表示：“新冠疫情导致社交受限，国界关闭，原始设备制造商（OEMs）、技术人员和经销商被迫把企业的独立系统联网以提供服务。”

 

        OEM技术人员无法到船上、钻台上更新、维护重要的操作技术系统（OT systems），这导致运营者没法受到安全协议的保护，暴露在危险的网络环境之中。

 

        伊泰·塞拉（Itai Sela）表示，在2020年前三个月内，针对在家办公者的网络攻击增长了十倍，并补充道，个人电脑安全软件开发商McAfee的报告称1月到4月期间基于云端的企业网络连接增长了630%。

 

        伊泰·塞拉（Itai Sela）表示，在2020年前三个月内，针对在家办公者的网络攻击增长了十倍，并补充道，个人电脑安全软件开发商McAfee的报告称1月到4月期间基于云端的企业网络连接增长了630%。

 

        塞拉说道：“很多企业捉襟见肘，给了黑客可乘之机。”

 

        “仅仅保护网络不受攻击是远远不够的。每个个人系统都必须受到保护。如果网络被黑客入侵，所有连接网络的系统都会被殃及。”

 

        Naval Dome解释说，Naval Dome的软件遵守美国国家标准与技术研究院（National Institute of Standards and Technology，NIST）普渡模式的网络安全协议，该安全协议非常严格。

 

        塞拉表示：“我们的观点是，所有系统都必须按照风险等级受到保护。这样整个平台可以不受内部和外部攻击。只保护网络的话，任何接入网络的病毒（例如来自已授权人员的无意攻击）可能会感染所有连接该网络的系统。保护所有系统是更划算的选择。”

 

        企业发展副总裁Ido Ben-Moshe表示，网络安全问题在海事和海上油气领域尤其严重。

 

        他强调：“如果黑客侵入网络，重要设备暴露在危险之中，那会导致严重的安全问题、企业停工、经济问题，还会有潜在的名誉损失。”并补充说，远程工作和远程控制的自主技术在疫情过后会加速发展。

 

        Ido Ben-Moshe总结道：“如果企业不采取恰当的保护措施，这（指远程工作和远程控制的自主技术在疫情过后会加速发展）会使企业面临网络安全方面的挑战。”

 

       （本文版权归国际海事信息网所有，图片版权归原作者，转载请注明出处。）

 

Naval Dome: 400% increase in attempted hacks since February 2020

 

There has been a massive 400% increase in attempted hacks since February 2020 coinciding with a period when the maritime industry turned to greater use of technology and working from home due to the Coronavirus pandemic.

 

The data was cited by Israeli cybersecurity specialist Naval Dome, which believes the pandemic is leaving the maritime and offshore energy sectors more vulnerable to cyber-attacks than before.

 

Naval Dome ascribed the spike in malware, ransomware, and phishing emails to the Covid-19 crisis, adding that travel restrictions, social distancing measures, and economic recession are beginning to bite into a company’s ability to sufficiently protect itself.

 

“Covid-19 social restrictions and border closures have forced original equipment manufacturers (OEMs), technicians, and vendors to connect standalone systems to the internet in order to service them,” Naval Dome CEO Itai Sela said.

 

OEM technicians are unable to fly out to ships and rigs to upgrade and service critical OT systems, resulting in operators circumventing established security protocols, leaving them open to attack.

 

Sela said that during the first three months of 2020, attacks targeting home workers increased tenfold, adding that PC security software provider McAfee has reported that between January and April cloud-based cyber-attached on all businesses increase by 630%.

 

As pointed out, the economic downturn and the drop in the price of crude oil is also having an effect, with oil companies and contractors being faced with limited budgets available to implement effective cyber security measures.

 

“Companies are stretched thin and this is benefitting the hacker,” said Sela.

 

“It is not sufficient to protect only networks from attack. Each individual system must be protected. If networks are penetrated, then all connected systems will be infected."

 

Naval Dome explained that its software solutions adhere to the strict cyber security protocols set by the National Institute of Standards and Technology (NIST) under the Purdue Model.

 

“Our philosophy is that all systems must be protected using a risk ranking. If it is, then the entire platform is protected from both internal and external attack vectors. If only the network is protected, then whatever enters the net (such as an unintentional attack from authorised personnel) will infect all connected systems. This philosophy is more cost-effective,” Sela noted.

 

Ido Ben-Moshe, Vice President Business Development, said the problem is particularly acute in the marine and offshore oil and gas sectors.

 

“If hackers penetrate networks, and critical equipment is exposed there could be significant safety, downtime, financial and potential reputational damage,” he stressed, adding that remote working and the introduction of remotely controlled, autonomous technologies is likely to take place at a faster pace in a post-coronavirus world.

 

“This will see companies face new cyber security challenges if they fail to implement adequate protective measures,” he concluded.