1
00:00:00,540 --> 00:00:03,900
S1: All right. Welcome to Unsupervised Learning. This is Daniel Meisler

2
00:00:03,900 --> 00:00:09,480
S1: and happy to have on today Corey Ransom, CEO at Dryad.

3
00:00:09,480 --> 00:00:15,900
S1: And Ismael Valenzuela, VP of threat research and Intelligence at BlackBerry.

4
00:00:16,050 --> 00:00:17,280
S1: Welcome to the show.

5
00:00:18,110 --> 00:00:19,099
S2: Thanks for having me.

6
00:00:19,790 --> 00:00:20,780
S3: Thank you, thank you. Daniel.

7
00:00:22,430 --> 00:00:25,579
S1: Awesome. So we want to talk about maritime security today.

8
00:00:25,579 --> 00:00:28,580
S1: And it's good that we have Cory here because I

9
00:00:28,580 --> 00:00:31,820
S1: did not feel, uh, qualified to be an expert there.

10
00:00:31,820 --> 00:00:34,220
S1: So good to have everyone on and good to see

11
00:00:34,220 --> 00:00:35,449
S1: you again, Ismail.

12
00:00:36,210 --> 00:00:37,110
S3: You'll see again, Daniel.

13
00:00:39,010 --> 00:00:42,430
S1: Well, very cool. So, um, I think the reason we're

14
00:00:42,430 --> 00:00:44,890
S1: talking about this is because of the incident that happened

15
00:00:44,890 --> 00:00:48,970
S1: in Baltimore. And I guess. The big part of my

16
00:00:48,970 --> 00:00:53,229
S1: questions here are how does the maritime stuff generalize out

17
00:00:53,229 --> 00:00:59,890
S1: to other areas? Right. Um, so so with the Baltimore incident.

18
00:01:00,800 --> 00:01:03,500
S1: What are the things we should be thinking about with

19
00:01:03,500 --> 00:01:06,860
S1: maritime security? Can you kind of give us an overview, Cory?

20
00:01:07,700 --> 00:01:11,540
S2: Sure. That that's a that's a really good question because

21
00:01:11,540 --> 00:01:15,440
S2: maritime in my opinion, and I think a lot of

22
00:01:15,440 --> 00:01:18,830
S2: people in the industry, when you look at cyber security,

23
00:01:18,830 --> 00:01:21,530
S2: is probably about 10 or 15 years behind the rest

24
00:01:21,530 --> 00:01:24,470
S2: of the world. So there's a number of issues to

25
00:01:24,470 --> 00:01:27,500
S2: look at. So when a little bit of background, Daniel,

26
00:01:27,500 --> 00:01:30,170
S2: when you build a ship, that ship is usually going

27
00:01:30,170 --> 00:01:33,619
S2: to be in service for 25, 30 plus years. And

28
00:01:33,620 --> 00:01:36,890
S2: so the systems that are on that vessel, when it's built,

29
00:01:36,890 --> 00:01:39,860
S2: you can imagine there's a there's a pretty interesting evolution

30
00:01:39,860 --> 00:01:42,320
S2: of technology through the life of that ship. And you

31
00:01:42,319 --> 00:01:45,680
S2: can't always replace those systems. So there are still vessels

32
00:01:45,680 --> 00:01:49,700
S2: out there today that are operating with windows XP computers,

33
00:01:49,700 --> 00:01:52,160
S2: because those were the systems at the time when the

34
00:01:52,160 --> 00:01:55,880
S2: ships were built that are the controlling systems for the

35
00:01:55,880 --> 00:01:59,420
S2: engine control systems or other vital systems on board. So

36
00:01:59,420 --> 00:02:01,940
S2: there's really a number of things that you want to

37
00:02:01,940 --> 00:02:04,940
S2: look at from a threat perspective on board the vessel

38
00:02:04,940 --> 00:02:07,880
S2: and the legacy systems are really a big part of that. Now,

39
00:02:07,880 --> 00:02:10,970
S2: the IT infrastructure on a vessel, it's much easier to

40
00:02:10,970 --> 00:02:13,940
S2: upgrade that. But some of what you call the OT

41
00:02:13,940 --> 00:02:18,620
S2: or the, the, the the other technology on board, um,

42
00:02:18,620 --> 00:02:20,630
S2: is not as easy to upgrade. So that's one of

43
00:02:20,630 --> 00:02:22,880
S2: the first things to look at with the vessel is,

44
00:02:22,880 --> 00:02:26,269
S2: is what can you do to protect the the older

45
00:02:26,270 --> 00:02:29,510
S2: kind of OT systems that are operating and then also

46
00:02:29,540 --> 00:02:33,710
S2: the newer IT systems. And all of this has to

47
00:02:33,710 --> 00:02:39,440
S2: work in an environment where there's sometimes there's no connectivity whatsoever. Um,

48
00:02:39,440 --> 00:02:42,620
S2: the ships in the world will pass through regions where

49
00:02:42,620 --> 00:02:46,280
S2: because of weather or other issues, they may lose connectivity

50
00:02:46,280 --> 00:02:48,920
S2: for for a time period. So it's very interesting when

51
00:02:48,919 --> 00:02:52,459
S2: you look at trying to apply a protection scheme to

52
00:02:52,460 --> 00:02:54,830
S2: a vessel, it's very different than when you try to

53
00:02:54,830 --> 00:02:58,910
S2: design that for an organization that operates on land.

54
00:02:59,770 --> 00:03:00,970
S1: Yeah, that makes sense.

55
00:03:01,840 --> 00:03:04,690
S3: It's interesting, Daniel, because, you know, you mentioned Baltimore before

56
00:03:04,690 --> 00:03:07,810
S3: and obviously that's that's what's what's in everybody's head, right?

57
00:03:07,810 --> 00:03:11,020
S3: Because of what happened recently. But Corey and I, we've

58
00:03:11,020 --> 00:03:15,190
S3: been talking about this before the Baltimore incident. And we're

59
00:03:15,190 --> 00:03:18,010
S3: like working on hey, you know, let's look at some

60
00:03:18,010 --> 00:03:21,970
S3: threat models. I wasn't an expert. I'm not an expert

61
00:03:22,150 --> 00:03:25,450
S3: in maritime security. But I was talking to to Corey

62
00:03:25,450 --> 00:03:28,330
S3: well before that incident. When that incident happens, like everybody was,

63
00:03:28,330 --> 00:03:31,179
S3: you know, thinking about that. But but this is something that,

64
00:03:31,180 --> 00:03:33,550
S3: you know, in this case, Dryad has been working on

65
00:03:33,550 --> 00:03:36,670
S3: for quite some time. And we, as you know, partners

66
00:03:36,670 --> 00:03:39,490
S3: at BlackBerry, we have been looking into as well before

67
00:03:39,490 --> 00:03:42,250
S3: the Baltimore incident. Right. Maybe we can talk about some

68
00:03:42,250 --> 00:03:45,460
S3: other incidents that have happened before. Well, that that's.

69
00:03:45,460 --> 00:03:49,240
S2: A that's an interesting one, Ishmael. Because when that incident

70
00:03:49,240 --> 00:03:52,480
S2: happened on my phone started ringing off the hook because

71
00:03:52,480 --> 00:03:55,360
S2: that was the first thing that most people thought is with,

72
00:03:55,360 --> 00:03:57,700
S2: with the ship in Baltimore. Oh, this is a cyber

73
00:03:57,700 --> 00:04:01,780
S2: attack 100%. And we find out, obviously, that it wasn't

74
00:04:01,780 --> 00:04:04,690
S2: that this was more mechanical and other things that were happening,

75
00:04:04,690 --> 00:04:07,150
S2: but it was just interesting that I was getting calls

76
00:04:07,150 --> 00:04:09,250
S2: from people that I was not expecting to get phone

77
00:04:09,250 --> 00:04:13,000
S2: calls from asking, was this a cyber incident? And at

78
00:04:13,000 --> 00:04:15,880
S2: the time, the majority of the intelligence that we had

79
00:04:15,880 --> 00:04:18,640
S2: was there was just not anything to indicate that it was.

80
00:04:18,640 --> 00:04:21,460
S2: And then that panned out. But there's been other incidents.

81
00:04:21,460 --> 00:04:24,700
S2: We know that cyber has been related. And one of

82
00:04:24,700 --> 00:04:28,599
S2: the things that I find really interesting in the maritime

83
00:04:28,600 --> 00:04:34,060
S2: is post accident investigation with maritime. They're they're bringing in

84
00:04:34,060 --> 00:04:37,000
S2: cyber experts all the time. And and we've never seen

85
00:04:37,000 --> 00:04:39,849
S2: that before. And three, four years ago if there was

86
00:04:39,850 --> 00:04:44,410
S2: an incident okay. We know probably mechanical or some other issue.

87
00:04:44,410 --> 00:04:48,280
S2: But now as, as kind of those post incident investigations,

88
00:04:48,279 --> 00:04:51,760
S2: you're seeing the cyber component or forensic cyber experts that

89
00:04:51,760 --> 00:04:55,660
S2: are now in part of those investigative teams to say, hey,

90
00:04:55,660 --> 00:04:59,590
S2: was there the potential of a cyber incident? And and

91
00:04:59,589 --> 00:05:02,200
S2: it exists. I mean, Ishmael and I talk about this

92
00:05:02,200 --> 00:05:04,780
S2: quite a bit, but that the potential of a cyber

93
00:05:04,779 --> 00:05:09,580
S2: attack in maritime, um, we're just counting basically to time as,

94
00:05:09,580 --> 00:05:13,029
S2: as when it's going to happen. It's it's definitely something

95
00:05:13,029 --> 00:05:16,090
S2: that we see and we continue to try to provide

96
00:05:16,089 --> 00:05:20,049
S2: information to, to our clients and stakeholders on what that

97
00:05:20,050 --> 00:05:23,349
S2: threat landscape looks like and how prevalent this threat is.

98
00:05:23,350 --> 00:05:26,020
S2: And it gets it gets more and more prevalent every

99
00:05:26,020 --> 00:05:26,920
S2: single day.

100
00:05:27,640 --> 00:05:30,640
S1: Yeah. I remember seeing a long time ago, uh, some

101
00:05:30,640 --> 00:05:34,930
S1: aircraft carrier and it was running Nt4 and I was like, oh,

102
00:05:34,930 --> 00:05:39,970
S1: that's that's really scary. Um, so what what are the

103
00:05:39,970 --> 00:05:44,260
S1: threats scenarios look like that you put together? Both of you.

104
00:05:44,260 --> 00:05:47,799
S1: If you look at the actual scenarios themselves, what do

105
00:05:47,800 --> 00:05:50,890
S1: they start to look like? You've got like malicious. You've

106
00:05:50,890 --> 00:05:53,530
S1: got like, you tell me if I'm wrong, but you've

107
00:05:53,529 --> 00:05:56,770
S1: got convincing some sailor to bring on a USB drive

108
00:05:56,770 --> 00:06:00,550
S1: or something, which hopefully they would have access to. Um,

109
00:06:00,550 --> 00:06:03,339
S1: ports would be limited. But we all know the world

110
00:06:03,339 --> 00:06:08,140
S1: is not a perfect place, so perhaps, um, yeah, external

111
00:06:08,140 --> 00:06:12,729
S1: media coming onto the ship that could possibly compromise. Um,

112
00:06:12,730 --> 00:06:15,310
S1: I imagine there's a whole bunch of systems that are

113
00:06:15,310 --> 00:06:18,340
S1: internet connected, and I'm sure there's supposed to be segmentation,

114
00:06:18,339 --> 00:06:20,980
S1: but that's another avenue. But like, what is that threat

115
00:06:20,980 --> 00:06:22,240
S1: model actually look like?

116
00:06:23,800 --> 00:06:27,460
S2: That. So I think that that trying to get someone

117
00:06:27,460 --> 00:06:30,310
S2: to bring a USB on board that, that that's pretty

118
00:06:30,310 --> 00:06:33,909
S2: difficult to do. Most of the Mariners that that we've

119
00:06:33,910 --> 00:06:36,070
S2: talked to have that basic training so they know, hey,

120
00:06:36,070 --> 00:06:38,530
S2: this is I'm not going to bring this media on board.

121
00:06:38,529 --> 00:06:42,790
S2: It's interesting because up until about the last three years,

122
00:06:42,790 --> 00:06:45,880
S2: that's how the majority of the critical systems were updated,

123
00:06:45,880 --> 00:06:48,790
S2: is the manufacturers would actually have to send a USB

124
00:06:48,940 --> 00:06:52,450
S2: or a CD ROM to the vessel to update the

125
00:06:52,450 --> 00:06:55,419
S2: critical navigation systems and everything. And it was we were

126
00:06:55,420 --> 00:06:57,820
S2: actually just talking about this internally, and it was really

127
00:06:57,820 --> 00:07:00,910
S2: funny about 3 or 4 years ago that the major

128
00:07:00,910 --> 00:07:04,900
S2: navigation providers for vessels were telling people, don't connect your

129
00:07:04,900 --> 00:07:08,650
S2: bridge navigation systems to the internet. If you do anything,

130
00:07:08,650 --> 00:07:11,200
S2: it needs to be trusted. Our updates come out like this.

131
00:07:11,200 --> 00:07:14,800
S2: It was very specific. Well, fast forward to where we

132
00:07:14,800 --> 00:07:19,450
S2: are today, and all of those same bridge navigation manufacturers

133
00:07:19,450 --> 00:07:22,780
S2: are telling all of their vessels they have to have

134
00:07:22,780 --> 00:07:26,350
S2: their bridge navigation systems connected to the internet now, because

135
00:07:26,350 --> 00:07:28,360
S2: that's how the live updates are done. And it's a

136
00:07:28,360 --> 00:07:31,330
S2: much more efficient process to be able to do that.

137
00:07:31,330 --> 00:07:34,210
S2: So it's interesting to see the change that's just taken

138
00:07:34,210 --> 00:07:36,010
S2: place in the industry in the last 2 or 3

139
00:07:36,010 --> 00:07:39,820
S2: years with now, systems that were not connected to the

140
00:07:39,820 --> 00:07:42,940
S2: internet are now being connected to the internet, and not

141
00:07:42,940 --> 00:07:47,140
S2: just navigation, but the engine control systems, the generator, the

142
00:07:47,140 --> 00:07:50,590
S2: engines themselves. When you look at cargo vessels, the cargo

143
00:07:50,590 --> 00:07:53,950
S2: handling side of it, the ballast water systems, I mean,

144
00:07:53,950 --> 00:07:57,580
S2: it's it's really interesting to see the number of systems

145
00:07:57,580 --> 00:08:01,360
S2: and the connectivity on vessels that was just not prevalent

146
00:08:01,360 --> 00:08:04,210
S2: even 2 or 3 years ago. So you really didn't

147
00:08:04,210 --> 00:08:08,080
S2: see that threat where that's why we've seen a huge

148
00:08:08,080 --> 00:08:11,260
S2: jump in the exponential potential of that as just because

149
00:08:11,260 --> 00:08:13,510
S2: of the number of systems on board. And the the

150
00:08:13,510 --> 00:08:19,330
S2: other interesting piece is, is post-Covid shipping companies, the cruise lines,

151
00:08:19,330 --> 00:08:23,140
S2: large yachts are really having a difficult time trying to

152
00:08:23,140 --> 00:08:28,390
S2: get crew members on board with little or no connectivity.

153
00:08:28,750 --> 00:08:32,080
S2: Shipping of the past. Again two three years ago, crew

154
00:08:32,080 --> 00:08:34,150
S2: members knew that there was no connectivity or if they

155
00:08:34,150 --> 00:08:36,069
S2: wanted it, they would have to pay a pretty exorbitant

156
00:08:36,070 --> 00:08:38,770
S2: amount to be able to get that. Now it's becoming

157
00:08:38,770 --> 00:08:42,640
S2: standard package on a lot of these vessels to have

158
00:08:42,640 --> 00:08:46,360
S2: enhanced internet capabilities just for the crew. So you bring

159
00:08:46,360 --> 00:08:49,600
S2: that dynamic that we didn't have a few years ago

160
00:08:49,600 --> 00:08:54,370
S2: into the threat picture. So it's rapidly changing the different

161
00:08:54,370 --> 00:08:58,660
S2: access points that could become vulnerabilities on board a vessel.

162
00:08:58,660 --> 00:09:00,820
S2: And almost regardless of the type, whether it's a cargo

163
00:09:00,820 --> 00:09:02,590
S2: ship or a cruise line or a large yacht.

164
00:09:03,220 --> 00:09:07,270
S1: Yeah. The one similarity I think, I think I see

165
00:09:07,270 --> 00:09:13,150
S1: is IX or, um, operational technology. It's almost like because

166
00:09:13,150 --> 00:09:17,080
S1: we have been learning this lesson, albeit slowly, is securing

167
00:09:17,080 --> 00:09:20,469
S1: SCADA systems, uh, which I've done a bunch of assessment

168
00:09:20,470 --> 00:09:24,760
S1: work on. They were traditionally completely isolated, and then they

169
00:09:24,760 --> 00:09:29,309
S1: ended up not being isolated and. More and more internet

170
00:09:29,309 --> 00:09:32,970
S1: connected tech comes in and those environments are not used

171
00:09:32,970 --> 00:09:35,579
S1: to that. So maybe there's some lessons we can get

172
00:09:35,580 --> 00:09:39,870
S1: from that industry. I'm just skeptical that those last those

173
00:09:39,870 --> 00:09:43,710
S1: lessons actually transfer. Well, they tend not to.

174
00:09:44,340 --> 00:09:46,770
S3: And I was going to say even like autonomous vehicles. Right.

175
00:09:46,770 --> 00:09:49,350
S3: We see the same kind of idea like vehicles that

176
00:09:49,350 --> 00:09:52,829
S3: they need to be connected time, right. To receive, uh,

177
00:09:52,830 --> 00:09:57,720
S3: instructions and to send telemetry to receive, you know, information. Um,

178
00:09:57,720 --> 00:10:01,500
S3: but if you think about other like, older threat models. Right.

179
00:10:01,500 --> 00:10:06,030
S3: We were discussing before. Uh, GPS spoofing, for example. Right.

180
00:10:06,030 --> 00:10:08,880
S3: I mean, that's usually using, like, traditional technology to be

181
00:10:08,880 --> 00:10:12,720
S3: able to redirect a vessel, right, to, to, to a

182
00:10:12,720 --> 00:10:15,840
S3: different place, like, can that be done in this way

183
00:10:15,840 --> 00:10:21,120
S3: by manipulating this, uh, this data. Right, that we're navigation

184
00:10:21,120 --> 00:10:25,770
S3: data by, by maybe turning a ship, like, sideways and

185
00:10:25,770 --> 00:10:28,380
S3: blocking the entrance of a port. I know that's actually

186
00:10:28,380 --> 00:10:32,309
S3: a scenario, right? That has been, uh, evaluated. What could

187
00:10:32,309 --> 00:10:34,410
S3: happen if a vessel enters the port of New York

188
00:10:34,410 --> 00:10:39,630
S3: and then turn sideways and blocks? Uh, not accidentally. Yeah, that.

189
00:10:39,809 --> 00:10:42,810
S1: Yeah, I wanted to hit on that, basically. What what

190
00:10:42,809 --> 00:10:46,620
S1: are the, uh, not the threat scenarios for getting in,

191
00:10:46,620 --> 00:10:50,910
S1: but what what could people do potentially, uh, to do that?

192
00:10:50,910 --> 00:10:55,290
S1: One would just, I guess be. Yeah, blocking shipping actually

193
00:10:55,290 --> 00:10:57,420
S1: seems like one of the worst ones. What else could

194
00:10:57,420 --> 00:10:58,439
S1: you possibly do?

195
00:11:00,350 --> 00:11:02,630
S2: I could take the first part of that if you

196
00:11:02,750 --> 00:11:06,740
S2: want because that it's, it's this is this is really interesting.

197
00:11:06,740 --> 00:11:09,230
S2: So I think there's a couple of things. Number one is,

198
00:11:09,230 --> 00:11:13,640
S2: is to be able to, uh, spoof the vessel's navigation

199
00:11:13,640 --> 00:11:16,670
S2: system in a tight maneuvering space, like the entrance to

200
00:11:16,670 --> 00:11:20,449
S2: a canal or port. That is something that before the

201
00:11:20,450 --> 00:11:23,900
S2: crews on board. These ships are very intelligent people. They

202
00:11:23,900 --> 00:11:26,870
S2: are very good at their craft and what they're doing

203
00:11:26,870 --> 00:11:30,349
S2: in running navigation and engine systems. But if you put

204
00:11:30,350 --> 00:11:34,640
S2: them in a, in a, in a confined, um, fair way,

205
00:11:34,640 --> 00:11:38,180
S2: entry point into a canal or a port, they still

206
00:11:38,179 --> 00:11:40,460
S2: have to take time for their brains to process that

207
00:11:40,460 --> 00:11:43,160
S2: something is wrong and then be able to react to that.

208
00:11:43,160 --> 00:11:45,560
S2: And by the time that happens in a narrow channel,

209
00:11:45,559 --> 00:11:48,830
S2: it's really difficult for them to counter what's happening, because

210
00:11:48,830 --> 00:11:52,100
S2: as you saw in Baltimore, these very large cargo ships,

211
00:11:52,100 --> 00:11:55,250
S2: even traveling at five, six, seven knots, have so much

212
00:11:55,250 --> 00:11:58,820
S2: momentum that it takes a long time to stop these ships.

213
00:11:58,820 --> 00:12:02,480
S2: So in in a narrow fairway, that's a really interesting scenario.

214
00:12:02,480 --> 00:12:05,090
S2: One of the other scenarios that we've looked at is

215
00:12:05,090 --> 00:12:08,570
S2: the actual kind of digital hijacking of the ship itself.

216
00:12:08,570 --> 00:12:10,640
S2: So the ship may be in the middle of the ocean.

217
00:12:10,640 --> 00:12:15,860
S2: Hackers take control of of engineering and navigation systems and

218
00:12:15,860 --> 00:12:18,650
S2: block the crew out from being able to do anything,

219
00:12:18,650 --> 00:12:21,500
S2: and then basically digitally hijacking the ship in the middle

220
00:12:21,500 --> 00:12:24,080
S2: of the ocean, asking for a ransom payment. That is

221
00:12:24,080 --> 00:12:27,530
S2: something that we really haven't seen yet, but we think

222
00:12:27,530 --> 00:12:30,500
S2: that that is going to become more and more prevalent

223
00:12:30,500 --> 00:12:33,650
S2: in the maritime industry as we see all of this connectivity,

224
00:12:33,650 --> 00:12:37,160
S2: all of these things happening, that the prevalence of this

225
00:12:37,160 --> 00:12:41,030
S2: may start to increase because you look at 90 plus

226
00:12:41,030 --> 00:12:43,730
S2: percent of all the goods that we buy are on

227
00:12:43,730 --> 00:12:45,530
S2: a ship at some point in your life. So that

228
00:12:45,530 --> 00:12:50,210
S2: is a huge part of global GDP. So even one

229
00:12:50,210 --> 00:12:53,750
S2: ship with 3 or 4000 containers, that that's a lot

230
00:12:53,750 --> 00:12:56,660
S2: of value of cargo, that's that's moving in the in

231
00:12:56,660 --> 00:12:59,360
S2: the ocean. And you know, don't even think about like

232
00:12:59,360 --> 00:13:02,449
S2: some of the supertankers with oil on board how much

233
00:13:02,450 --> 00:13:05,060
S2: those are worth. So there's a lot of value that's,

234
00:13:05,059 --> 00:13:08,390
S2: that's floating around out there that that we think that this,

235
00:13:08,390 --> 00:13:12,380
S2: this digital hijacking could potentially become an issue or even

236
00:13:12,380 --> 00:13:15,350
S2: precede a physical attack like what we've seen in the

237
00:13:15,350 --> 00:13:16,850
S2: Red sea and the Gulf of Aden.

238
00:13:17,480 --> 00:13:20,150
S1: Okay. So so what does that what does that actually

239
00:13:20,150 --> 00:13:24,740
S1: look like? That is basically economic disruption. And also you

240
00:13:24,740 --> 00:13:27,080
S1: have to worry about the actual crew that's on board.

241
00:13:27,080 --> 00:13:30,859
S1: But they would in that sense they would only be

242
00:13:30,860 --> 00:13:34,790
S1: affecting the cargo that was on that one ship along

243
00:13:34,790 --> 00:13:37,130
S1: with the crew. And I guess they would just be

244
00:13:37,130 --> 00:13:41,010
S1: out in the ocean and say. What? We're not going

245
00:13:41,010 --> 00:13:42,690
S1: to deliver the stuff. We're going to dump it in

246
00:13:42,690 --> 00:13:45,720
S1: the sea, and also we're going to hurt the crew.

247
00:13:46,050 --> 00:13:47,610
S1: Is that the scenario?

248
00:13:47,640 --> 00:13:50,280
S2: No, not necessarily that I think the scenario is more

249
00:13:50,280 --> 00:13:53,400
S2: along the lines, Daniel, of of of an attacker taking

250
00:13:53,400 --> 00:13:56,640
S2: control of the ship. And these guys are financially motivated

251
00:13:56,640 --> 00:13:58,619
S2: unless it's a state actor for the most part in

252
00:13:58,620 --> 00:14:02,820
S2: the maritime it's 100% financial motivation. So what we would

253
00:14:02,820 --> 00:14:04,710
S2: see is that they would take control of the ship

254
00:14:04,710 --> 00:14:07,559
S2: and then ask the owner or management company, hey, you

255
00:14:07,559 --> 00:14:10,179
S2: need to pay us 10 million Bitcoin for a 10

256
00:14:10,179 --> 00:14:13,020
S2: million in Bitcoin for us to release the ship back

257
00:14:13,020 --> 00:14:16,380
S2: to your control. So I don't think it's anything to

258
00:14:16,380 --> 00:14:19,200
S2: potentially dump the cargo or hurt the crew. It's more

259
00:14:19,200 --> 00:14:21,600
S2: along the lines of what financial gain can we get

260
00:14:21,600 --> 00:14:24,330
S2: out of this very quickly and and be able to

261
00:14:24,330 --> 00:14:27,600
S2: get a fairly quick payday, just like what we've seen

262
00:14:27,600 --> 00:14:30,120
S2: in other industries? Hey, we've got all your data, we've

263
00:14:30,120 --> 00:14:33,150
S2: got all of your your websites are down. We have

264
00:14:33,150 --> 00:14:34,830
S2: all of this. In order to get it back. You're

265
00:14:34,830 --> 00:14:37,440
S2: going to have to pay us so much in ransom

266
00:14:37,470 --> 00:14:40,620
S2: and we'll give you your your ship back. That's kind

267
00:14:40,620 --> 00:14:41,970
S2: of the scenario that's interesting.

268
00:14:42,090 --> 00:14:45,900
S1: It it, uh, tripped me up because in that case,

269
00:14:45,900 --> 00:14:51,330
S1: it's really stuff. And it's really people that you are

270
00:14:51,330 --> 00:14:56,100
S1: ransoming which transfers to the physical world. But the attack

271
00:14:56,130 --> 00:15:02,940
S1: you're talking about is actually technically ransomware in the cyber world. Sure. Yeah. Yeah, yeah. Fascinating.

272
00:15:03,300 --> 00:15:05,640
S3: And just to put things into perspective, I was mentioning

273
00:15:05,670 --> 00:15:08,580
S3: to Corey, uh, before that, uh, two weeks ago, I

274
00:15:08,580 --> 00:15:11,820
S3: was at the Panama Canal. Right. And it was very

275
00:15:11,820 --> 00:15:13,770
S3: enlightening because, you know, we have been working together on

276
00:15:13,770 --> 00:15:15,300
S3: this for quite some time, and I've been doing a

277
00:15:15,300 --> 00:15:19,860
S3: lot more reading on maritime transportation, maritime security. And, uh,

278
00:15:19,860 --> 00:15:22,350
S3: I didn't realize, I think vessels pay like up to

279
00:15:22,350 --> 00:15:27,330
S3: $1.5 million, right, to go through the, uh, the Panama Canal.

280
00:15:27,330 --> 00:15:29,850
S3: And when you look at the cost of that's obviously

281
00:15:29,850 --> 00:15:32,220
S3: very high, but some of these vessels, they can have

282
00:15:32,220 --> 00:15:36,780
S3: up to 13,000 containers, right, Corey? Or even more.

283
00:15:36,780 --> 00:15:38,790
S2: With some of the new super container ships, you could

284
00:15:38,790 --> 00:15:42,630
S2: see 20,000 containers. So what's a 1 million or a

285
00:15:42,630 --> 00:15:46,440
S2: $1.5 million cost divided by 13,000 is.

286
00:15:46,440 --> 00:15:47,340
S3: 100 bucks, right?

287
00:15:47,520 --> 00:15:49,740
S2: Yeah, it's 100 bucks a container. Yeah.

288
00:15:49,800 --> 00:15:53,340
S3: So we don't want obviously we don't want, uh, to give, uh,

289
00:15:53,340 --> 00:15:55,770
S3: ideas right to the bad guys, but obviously they know

290
00:15:55,770 --> 00:16:00,450
S3: this already. And we're talking about, uh, minimum cost per container.

291
00:16:00,450 --> 00:16:03,450
S3: If somebody had to do this and something that they

292
00:16:03,450 --> 00:16:05,250
S3: would probably say, you know what, let's pay it because

293
00:16:05,250 --> 00:16:07,560
S3: we need to release these goods and we need to

294
00:16:07,590 --> 00:16:08,520
S3: to move forward.

295
00:16:09,250 --> 00:16:14,990
S1: Yeah, that. That makes sense. So are there any, uh,

296
00:16:15,440 --> 00:16:19,520
S1: benchmarks here? Like you talked about? One thing with which

297
00:16:19,550 --> 00:16:22,190
S1: Ismael and I might have talked about as well. When

298
00:16:22,190 --> 00:16:26,180
S1: you have, like, traditional network security, you learn all these lessons.

299
00:16:26,180 --> 00:16:28,070
S1: It takes a very long time for people to learn

300
00:16:28,070 --> 00:16:31,520
S1: these lessons. Then you go to web security and nobody

301
00:16:31,520 --> 00:16:34,400
S1: knows those lessons. So you basically need to spend another

302
00:16:34,400 --> 00:16:39,350
S1: decade almost starting over because none of the knowledge transfers.

303
00:16:39,350 --> 00:16:43,640
S1: But in terms of like all these different spaces, you know, web, mobile,

304
00:16:43,640 --> 00:16:47,359
S1: all these other cyber spaces and I would say other

305
00:16:47,360 --> 00:16:50,570
S1: industries as well. How does maritime compare? Like where would

306
00:16:50,570 --> 00:16:55,070
S1: you put us on like a maturity model for maritime cybersecurity?

307
00:16:56,440 --> 00:16:59,170
S2: I. I want to hear what Israel has to say,

308
00:16:59,170 --> 00:17:03,010
S2: but I, I think honestly, from a cybersecurity in general,

309
00:17:03,010 --> 00:17:06,760
S2: when you look at the maritime industry and specifically at vessels,

310
00:17:06,760 --> 00:17:09,220
S2: is probably about 10 or 15 years behind the rest

311
00:17:09,220 --> 00:17:12,730
S2: of the world, um, on this, it's just not a problem.

312
00:17:12,730 --> 00:17:16,600
S2: The industry up until the last few years has really

313
00:17:16,600 --> 00:17:19,300
S2: been awake to the fact that, hey, this is something

314
00:17:19,300 --> 00:17:21,820
S2: that we need to look at and deal with. We

315
00:17:21,850 --> 00:17:25,750
S2: we are talking to clients now that we never thought

316
00:17:25,750 --> 00:17:29,919
S2: we'd be talking to about cybersecurity and protection, and people

317
00:17:29,920 --> 00:17:32,920
S2: are realizing in, in the, in the global maritime industry

318
00:17:32,920 --> 00:17:35,770
S2: that there's a cost to be able to do business.

319
00:17:35,770 --> 00:17:39,400
S2: And now cyber protection is part of that cost. But

320
00:17:39,400 --> 00:17:42,220
S2: if you look at what the costs are to mitigate,

321
00:17:42,220 --> 00:17:46,150
S2: a potential issue could be 10 or 15 times what

322
00:17:46,150 --> 00:17:49,480
S2: the cost is to provide some of the basic protections.

323
00:17:49,480 --> 00:17:52,659
S2: So the industry, it seems like, is now really waking

324
00:17:52,660 --> 00:17:54,970
S2: up to the fact that this could be a real

325
00:17:54,970 --> 00:17:58,630
S2: potential threat. And the threat can be sitting almost, almost

326
00:17:58,630 --> 00:18:00,580
S2: anywhere in the world. But our feeling has been that

327
00:18:00,580 --> 00:18:03,700
S2: the industry is is pretty far behind the time when

328
00:18:03,700 --> 00:18:07,660
S2: it comes to the type of of knowledge and protection

329
00:18:07,660 --> 00:18:11,050
S2: and things that the industry is doing to employ to

330
00:18:11,050 --> 00:18:12,879
S2: be able to mitigate this. Now, some people are on

331
00:18:12,880 --> 00:18:15,159
S2: the other end of the spectrum. There's companies that that

332
00:18:15,160 --> 00:18:20,230
S2: we've dealt with that have incredible protection and have standards

333
00:18:20,230 --> 00:18:22,900
S2: that meet the rest of the world. And then there's

334
00:18:22,900 --> 00:18:26,320
S2: other companies that don't even have a firewall operating on

335
00:18:26,320 --> 00:18:30,609
S2: board their ships and are running old legacy systems, and

336
00:18:30,609 --> 00:18:33,820
S2: networks aren't bifurcated. Some of the basic things that you know,

337
00:18:33,820 --> 00:18:35,890
S2: that you would see, um.

338
00:18:36,580 --> 00:18:40,090
S3: It's very interesting that it's not very different from what

339
00:18:40,090 --> 00:18:44,919
S3: we see in other critical, uh, sectors. Right. And I'm thinking, uh,

340
00:18:44,920 --> 00:18:49,300
S3: transportation in general or factoring where you have, uh, sometimes,

341
00:18:49,300 --> 00:18:51,909
S3: you know, small companies with not a lot of employees,

342
00:18:51,910 --> 00:18:54,639
S3: but they, they have a, you know, really high revenue

343
00:18:54,640 --> 00:18:57,340
S3: and they're being ransomed on a regular basis or they're

344
00:18:57,340 --> 00:19:00,850
S3: being targeted by, uh, threat actors. Um, you know, we've

345
00:19:00,850 --> 00:19:06,609
S3: been looking at, uh, typhoon activity recently, uh, as probably know,

346
00:19:06,609 --> 00:19:10,270
S3: an actor related to, uh, you know, China and how

347
00:19:10,270 --> 00:19:13,450
S3: they're very interested in, in critical infrastructure, especially in the US,

348
00:19:13,450 --> 00:19:16,389
S3: like Cisa has been reporting about this, uh, in the

349
00:19:16,390 --> 00:19:18,850
S3: last few months. And we see on a regular basis,

350
00:19:18,850 --> 00:19:22,990
S3: on a daily basis, activity coming from full typhoon targeting, um,

351
00:19:22,990 --> 00:19:28,030
S3: some of these critical sectors. So legacy systems, right. The interest,

352
00:19:28,030 --> 00:19:31,150
S3: the geopolitical interest from threat actors, that makes an interesting cocktail.

353
00:19:31,150 --> 00:19:33,550
S3: And if you add to that, that there is a

354
00:19:33,550 --> 00:19:37,270
S3: lot of cybersecurity solutions today that they were not designed

355
00:19:37,300 --> 00:19:41,350
S3: for these type of infrastructure. Corey touched on this before, uh,

356
00:19:41,350 --> 00:19:43,240
S3: these ships, these vessels that are in the middle of

357
00:19:43,240 --> 00:19:46,210
S3: the ocean with as they have connectivity. Right? But it's

358
00:19:46,210 --> 00:19:50,800
S3: GPS connectivity, low bandwidth, a lot of these security solutions,

359
00:19:50,800 --> 00:19:54,010
S3: endpoint solutions, for example, they they rely on having a

360
00:19:54,010 --> 00:19:57,400
S3: lot of, uh, a persistent connection, uh, where they can

361
00:19:57,400 --> 00:19:59,530
S3: send a lot of data out and then do all,

362
00:19:59,530 --> 00:20:01,540
S3: all of the analytics in the cloud and all of

363
00:20:01,540 --> 00:20:05,320
S3: the AI, all the fancy stuff that doesn't always work

364
00:20:05,320 --> 00:20:08,409
S3: when a system that it's an older OS and doesn't

365
00:20:08,410 --> 00:20:11,740
S3: have that, uh, high bandwidth. So that that adds up

366
00:20:12,070 --> 00:20:13,149
S3: to the challenge.

367
00:20:13,510 --> 00:20:17,500
S1: Yeah. Interesting. And I think, Corey, you mentioned that this

368
00:20:17,500 --> 00:20:19,240
S1: is going to happen more in the future and that

369
00:20:19,240 --> 00:20:21,910
S1: it's even happening in the past, or at least it's

370
00:20:21,910 --> 00:20:24,310
S1: been tested. But what are some of those other things

371
00:20:24,310 --> 00:20:25,390
S1: that have already happened?

372
00:20:26,160 --> 00:20:29,250
S2: So there's one thing that that pops out in my

373
00:20:29,250 --> 00:20:33,990
S2: mind is there was back in 2013, there was an

374
00:20:33,990 --> 00:20:38,520
S2: attack on an oil rig where the attackers gained access

375
00:20:38,520 --> 00:20:41,130
S2: to the navigation system on an oil rig. As you know,

376
00:20:41,130 --> 00:20:43,890
S2: a lot of oil rigs are floating platforms, and there

377
00:20:43,890 --> 00:20:47,070
S2: is navigation where they move to stay in a particular spot,

378
00:20:47,070 --> 00:20:51,629
S2: and the attackers actually gained access remotely to the navigation

379
00:20:51,630 --> 00:20:55,199
S2: system and pulled the oil rig basically off station and

380
00:20:55,200 --> 00:20:57,060
S2: was shut down, I think, for 2 or 3 months.

381
00:20:57,060 --> 00:21:00,389
S2: That was really one of the very first cases that

382
00:21:00,390 --> 00:21:04,380
S2: that we really saw where there was interference directly within

383
00:21:04,380 --> 00:21:08,639
S2: a navigation system of a vessel. And this was 2013. Um,

384
00:21:08,640 --> 00:21:11,220
S2: there was a case, I believe, within the last month

385
00:21:11,220 --> 00:21:14,219
S2: that our Intel teams were looking at as there was

386
00:21:14,220 --> 00:21:18,899
S2: a vessel in the Persian Gulf that had navigation system interference. Um,

387
00:21:18,900 --> 00:21:22,440
S2: and we're seeing along with that, not just the potential

388
00:21:22,440 --> 00:21:24,780
S2: of interference with the nav system on board, but one

389
00:21:24,780 --> 00:21:27,930
S2: of the things that Ishmael had mentioned was the GPS spoofing.

390
00:21:27,930 --> 00:21:32,760
S2: It's very easy to spoof the Global Positioning System, maybe

391
00:21:32,760 --> 00:21:37,290
S2: not necessarily to get into the satellite side, but local spoofing.

392
00:21:37,290 --> 00:21:40,530
S2: You can spend about 30 minutes on the internet, get

393
00:21:40,530 --> 00:21:43,650
S2: a few hundred dollars in equipment, and you can fairly

394
00:21:43,650 --> 00:21:49,800
S2: easily locally spoof, uh, GPS. So it's interesting the also,

395
00:21:49,800 --> 00:21:53,400
S2: some of the inherent insecurity in some of the way

396
00:21:53,400 --> 00:21:57,389
S2: the maritime systems are designed is much different than, than

397
00:21:57,390 --> 00:22:01,560
S2: other industries. The, the International Maritime Organization or we refer

398
00:22:01,560 --> 00:22:05,310
S2: to the IMO. The standards are set by the IMO

399
00:22:05,310 --> 00:22:10,140
S2: and then are pushed into all of the the signatory countries.

400
00:22:10,140 --> 00:22:12,450
S2: So you have to imagine that you have to get

401
00:22:12,450 --> 00:22:17,460
S2: basically 190 countries to agree on a particular standard when

402
00:22:17,460 --> 00:22:20,280
S2: it comes to how something is going to work. And,

403
00:22:20,280 --> 00:22:22,830
S2: and some of those countries are good guy countries and

404
00:22:22,830 --> 00:22:26,129
S2: others are bad guy countries. So yeah, it's it's interesting

405
00:22:26,160 --> 00:22:30,690
S2: to see how this standard works that that may not have, um,

406
00:22:30,960 --> 00:22:34,320
S2: be similar to like the financial industry or health care

407
00:22:34,320 --> 00:22:36,870
S2: where the US can set its own standard and the

408
00:22:36,869 --> 00:22:39,300
S2: UK and the EU and there's all these standards where

409
00:22:39,300 --> 00:22:43,560
S2: shipping it's a pretty similar standard. So this whole global

410
00:22:43,560 --> 00:22:46,050
S2: industry is able to work together.

411
00:22:46,920 --> 00:22:51,699
S1: You know, what I find interesting is, uh. There's a

412
00:22:51,700 --> 00:22:55,239
S1: corollary with local crime. So there's a thing in the

413
00:22:55,240 --> 00:23:01,240
S1: Bay area here with people stealing catalytic converters. Um, and

414
00:23:01,240 --> 00:23:06,460
S1: it's what's interesting is it, um, wasn't really a big thing.

415
00:23:06,460 --> 00:23:11,149
S1: And once it became a thing. Obviously within the criminal community.

416
00:23:11,150 --> 00:23:15,020
S1: It just started happening and everybody it it became like

417
00:23:15,020 --> 00:23:19,100
S1: a viral spread of a meme of like, this is

418
00:23:19,100 --> 00:23:21,680
S1: a way to make money. And all of a sudden

419
00:23:21,680 --> 00:23:24,139
S1: a bunch of criminals started doing it. So your, your

420
00:23:24,140 --> 00:23:26,750
S1: car was literally at threat. And I wonder if there

421
00:23:26,750 --> 00:23:30,080
S1: was a similarity here where if criminals realize, hey, wait

422
00:23:30,080 --> 00:23:33,650
S1: a minute, there's actually lots of money there. Wow. Think

423
00:23:33,650 --> 00:23:39,080
S1: about how much money they have available or how important

424
00:23:39,080 --> 00:23:41,840
S1: it is for them to deliver their cargo. Therefore, they

425
00:23:41,840 --> 00:23:44,540
S1: will pay this much ransom. It's the type of thing

426
00:23:44,540 --> 00:23:47,450
S1: where the spotlight shines on something interesting for the whole

427
00:23:47,450 --> 00:23:50,540
S1: criminal community. And they're very smart and they're very synchronized,

428
00:23:50,540 --> 00:23:52,490
S1: and then they just start going there. Do you think

429
00:23:52,490 --> 00:23:57,280
S1: this could become like. Similar to ransomware. In the past,

430
00:23:57,280 --> 00:23:59,620
S1: it wasn't being done and all of a sudden it was.

431
00:23:59,920 --> 00:24:02,949
S1: Could it really jump in incidents, do you think because

432
00:24:02,950 --> 00:24:03,609
S1: of that?

433
00:24:05,410 --> 00:24:07,300
S3: I was actually discussing this with Corey, you know, a

434
00:24:07,300 --> 00:24:10,090
S3: few weeks ago as well. We were, um, discussing like,

435
00:24:10,090 --> 00:24:13,270
S3: global trends in I think it's just a matter of,

436
00:24:13,270 --> 00:24:17,410
S3: of time. And sometimes it may actually be happening today,

437
00:24:17,410 --> 00:24:19,419
S3: but we don't have the visibility because of the reasons

438
00:24:19,420 --> 00:24:22,420
S3: we mentioned before, because they don't have the solutions in place.

439
00:24:22,420 --> 00:24:25,540
S3: And we may as we get more visibility into these,

440
00:24:25,540 --> 00:24:28,420
S3: we may say, oh, so these systems have been maybe

441
00:24:28,420 --> 00:24:31,510
S3: compromised for, for quite some time. And it's just that

442
00:24:31,510 --> 00:24:35,169
S3: it doesn't have it doesn't have that impact yet. Uh,

443
00:24:35,170 --> 00:24:38,919
S3: but for example, if you look at the availability of

444
00:24:38,920 --> 00:24:42,340
S3: a lot of these tools, uh, many of the weapons

445
00:24:42,340 --> 00:24:45,400
S3: that we see, uh, being used by attackers today are

446
00:24:45,400 --> 00:24:50,560
S3: open source. Right? And X werm a sink rat. Um,

447
00:24:50,560 --> 00:24:55,000
S3: I don't know you black matter. There's a lot of rats, right?

448
00:24:55,000 --> 00:24:57,550
S3: Remote access tools out there that we see being used

449
00:24:57,550 --> 00:25:01,119
S3: by cyber criminals worldwide, and they're just open source tools.

450
00:25:01,119 --> 00:25:05,230
S3: We just didn't have that much availability of those tools before. So.

451
00:25:05,230 --> 00:25:07,359
S3: So absolutely. I think it's a matter of time. It

452
00:25:07,359 --> 00:25:10,090
S3: might be actually happening, but we may not just see it.

453
00:25:10,869 --> 00:25:13,600
S2: I would I would agree and I, I think to

454
00:25:13,600 --> 00:25:16,450
S2: that to Ishmael's point, I think it is happening. We're

455
00:25:16,450 --> 00:25:21,190
S2: starting to see more and more of of things happening

456
00:25:21,190 --> 00:25:24,310
S2: on vessels that you kind of scratch your head and

457
00:25:24,310 --> 00:25:27,790
S2: say that's a cyber incident. And the other thing that

458
00:25:27,790 --> 00:25:31,840
S2: the industry does a very bad job of is sharing information,

459
00:25:31,840 --> 00:25:36,460
S2: unless it's required by some government organization like the SEC

460
00:25:36,460 --> 00:25:40,180
S2: here in the United States, you're not going to have, um,

461
00:25:40,180 --> 00:25:44,109
S2: companies sharing information on how they were attacked. It's just

462
00:25:44,109 --> 00:25:47,800
S2: it's really interesting to see that where in other interesting

463
00:25:47,830 --> 00:25:50,950
S2: industries you do have that information sharing, but we just

464
00:25:50,950 --> 00:25:54,399
S2: don't have it in the maritime industry. Eventually, I think

465
00:25:54,400 --> 00:25:57,399
S2: the industry is going to get there because that spotlight

466
00:25:57,400 --> 00:26:01,180
S2: is moving slowly on to this industry. But we kind

467
00:26:01,180 --> 00:26:04,570
S2: of feel from the interactions that that we're having in

468
00:26:04,570 --> 00:26:09,340
S2: the industry that this is happening more and more than

469
00:26:09,340 --> 00:26:11,950
S2: a number of companies are willing to admit.

470
00:26:12,400 --> 00:26:15,820
S1: Um, so do you have a list of these, by

471
00:26:15,820 --> 00:26:18,460
S1: any chance? Uh, if not, you should start a GitHub.

472
00:26:18,460 --> 00:26:21,700
S1: I'm like, all into this, uh, starting a public repo

473
00:26:21,700 --> 00:26:25,390
S1: right now for different things. So it would be nice.

474
00:26:25,390 --> 00:26:28,570
S1: You don't have to mark it as like, definitely. But

475
00:26:28,570 --> 00:26:31,659
S1: if it's unknown and it looks fishy to you, like

476
00:26:31,660 --> 00:26:33,639
S1: you're going to have like the best knows in the

477
00:26:33,640 --> 00:26:37,899
S1: industry for smelling this out. Uh, especially you two combined.

478
00:26:37,900 --> 00:26:40,750
S1: So what if there was a GitHub repo and it was, like,

479
00:26:40,750 --> 00:26:44,320
S1: possible cyber related maritime, and then you could have at

480
00:26:44,320 --> 00:26:48,410
S1: the table, confirmed or not. That would be super useful.

481
00:26:48,410 --> 00:26:50,840
S1: It would be like the best source anywhere.

482
00:26:51,600 --> 00:26:54,120
S2: It. It would it would be interesting to do. We

483
00:26:54,119 --> 00:26:56,399
S2: would just have to figure out from our all of

484
00:26:56,400 --> 00:26:59,970
S2: our nondisclosure legal agreements and protect our clients of, of

485
00:26:59,970 --> 00:27:02,159
S2: that type of information. But to to give you an

486
00:27:02,160 --> 00:27:04,590
S2: example we thought was really interesting is we were working

487
00:27:04,590 --> 00:27:07,619
S2: with a client and we were on board their vessel

488
00:27:07,619 --> 00:27:10,860
S2: and they were they were doing some repair work. So

489
00:27:10,859 --> 00:27:13,919
S2: so we were talking to them about some of our solutions,

490
00:27:13,920 --> 00:27:15,929
S2: and they, they mentioned to us that they had to

491
00:27:15,930 --> 00:27:19,740
S2: replace all of their bridge navigation hardware. That's really unusual

492
00:27:19,770 --> 00:27:21,750
S2: because it was not that old. So we asked them

493
00:27:21,750 --> 00:27:23,850
S2: and they said, well, we don't know what happened. There

494
00:27:23,850 --> 00:27:26,669
S2: was some issue and the computer systems are corrupt and

495
00:27:26,670 --> 00:27:28,950
S2: they're not working. And we just kind of walked away

496
00:27:28,950 --> 00:27:32,070
S2: from that laughing, saying, yeah, you guys were the oh,

497
00:27:32,070 --> 00:27:34,409
S2: you guys were the were the victims of a direct

498
00:27:34,410 --> 00:27:38,280
S2: cyber attack. And now they're replacing hundreds of thousands, if

499
00:27:38,280 --> 00:27:42,960
S2: not millions of dollars in navigation hardware because it's rendered completely,

500
00:27:42,960 --> 00:27:47,459
S2: completely useless. And that's that's a story that we're seeing, um,

501
00:27:47,460 --> 00:27:52,260
S2: more and more often, um, that there's issues and computer

502
00:27:52,260 --> 00:27:55,770
S2: systems have to physically be replaced. It's I mean, that's

503
00:27:55,770 --> 00:27:58,050
S2: if you look at Maersk, that's basically what happened is

504
00:27:58,050 --> 00:28:00,989
S2: every system in Maersk, for the most part had to

505
00:28:00,990 --> 00:28:04,740
S2: be replaced. That that's just an interesting. And that wasn't

506
00:28:04,740 --> 00:28:07,260
S2: even an a direct attack on the company Maersk that

507
00:28:07,260 --> 00:28:09,930
S2: came in through, I think it was a third party

508
00:28:09,930 --> 00:28:13,440
S2: accounting software provider that they were using that the attack

509
00:28:13,440 --> 00:28:17,310
S2: then launched into the entire Maersk system. But there was

510
00:28:17,310 --> 00:28:20,430
S2: there was a huge replacement cost for them to replace

511
00:28:20,430 --> 00:28:23,640
S2: systems that were were affected by that. And we're we're

512
00:28:23,640 --> 00:28:28,290
S2: starting to see that some, some more often in, in maritime.

513
00:28:28,590 --> 00:28:31,379
S3: Yeah. We have been talking about cargo ships right here.

514
00:28:31,380 --> 00:28:35,280
S3: But but maritime security, it's also about cruises. It's also

515
00:28:35,280 --> 00:28:36,270
S3: about oh.

516
00:28:36,270 --> 00:28:37,590
S1: Yeah that's a good point.

517
00:28:37,680 --> 00:28:42,510
S3: Think about right. So think about, uh, you know, uh, VIP, uh, folks,

518
00:28:42,510 --> 00:28:47,250
S3: executives maybe, you know, um, being targeted by some of these, uh,

519
00:28:47,250 --> 00:28:50,610
S3: threat actors or just large cruises, right.

520
00:28:50,970 --> 00:28:53,310
S2: Uh, or if you look at that VIP side, Ishmael,

521
00:28:53,310 --> 00:28:56,760
S2: the large yachts, I mean, that's your top. You take

522
00:28:56,760 --> 00:29:00,480
S2: your top 50 wealthiest people in the world, and a

523
00:29:00,480 --> 00:29:03,810
S2: lot of them have their own large yacht. And it's

524
00:29:03,810 --> 00:29:07,410
S2: interesting that some of these yachts do very well on

525
00:29:07,410 --> 00:29:11,190
S2: protecting the vessel from a cyber perspective. And other large

526
00:29:11,190 --> 00:29:14,850
S2: yachts are just absolutely head in the sand, horrible when

527
00:29:14,850 --> 00:29:17,730
S2: it comes to that. But you have some of these

528
00:29:17,730 --> 00:29:19,860
S2: wealthiest people in the world that are on board their

529
00:29:19,860 --> 00:29:23,910
S2: yacht actually conducting business with their companies and, and all

530
00:29:23,910 --> 00:29:26,760
S2: of these things that are, that are happening. And then

531
00:29:26,850 --> 00:29:29,280
S2: also to your point, you look at at cruise ships,

532
00:29:29,280 --> 00:29:31,110
S2: there was a there was a cruise ship, and I

533
00:29:31,110 --> 00:29:34,830
S2: won't say which one, but one of our, our tech

534
00:29:34,830 --> 00:29:39,120
S2: people was on board doing something, and he found that

535
00:29:39,120 --> 00:29:43,050
S2: he was very easily able to pivot from the guest

536
00:29:43,050 --> 00:29:47,670
S2: network into the bridge operations network with without really doing

537
00:29:47,670 --> 00:29:50,550
S2: anything at all. And I'm like, oh, there's a red flag.

538
00:29:50,550 --> 00:29:52,710
S2: We let them know, hey, you may want to look

539
00:29:52,710 --> 00:29:54,360
S2: at that, but even some of the stuff that you

540
00:29:54,360 --> 00:29:57,600
S2: would think like some of the basic IT protections in place,

541
00:29:57,600 --> 00:30:01,350
S2: sometimes people don't seem to think about that. Like we

542
00:30:01,350 --> 00:30:04,380
S2: recommend to our clients, like, hey, your crew network on

543
00:30:04,380 --> 00:30:07,380
S2: board your cargo ship or your large yacht that shouldn't

544
00:30:07,380 --> 00:30:09,810
S2: be connected to any critical system. We call it the

545
00:30:09,810 --> 00:30:12,660
S2: Wild West. Let them do whatever they want. If they

546
00:30:12,660 --> 00:30:16,380
S2: give each other viruses and it shuts down their systems phones,

547
00:30:16,380 --> 00:30:19,410
S2: who cares? But that keep that bifurcated and everything that

548
00:30:19,410 --> 00:30:23,070
S2: operates on the critical networks, that needs endpoint protection, that

549
00:30:23,070 --> 00:30:25,620
S2: needs to be behind the firewall, those need to be

550
00:30:25,620 --> 00:30:29,310
S2: protected and bifurcated. Uh, pretty well. But a lot of

551
00:30:29,310 --> 00:30:31,770
S2: times you just don't you don't see that. And, and

552
00:30:31,770 --> 00:30:35,580
S2: the crews are the ones, unfortunately, are bringing the viruses on,

553
00:30:35,580 --> 00:30:38,610
S2: whether it's through social media or other sites or, or

554
00:30:38,610 --> 00:30:42,360
S2: other things that are happening, just like in a financial institution,

555
00:30:42,360 --> 00:30:44,550
S2: it's the people who are on their computers and jump

556
00:30:44,550 --> 00:30:47,880
S2: on to a social media site or download something that

557
00:30:47,880 --> 00:30:50,250
S2: they think is benign. And all of a sudden you've launched,

558
00:30:50,250 --> 00:30:51,750
S2: you've launched an attack.

559
00:30:52,670 --> 00:30:56,000
S3: Segmentation, right. You talked about that before, like how, you know,

560
00:30:56,000 --> 00:30:59,780
S3: we keep, uh, bumping into the same problem, the same, uh,

561
00:30:59,780 --> 00:31:01,010
S3: back to the basics.

562
00:31:01,190 --> 00:31:05,660
S1: Yeah. Every time. Relearn the fundamentals. Yeah. What happens with, uh,

563
00:31:05,660 --> 00:31:10,340
S1: autonomous or aren't a lot of people talking about autonomous vessels?

564
00:31:11,560 --> 00:31:14,980
S2: So that that that's very interesting is, is there are

565
00:31:14,980 --> 00:31:18,340
S2: some autonomous vessels that are operating, um, in parts of

566
00:31:18,340 --> 00:31:21,430
S2: the world. And I know, um, that there are a

567
00:31:21,430 --> 00:31:23,890
S2: number of governments that are looking at the use of

568
00:31:23,890 --> 00:31:27,910
S2: autonomous vessels to be able to move people and cargo

569
00:31:27,910 --> 00:31:32,110
S2: from vessels at anchor into shore, potentially much quicker and

570
00:31:32,110 --> 00:31:35,470
S2: more efficiently than trying to have berthing space for, for

571
00:31:35,470 --> 00:31:37,600
S2: all of these vessels. So there's a lot of look

572
00:31:37,600 --> 00:31:40,900
S2: at being able to use autonomous vessels. Now, the nice

573
00:31:40,900 --> 00:31:44,890
S2: thing about that is, is there's some really good tools

574
00:31:44,890 --> 00:31:48,610
S2: that are available to protect that communication link from the

575
00:31:48,610 --> 00:31:51,580
S2: shore to the autonomous vessel, and then tools for on

576
00:31:51,580 --> 00:31:54,550
S2: board and and realistically, for the most part, you don't

577
00:31:54,550 --> 00:31:57,880
S2: need to have a crew network on board those vessels.

578
00:31:57,880 --> 00:32:01,060
S2: It's all internal operation to that vessel because it's a

579
00:32:01,060 --> 00:32:05,500
S2: quick trip from the Anchorage in and and so but

580
00:32:05,500 --> 00:32:09,580
S2: that does add a very interesting mix. Um, when you

581
00:32:09,580 --> 00:32:12,610
S2: look at the cyber protection piece, especially as you start

582
00:32:12,610 --> 00:32:15,880
S2: to get what I'd call the over the horizon autonomous vessels,

583
00:32:15,880 --> 00:32:18,820
S2: these are vessels that are, that are not going, you know,

584
00:32:18,820 --> 00:32:22,060
S2: ten or 20 or 30 nautical miles, but hundreds of

585
00:32:22,060 --> 00:32:26,320
S2: nautical miles. And now you're moving communication potentially from a

586
00:32:26,320 --> 00:32:29,980
S2: point to point network into the satellite network. So that

587
00:32:29,980 --> 00:32:34,030
S2: opens up other potential vulnerabilities as, as you start to

588
00:32:34,030 --> 00:32:37,690
S2: get into this and and especially with, with vessels, I mean,

589
00:32:37,690 --> 00:32:39,850
S2: there's there's a lot of things that you would need

590
00:32:39,850 --> 00:32:43,750
S2: to do to, to protect a vessel, um, from the

591
00:32:43,750 --> 00:32:47,410
S2: autonomous standpoint, because all the navigation control is controlled by

592
00:32:47,410 --> 00:32:51,790
S2: a computer in some operations center somewhere on shore. So it's. Yeah,

593
00:32:51,790 --> 00:32:54,730
S2: that's going to be very interesting as, as these autonomous

594
00:32:54,730 --> 00:32:57,670
S2: vessels in the next 5 or 10 years start to

595
00:32:57,670 --> 00:33:01,780
S2: become more prevalent, prevalent in the industry.

596
00:33:02,140 --> 00:33:06,760
S1: Yeah. And how how are people actually going to get better?

597
00:33:06,760 --> 00:33:09,010
S1: Like where where are they going to learn this stuff

598
00:33:09,010 --> 00:33:12,070
S1: from like, and how is threat Intel actually going to

599
00:33:12,070 --> 00:33:14,500
S1: help them do that. Like do you see more coverage

600
00:33:14,500 --> 00:33:17,740
S1: of threat Intel stuff? Is smile moving to this area

601
00:33:17,740 --> 00:33:22,330
S1: like more interest from the industry? Um, and for for

602
00:33:22,330 --> 00:33:26,410
S1: the actual customers themselves or the operators themselves. Where are

603
00:33:26,410 --> 00:33:28,540
S1: they going to go? Because it doesn't seem like there's

604
00:33:28,540 --> 00:33:31,660
S1: many cyber maritime resources out there.

605
00:33:32,580 --> 00:33:34,260
S3: Well, that's a very good question. And I have to

606
00:33:34,260 --> 00:33:37,410
S3: say that, you know, I didn't um, I wasn't very

607
00:33:37,650 --> 00:33:40,260
S3: knowledgeable on this on this field before. I don't think

608
00:33:40,260 --> 00:33:42,570
S3: I'm not, you know, very knowledgeable or an expert right now.

609
00:33:42,570 --> 00:33:46,020
S3: But obviously since, uh, we've been working, uh, closer with, uh,

610
00:33:46,020 --> 00:33:50,910
S3: Quarry and Dryad security, uh, their team, we've been we've

611
00:33:50,910 --> 00:33:54,780
S3: been learning more about this, this industry and how, um, like,

612
00:33:54,780 --> 00:33:57,510
S3: every industry has something in particular. Right? I think we

613
00:33:57,510 --> 00:34:00,060
S3: have talked about this before, how threat intelligence is so

614
00:34:00,060 --> 00:34:03,540
S3: related to the geopolitics and what we see in each region,

615
00:34:03,540 --> 00:34:05,880
S3: how it's a specific to that, what we see, for example,

616
00:34:05,880 --> 00:34:09,810
S3: in the Suez Canal. Right. It's very specific to to that,

617
00:34:09,810 --> 00:34:14,670
S3: to that geopolitical situation right there. Um, and that transfer

618
00:34:14,670 --> 00:34:19,320
S3: to absolutely everything. So hopefully by doing sessions like this,

619
00:34:19,320 --> 00:34:21,810
S3: like your podcast. Thanks for having us. Uh, Daniel. Right.

620
00:34:21,810 --> 00:34:25,440
S3: We can we can create more awareness on these issues,

621
00:34:25,440 --> 00:34:28,530
S3: but definitely, uh, you know, Dryad is, uh, a company

622
00:34:28,530 --> 00:34:30,480
S3: that is doing a lot of, uh, work on, on

623
00:34:30,480 --> 00:34:34,049
S3: these with, uh, Corey leading that. And we as a

624
00:34:34,050 --> 00:34:37,620
S3: technology provider, we're very happy to, to empower them to

625
00:34:37,620 --> 00:34:40,860
S3: be able to provide these, uh, security, uh, protection and

626
00:34:40,860 --> 00:34:44,670
S3: security services, including the threat intelligence. Right. Because, you know,

627
00:34:44,670 --> 00:34:46,830
S3: correct me if I'm if I'm wrong, Corey. But you

628
00:34:46,830 --> 00:34:50,730
S3: you guys have a lot of experience sharing, uh, you know,

629
00:34:50,730 --> 00:34:55,680
S3: not just cyber security intelligence, but traditional threat Intel to, uh,

630
00:34:55,680 --> 00:34:59,160
S3: to these, uh, vessels and these cruises. And cyber security

631
00:34:59,160 --> 00:35:02,100
S3: is just one more aspect, right, of that, um, of

632
00:35:02,100 --> 00:35:05,130
S3: that type of communication that you provide to your customers.

633
00:35:05,460 --> 00:35:09,990
S3: So hopefully organizations are getting a lot more, um, aware

634
00:35:09,989 --> 00:35:10,410
S3: of this.

635
00:35:10,410 --> 00:35:14,670
S1: That's good. So is there any reason for optimism, like

636
00:35:14,670 --> 00:35:18,750
S1: is there any, uh, positive side to this? Corey looking forward.

637
00:35:19,590 --> 00:35:24,029
S2: I think there is. And and as we, we work to,

638
00:35:24,060 --> 00:35:27,360
S2: to really try to educate the industry and and it's

639
00:35:27,360 --> 00:35:29,609
S2: not just Dryad and the people here. I mean, we're

640
00:35:29,610 --> 00:35:32,790
S2: working with with Ishmael and his team at BlackBerry, but

641
00:35:32,790 --> 00:35:36,359
S2: also just other companies is if we start to share

642
00:35:36,360 --> 00:35:40,200
S2: information and intelligence across the industry, it helps the entire

643
00:35:40,200 --> 00:35:42,780
S2: industry be protected. And I think we're going to start

644
00:35:42,780 --> 00:35:46,049
S2: to slowly see that shift where people are going to

645
00:35:46,050 --> 00:35:49,410
S2: be willing to share that information and intelligence back and

646
00:35:49,410 --> 00:35:52,170
S2: forth with each other to get an idea. Hey, we

647
00:35:52,170 --> 00:35:54,509
S2: saw this, and that confirms what you guys said over

648
00:35:54,510 --> 00:35:58,050
S2: here or whatever that may be. As we're seeing, information

649
00:35:58,050 --> 00:36:01,410
S2: sharing really is the key to how protection is done

650
00:36:01,410 --> 00:36:04,620
S2: in the government and in the health care industry and

651
00:36:04,620 --> 00:36:07,740
S2: financial and critical infrastructure. And I think we're going to

652
00:36:07,739 --> 00:36:10,830
S2: see that here. The maritime industry is is kind of

653
00:36:10,830 --> 00:36:13,530
S2: at just the dawn of waking up to we really

654
00:36:13,530 --> 00:36:15,900
S2: need to start to look at this problem. And as

655
00:36:15,900 --> 00:36:19,170
S2: this evolves, this is going to evolve in the maritime industry,

656
00:36:19,170 --> 00:36:21,630
S2: much different, I think, than it has in other industries.

657
00:36:21,630 --> 00:36:25,920
S2: Just because technology is evolving so rapidly and we're seeing

658
00:36:25,920 --> 00:36:27,930
S2: in the next few years we're going to see really,

659
00:36:27,930 --> 00:36:32,790
S2: I think AI integrated into some of these solutions that

660
00:36:32,790 --> 00:36:36,540
S2: is going to help this industry really advance the level

661
00:36:36,540 --> 00:36:41,190
S2: of of protection. So I'm pretty optimistic. This industry, um,

662
00:36:41,190 --> 00:36:46,710
S2: is is built on a ton of very, very intelligent people, um,

663
00:36:46,710 --> 00:36:49,830
S2: who are very concerned about this. So it's good to

664
00:36:49,830 --> 00:36:53,160
S2: see the industry waking up. And, and I'm pretty optimistic

665
00:36:53,160 --> 00:36:54,840
S2: that I think this is going to be an issue

666
00:36:54,840 --> 00:36:56,939
S2: from an industry perspective that we're going to be able

667
00:36:56,940 --> 00:37:00,750
S2: to solve. I've been it was funny, my first cybersecurity

668
00:37:00,750 --> 00:37:02,940
S2: seminar that I ever did in the maritime industry, I

669
00:37:02,940 --> 00:37:07,950
S2: think was back in 2013 or 2014, and ten people

670
00:37:07,950 --> 00:37:10,500
S2: showed up, and it was exciting just to have ten

671
00:37:10,500 --> 00:37:13,350
S2: people in the room in maritime who are like, hey,

672
00:37:13,350 --> 00:37:16,680
S2: what's this cyber thing? So you think back to 2013,

673
00:37:16,680 --> 00:37:21,180
S2: 2014 now when I, when I am part of these presentations,

674
00:37:21,180 --> 00:37:24,060
S2: you get hundreds of people in the room and the

675
00:37:24,060 --> 00:37:27,030
S2: webinars that that we do, and we have a number

676
00:37:27,030 --> 00:37:29,730
S2: of them planned and not just us, but other cyber

677
00:37:29,730 --> 00:37:32,610
S2: companies in the maritime industry. You're not getting 10 or

678
00:37:32,610 --> 00:37:35,550
S2: 20 people. You're getting hundreds of people around the globe

679
00:37:35,550 --> 00:37:38,310
S2: signing up. We've had people reach out to us after

680
00:37:38,310 --> 00:37:40,620
S2: our last webinar we did just a couple of weeks

681
00:37:40,620 --> 00:37:43,230
S2: ago with BlackBerry as, hey, could you do a webinar

682
00:37:43,230 --> 00:37:47,310
S2: specifically on on the threat intelligence for this and what's

683
00:37:47,310 --> 00:37:51,060
S2: happening in this sector of the industry? So we're already

684
00:37:51,060 --> 00:37:53,640
S2: seeing a sea change, you know, pardon the pun, but

685
00:37:53,640 --> 00:37:56,880
S2: a sea change of people in the industry kind of

686
00:37:56,880 --> 00:38:00,509
S2: waking up to this fact of like, oh, okay. And

687
00:38:00,510 --> 00:38:02,939
S2: it's just but I but I laugh as like those

688
00:38:02,940 --> 00:38:06,060
S2: ten people, hey, they got 100% of me. And if

689
00:38:06,060 --> 00:38:08,430
S2: 2 or 300 people show up, they get 100%. But

690
00:38:08,430 --> 00:38:10,920
S2: it's just it's really cool to see that people are

691
00:38:10,920 --> 00:38:14,880
S2: really waking up to that and now want the information. And,

692
00:38:14,880 --> 00:38:17,550
S2: and so we're doing with BlackBerry to work on that,

693
00:38:17,550 --> 00:38:19,710
S2: to be able to say, hey, we may see this

694
00:38:19,710 --> 00:38:24,299
S2: potential threat in government or in the financial or health care,

695
00:38:24,300 --> 00:38:27,390
S2: but that threat is going to very quickly, in some form,

696
00:38:27,390 --> 00:38:31,020
S2: probably move into maritime. So we almost have the ability

697
00:38:31,020 --> 00:38:34,020
S2: to look into the future, to say, okay, what's happening

698
00:38:34,020 --> 00:38:36,810
S2: in some of these other sectors that we think has

699
00:38:36,810 --> 00:38:41,040
S2: a really good potential to then migrate into the maritime space.

700
00:38:41,130 --> 00:38:44,250
S1: Yeah. Well, that makes sense. And speaking of that information,

701
00:38:44,250 --> 00:38:46,830
S1: you you mentioned a webinar. We're going to get all

702
00:38:46,830 --> 00:38:50,009
S1: the links for the description in the video. But uh,

703
00:38:50,010 --> 00:38:53,850
S1: you're talking about a webinar you did with a University

704
00:38:53,850 --> 00:38:57,989
S1: of Plymouth, I think. Yeah, yeah. And then um, there's

705
00:38:57,989 --> 00:39:00,570
S1: also a threat report that came out. Right. Ismail.

706
00:39:00,989 --> 00:39:04,170
S3: Yep. The threat report with the global trends. And we

707
00:39:04,170 --> 00:39:07,230
S3: were sharing, you know, these statistics with, uh, with Dryad

708
00:39:07,230 --> 00:39:09,690
S3: Global as well. And it's very interesting because we kind

709
00:39:09,690 --> 00:39:12,930
S3: of see like that correlation, right with what what's happening

710
00:39:12,930 --> 00:39:14,760
S3: in maritime security as well.

711
00:39:16,000 --> 00:39:21,910
S1: Yeah, it seems like I could help. Maybe be like

712
00:39:21,910 --> 00:39:25,270
S1: a buffer to hopefully speed up adoption. Because the thing

713
00:39:25,270 --> 00:39:27,190
S1: I like the most about AI is the fact that

714
00:39:27,190 --> 00:39:30,279
S1: it never sleeps. So if you have an agent that

715
00:39:30,280 --> 00:39:34,600
S1: could watch and just sort of help, maybe monitor or

716
00:39:34,810 --> 00:39:39,250
S1: pay attention to the cybersecurity of the ship, that would

717
00:39:39,250 --> 00:39:42,759
S1: be nice. Like like a crew member that doesn't sleep.

718
00:39:42,790 --> 00:39:45,940
S1: That's one possible avenue. But, um, yeah, this is great.

719
00:39:45,940 --> 00:39:46,839
S1: I definitely we don't.

720
00:39:46,840 --> 00:39:49,359
S2: We don't sleep. Daniel. I mean, we're we're that's true

721
00:39:49,360 --> 00:39:51,340
S2: all all the time. We're in we're in separate time

722
00:39:51,340 --> 00:39:53,830
S2: zones now. So, you know, it's it's my turn to

723
00:39:53,830 --> 00:39:55,630
S2: take the proverbial watch here.

724
00:39:56,110 --> 00:39:58,779
S1: It's it's hard to scale, though. You got to be

725
00:39:58,780 --> 00:40:00,489
S1: on a lot of boats. Got to be on a

726
00:40:00,489 --> 00:40:02,830
S1: lot of boats. Well, this is, uh, great info. I'm

727
00:40:02,830 --> 00:40:05,560
S1: going to put all the, uh, stuff in the video

728
00:40:05,560 --> 00:40:08,620
S1: description as well. And it was, uh, great getting an

729
00:40:08,620 --> 00:40:10,810
S1: education on this. Really appreciate the time.

730
00:40:11,560 --> 00:40:13,480
S2: Thank you very much, Daniel. It's great to be on.

731
00:40:13,480 --> 00:40:14,110
S2: Thank you.

732
00:40:14,140 --> 00:40:15,069
S1: All right. Take care.