WEBVTT - A Conversation on Maritime Security with BlackBerry Threat Intelligence 0:00:00.540 --> 0:00:03.900 All right. Welcome to Unsupervised Learning. This is Daniel Meisler 0:00:03.900 --> 0:00:09.480 and happy to have on today Corey Ransom, CEO at Dryad. 0:00:09.480 --> 0:00:15.900 And Ismael Valenzuela, VP of threat research and Intelligence at BlackBerry. 0:00:16.050 --> 0:00:17.280 Welcome to the show. 0:00:18.110 --> 0:00:19.099 Thanks for having me. 0:00:19.790 --> 0:00:20.780 Thank you, thank you. Daniel. 0:00:22.430 --> 0:00:25.579 Awesome. So we want to talk about maritime security today. 0:00:25.579 --> 0:00:28.580 And it's good that we have Cory here because I 0:00:28.580 --> 0:00:31.820 did not feel, uh, qualified to be an expert there. 0:00:31.820 --> 0:00:34.220 So good to have everyone on and good to see 0:00:34.220 --> 0:00:35.449 you again, Ismail. 0:00:36.210 --> 0:00:37.110 You'll see again, Daniel. 0:00:39.010 --> 0:00:42.430 Well, very cool. So, um, I think the reason we're 0:00:42.430 --> 0:00:44.890 talking about this is because of the incident that happened 0:00:44.890 --> 0:00:48.970 in Baltimore. And I guess. The big part of my 0:00:48.970 --> 0:00:53.229 questions here are how does the maritime stuff generalize out 0:00:53.229 --> 0:00:59.890 to other areas? Right. Um, so so with the Baltimore incident. 0:01:00.800 --> 0:01:03.500 What are the things we should be thinking about with 0:01:03.500 --> 0:01:06.860 maritime security? Can you kind of give us an overview, Cory? 0:01:07.700 --> 0:01:11.540 Sure. That that's a that's a really good question because 0:01:11.540 --> 0:01:15.440 maritime in my opinion, and I think a lot of 0:01:15.440 --> 0:01:18.830 people in the industry, when you look at cyber security, 0:01:18.830 --> 0:01:21.530 is probably about 10 or 15 years behind the rest 0:01:21.530 --> 0:01:24.470 of the world. So there's a number of issues to 0:01:24.470 --> 0:01:27.500 look at. So when a little bit of background, Daniel, 0:01:27.500 --> 0:01:30.170 when you build a ship, that ship is usually going 0:01:30.170 --> 0:01:33.619 to be in service for 25, 30 plus years. And 0:01:33.620 --> 0:01:36.890 so the systems that are on that vessel, when it's built, 0:01:36.890 --> 0:01:39.860 you can imagine there's a there's a pretty interesting evolution 0:01:39.860 --> 0:01:42.320 of technology through the life of that ship. And you 0:01:42.319 --> 0:01:45.680 can't always replace those systems. So there are still vessels 0:01:45.680 --> 0:01:49.700 out there today that are operating with windows XP computers, 0:01:49.700 --> 0:01:52.160 because those were the systems at the time when the 0:01:52.160 --> 0:01:55.880 ships were built that are the controlling systems for the 0:01:55.880 --> 0:01:59.420 engine control systems or other vital systems on board. So 0:01:59.420 --> 0:02:01.940 there's really a number of things that you want to 0:02:01.940 --> 0:02:04.940 look at from a threat perspective on board the vessel 0:02:04.940 --> 0:02:07.880 and the legacy systems are really a big part of that. Now, 0:02:07.880 --> 0:02:10.970 the IT infrastructure on a vessel, it's much easier to 0:02:10.970 --> 0:02:13.940 upgrade that. But some of what you call the OT 0:02:13.940 --> 0:02:18.620 or the, the, the the other technology on board, um, 0:02:18.620 --> 0:02:20.630 is not as easy to upgrade. So that's one of 0:02:20.630 --> 0:02:22.880 the first things to look at with the vessel is, 0:02:22.880 --> 0:02:26.269 is what can you do to protect the the older 0:02:26.270 --> 0:02:29.510 kind of OT systems that are operating and then also 0:02:29.540 --> 0:02:33.710 the newer IT systems. And all of this has to 0:02:33.710 --> 0:02:39.440 work in an environment where there's sometimes there's no connectivity whatsoever. Um, 0:02:39.440 --> 0:02:42.620 the ships in the world will pass through regions where 0:02:42.620 --> 0:02:46.280 because of weather or other issues, they may lose connectivity 0:02:46.280 --> 0:02:48.920 for for a time period. So it's very interesting when 0:02:48.919 --> 0:02:52.459 you look at trying to apply a protection scheme to 0:02:52.460 --> 0:02:54.830 a vessel, it's very different than when you try to 0:02:54.830 --> 0:02:58.910 design that for an organization that operates on land. 0:02:59.770 --> 0:03:00.970 Yeah, that makes sense. 0:03:01.840 --> 0:03:04.690 It's interesting, Daniel, because, you know, you mentioned Baltimore before 0:03:04.690 --> 0:03:07.810 and obviously that's that's what's what's in everybody's head, right? 0:03:07.810 --> 0:03:11.020 Because of what happened recently. But Corey and I, we've 0:03:11.020 --> 0:03:15.190 been talking about this before the Baltimore incident. And we're 0:03:15.190 --> 0:03:18.010 like working on hey, you know, let's look at some 0:03:18.010 --> 0:03:21.970 threat models. I wasn't an expert. I'm not an expert 0:03:22.150 --> 0:03:25.450 in maritime security. But I was talking to to Corey 0:03:25.450 --> 0:03:28.330 well before that incident. When that incident happens, like everybody was, 0:03:28.330 --> 0:03:31.179 you know, thinking about that. But but this is something that, 0:03:31.180 --> 0:03:33.550 you know, in this case, Dryad has been working on 0:03:33.550 --> 0:03:36.670 for quite some time. And we, as you know, partners 0:03:36.670 --> 0:03:39.490 at BlackBerry, we have been looking into as well before 0:03:39.490 --> 0:03:42.250 the Baltimore incident. Right. Maybe we can talk about some 0:03:42.250 --> 0:03:45.460 other incidents that have happened before. Well, that that's. 0:03:45.460 --> 0:03:49.240 A that's an interesting one, Ishmael. Because when that incident 0:03:49.240 --> 0:03:52.480 happened on my phone started ringing off the hook because 0:03:52.480 --> 0:03:55.360 that was the first thing that most people thought is with, 0:03:55.360 --> 0:03:57.700 with the ship in Baltimore. Oh, this is a cyber 0:03:57.700 --> 0:04:01.780 attack 100%. And we find out, obviously, that it wasn't 0:04:01.780 --> 0:04:04.690 that this was more mechanical and other things that were happening, 0:04:04.690 --> 0:04:07.150 but it was just interesting that I was getting calls 0:04:07.150 --> 0:04:09.250 from people that I was not expecting to get phone 0:04:09.250 --> 0:04:13.000 calls from asking, was this a cyber incident? And at 0:04:13.000 --> 0:04:15.880 the time, the majority of the intelligence that we had 0:04:15.880 --> 0:04:18.640 was there was just not anything to indicate that it was. 0:04:18.640 --> 0:04:21.460 And then that panned out. But there's been other incidents. 0:04:21.460 --> 0:04:24.700 We know that cyber has been related. And one of 0:04:24.700 --> 0:04:28.599 the things that I find really interesting in the maritime 0:04:28.600 --> 0:04:34.060 is post accident investigation with maritime. They're they're bringing in 0:04:34.060 --> 0:04:37.000 cyber experts all the time. And and we've never seen 0:04:37.000 --> 0:04:39.849 that before. And three, four years ago if there was 0:04:39.850 --> 0:04:44.410 an incident okay. We know probably mechanical or some other issue. 0:04:44.410 --> 0:04:48.280 But now as, as kind of those post incident investigations, 0:04:48.279 --> 0:04:51.760 you're seeing the cyber component or forensic cyber experts that 0:04:51.760 --> 0:04:55.660 are now in part of those investigative teams to say, hey, 0:04:55.660 --> 0:04:59.590 was there the potential of a cyber incident? And and 0:04:59.589 --> 0:05:02.200 it exists. I mean, Ishmael and I talk about this 0:05:02.200 --> 0:05:04.780 quite a bit, but that the potential of a cyber 0:05:04.779 --> 0:05:09.580 attack in maritime, um, we're just counting basically to time as, 0:05:09.580 --> 0:05:13.029 as when it's going to happen. It's it's definitely something 0:05:13.029 --> 0:05:16.090 that we see and we continue to try to provide 0:05:16.089 --> 0:05:20.049 information to, to our clients and stakeholders on what that 0:05:20.050 --> 0:05:23.349 threat landscape looks like and how prevalent this threat is. 0:05:23.350 --> 0:05:26.020 And it gets it gets more and more prevalent every 0:05:26.020 --> 0:05:26.920 single day. 0:05:27.640 --> 0:05:30.640 Yeah. I remember seeing a long time ago, uh, some 0:05:30.640 --> 0:05:34.930 aircraft carrier and it was running Nt4 and I was like, oh, 0:05:34.930 --> 0:05:39.970 that's that's really scary. Um, so what what are the 0:05:39.970 --> 0:05:44.260 threats scenarios look like that you put together? Both of you. 0:05:44.260 --> 0:05:47.799 If you look at the actual scenarios themselves, what do 0:05:47.800 --> 0:05:50.890 they start to look like? You've got like malicious. You've 0:05:50.890 --> 0:05:53.530 got like, you tell me if I'm wrong, but you've 0:05:53.529 --> 0:05:56.770 got convincing some sailor to bring on a USB drive 0:05:56.770 --> 0:06:00.550 or something, which hopefully they would have access to. Um, 0:06:00.550 --> 0:06:03.339 ports would be limited. But we all know the world 0:06:03.339 --> 0:06:08.140 is not a perfect place, so perhaps, um, yeah, external 0:06:08.140 --> 0:06:12.729 media coming onto the ship that could possibly compromise. Um, 0:06:12.730 --> 0:06:15.310 I imagine there's a whole bunch of systems that are 0:06:15.310 --> 0:06:18.340 internet connected, and I'm sure there's supposed to be segmentation, 0:06:18.339 --> 0:06:20.980 but that's another avenue. But like, what is that threat 0:06:20.980 --> 0:06:22.240 model actually look like? 0:06:23.800 --> 0:06:27.460 That. So I think that that trying to get someone 0:06:27.460 --> 0:06:30.310 to bring a USB on board that, that that's pretty 0:06:30.310 --> 0:06:33.909 difficult to do. Most of the Mariners that that we've 0:06:33.910 --> 0:06:36.070 talked to have that basic training so they know, hey, 0:06:36.070 --> 0:06:38.530 this is I'm not going to bring this media on board. 0:06:38.529 --> 0:06:42.790 It's interesting because up until about the last three years, 0:06:42.790 --> 0:06:45.880 that's how the majority of the critical systems were updated, 0:06:45.880 --> 0:06:48.790 is the manufacturers would actually have to send a USB 0:06:48.940 --> 0:06:52.450 or a CD ROM to the vessel to update the 0:06:52.450 --> 0:06:55.419 critical navigation systems and everything. And it was we were 0:06:55.420 --> 0:06:57.820 actually just talking about this internally, and it was really 0:06:57.820 --> 0:07:00.910 funny about 3 or 4 years ago that the major 0:07:00.910 --> 0:07:04.900 navigation providers for vessels were telling people, don't connect your 0:07:04.900 --> 0:07:08.650 bridge navigation systems to the internet. If you do anything, 0:07:08.650 --> 0:07:11.200 it needs to be trusted. Our updates come out like this. 0:07:11.200 --> 0:07:14.800 It was very specific. Well, fast forward to where we 0:07:14.800 --> 0:07:19.450 are today, and all of those same bridge navigation manufacturers 0:07:19.450 --> 0:07:22.780 are telling all of their vessels they have to have 0:07:22.780 --> 0:07:26.350 their bridge navigation systems connected to the internet now, because 0:07:26.350 --> 0:07:28.360 that's how the live updates are done. And it's a 0:07:28.360 --> 0:07:31.330 much more efficient process to be able to do that. 0:07:31.330 --> 0:07:34.210 So it's interesting to see the change that's just taken 0:07:34.210 --> 0:07:36.010 place in the industry in the last 2 or 3 0:07:36.010 --> 0:07:39.820 years with now, systems that were not connected to the 0:07:39.820 --> 0:07:42.940 internet are now being connected to the internet, and not 0:07:42.940 --> 0:07:47.140 just navigation, but the engine control systems, the generator, the 0:07:47.140 --> 0:07:50.590 engines themselves. When you look at cargo vessels, the cargo 0:07:50.590 --> 0:07:53.950 handling side of it, the ballast water systems, I mean, 0:07:53.950 --> 0:07:57.580 it's it's really interesting to see the number of systems 0:07:57.580 --> 0:08:01.360 and the connectivity on vessels that was just not prevalent 0:08:01.360 --> 0:08:04.210 even 2 or 3 years ago. So you really didn't 0:08:04.210 --> 0:08:08.080 see that threat where that's why we've seen a huge 0:08:08.080 --> 0:08:11.260 jump in the exponential potential of that as just because 0:08:11.260 --> 0:08:13.510 of the number of systems on board. And the the 0:08:13.510 --> 0:08:19.330 other interesting piece is, is post-Covid shipping companies, the cruise lines, 0:08:19.330 --> 0:08:23.140 large yachts are really having a difficult time trying to 0:08:23.140 --> 0:08:28.390 get crew members on board with little or no connectivity. 0:08:28.750 --> 0:08:32.080 Shipping of the past. Again two three years ago, crew 0:08:32.080 --> 0:08:34.150 members knew that there was no connectivity or if they 0:08:34.150 --> 0:08:36.069 wanted it, they would have to pay a pretty exorbitant 0:08:36.070 --> 0:08:38.770 amount to be able to get that. Now it's becoming 0:08:38.770 --> 0:08:42.640 standard package on a lot of these vessels to have 0:08:42.640 --> 0:08:46.360 enhanced internet capabilities just for the crew. So you bring 0:08:46.360 --> 0:08:49.600 that dynamic that we didn't have a few years ago 0:08:49.600 --> 0:08:54.370 into the threat picture. So it's rapidly changing the different 0:08:54.370 --> 0:08:58.660 access points that could become vulnerabilities on board a vessel. 0:08:58.660 --> 0:09:00.820 And almost regardless of the type, whether it's a cargo 0:09:00.820 --> 0:09:02.590 ship or a cruise line or a large yacht. 0:09:03.220 --> 0:09:07.270 Yeah. The one similarity I think, I think I see 0:09:07.270 --> 0:09:13.150 is IX or, um, operational technology. It's almost like because 0:09:13.150 --> 0:09:17.080 we have been learning this lesson, albeit slowly, is securing 0:09:17.080 --> 0:09:20.469 SCADA systems, uh, which I've done a bunch of assessment 0:09:20.470 --> 0:09:24.760 work on. They were traditionally completely isolated, and then they 0:09:24.760 --> 0:09:29.309 ended up not being isolated and. More and more internet 0:09:29.309 --> 0:09:32.970 connected tech comes in and those environments are not used 0:09:32.970 --> 0:09:35.579 to that. So maybe there's some lessons we can get 0:09:35.580 --> 0:09:39.870 from that industry. I'm just skeptical that those last those 0:09:39.870 --> 0:09:43.710 lessons actually transfer. Well, they tend not to. 0:09:44.340 --> 0:09:46.770 And I was going to say even like autonomous vehicles. Right. 0:09:46.770 --> 0:09:49.350 We see the same kind of idea like vehicles that 0:09:49.350 --> 0:09:52.829 they need to be connected time, right. To receive, uh, 0:09:52.830 --> 0:09:57.720 instructions and to send telemetry to receive, you know, information. Um, 0:09:57.720 --> 0:10:01.500 but if you think about other like, older threat models. Right. 0:10:01.500 --> 0:10:06.030 We were discussing before. Uh, GPS spoofing, for example. Right. 0:10:06.030 --> 0:10:08.880 I mean, that's usually using, like, traditional technology to be 0:10:08.880 --> 0:10:12.720 able to redirect a vessel, right, to, to, to a 0:10:12.720 --> 0:10:15.840 different place, like, can that be done in this way 0:10:15.840 --> 0:10:21.120 by manipulating this, uh, this data. Right, that we're navigation 0:10:21.120 --> 0:10:25.770 data by, by maybe turning a ship, like, sideways and 0:10:25.770 --> 0:10:28.380 blocking the entrance of a port. I know that's actually 0:10:28.380 --> 0:10:32.309 a scenario, right? That has been, uh, evaluated. What could 0:10:32.309 --> 0:10:34.410 happen if a vessel enters the port of New York 0:10:34.410 --> 0:10:39.630 and then turn sideways and blocks? Uh, not accidentally. Yeah, that. 0:10:39.809 --> 0:10:42.810 Yeah, I wanted to hit on that, basically. What what 0:10:42.809 --> 0:10:46.620 are the, uh, not the threat scenarios for getting in, 0:10:46.620 --> 0:10:50.910 but what what could people do potentially, uh, to do that? 0:10:50.910 --> 0:10:55.290 One would just, I guess be. Yeah, blocking shipping actually 0:10:55.290 --> 0:10:57.420 seems like one of the worst ones. What else could 0:10:57.420 --> 0:10:58.439 you possibly do? 0:11:00.350 --> 0:11:02.630 I could take the first part of that if you 0:11:02.750 --> 0:11:06.740 want because that it's, it's this is this is really interesting. 0:11:06.740 --> 0:11:09.230 So I think there's a couple of things. Number one is, 0:11:09.230 --> 0:11:13.640 is to be able to, uh, spoof the vessel's navigation 0:11:13.640 --> 0:11:16.670 system in a tight maneuvering space, like the entrance to 0:11:16.670 --> 0:11:20.449 a canal or port. That is something that before the 0:11:20.450 --> 0:11:23.900 crews on board. These ships are very intelligent people. They 0:11:23.900 --> 0:11:26.870 are very good at their craft and what they're doing 0:11:26.870 --> 0:11:30.349 in running navigation and engine systems. But if you put 0:11:30.350 --> 0:11:34.640 them in a, in a, in a confined, um, fair way, 0:11:34.640 --> 0:11:38.180 entry point into a canal or a port, they still 0:11:38.179 --> 0:11:40.460 have to take time for their brains to process that 0:11:40.460 --> 0:11:43.160 something is wrong and then be able to react to that. 0:11:43.160 --> 0:11:45.560 And by the time that happens in a narrow channel, 0:11:45.559 --> 0:11:48.830 it's really difficult for them to counter what's happening, because 0:11:48.830 --> 0:11:52.100 as you saw in Baltimore, these very large cargo ships, 0:11:52.100 --> 0:11:55.250 even traveling at five, six, seven knots, have so much 0:11:55.250 --> 0:11:58.820 momentum that it takes a long time to stop these ships. 0:11:58.820 --> 0:12:02.480 So in in a narrow fairway, that's a really interesting scenario. 0:12:02.480 --> 0:12:05.090 One of the other scenarios that we've looked at is 0:12:05.090 --> 0:12:08.570 the actual kind of digital hijacking of the ship itself. 0:12:08.570 --> 0:12:10.640 So the ship may be in the middle of the ocean. 0:12:10.640 --> 0:12:15.860 Hackers take control of of engineering and navigation systems and 0:12:15.860 --> 0:12:18.650 block the crew out from being able to do anything, 0:12:18.650 --> 0:12:21.500 and then basically digitally hijacking the ship in the middle 0:12:21.500 --> 0:12:24.080 of the ocean, asking for a ransom payment. That is 0:12:24.080 --> 0:12:27.530 something that we really haven't seen yet, but we think 0:12:27.530 --> 0:12:30.500 that that is going to become more and more prevalent 0:12:30.500 --> 0:12:33.650 in the maritime industry as we see all of this connectivity, 0:12:33.650 --> 0:12:37.160 all of these things happening, that the prevalence of this 0:12:37.160 --> 0:12:41.030 may start to increase because you look at 90 plus 0:12:41.030 --> 0:12:43.730 percent of all the goods that we buy are on 0:12:43.730 --> 0:12:45.530 a ship at some point in your life. So that 0:12:45.530 --> 0:12:50.210 is a huge part of global GDP. So even one 0:12:50.210 --> 0:12:53.750 ship with 3 or 4000 containers, that that's a lot 0:12:53.750 --> 0:12:56.660 of value of cargo, that's that's moving in the in 0:12:56.660 --> 0:12:59.360 the ocean. And you know, don't even think about like 0:12:59.360 --> 0:13:02.449 some of the supertankers with oil on board how much 0:13:02.450 --> 0:13:05.060 those are worth. So there's a lot of value that's, 0:13:05.059 --> 0:13:08.390 that's floating around out there that that we think that this, 0:13:08.390 --> 0:13:12.380 this digital hijacking could potentially become an issue or even 0:13:12.380 --> 0:13:15.350 precede a physical attack like what we've seen in the 0:13:15.350 --> 0:13:16.850 Red sea and the Gulf of Aden. 0:13:17.480 --> 0:13:20.150 Okay. So so what does that what does that actually 0:13:20.150 --> 0:13:24.740 look like? That is basically economic disruption. And also you 0:13:24.740 --> 0:13:27.080 have to worry about the actual crew that's on board. 0:13:27.080 --> 0:13:30.859 But they would in that sense they would only be 0:13:30.860 --> 0:13:34.790 affecting the cargo that was on that one ship along 0:13:34.790 --> 0:13:37.130 with the crew. And I guess they would just be 0:13:37.130 --> 0:13:41.010 out in the ocean and say. What? We're not going 0:13:41.010 --> 0:13:42.690 to deliver the stuff. We're going to dump it in 0:13:42.690 --> 0:13:45.720 the sea, and also we're going to hurt the crew. 0:13:46.050 --> 0:13:47.610 Is that the scenario? 0:13:47.640 --> 0:13:50.280 No, not necessarily that I think the scenario is more 0:13:50.280 --> 0:13:53.400 along the lines, Daniel, of of of an attacker taking 0:13:53.400 --> 0:13:56.640 control of the ship. And these guys are financially motivated 0:13:56.640 --> 0:13:58.619 unless it's a state actor for the most part in 0:13:58.620 --> 0:14:02.820 the maritime it's 100% financial motivation. So what we would 0:14:02.820 --> 0:14:04.710 see is that they would take control of the ship 0:14:04.710 --> 0:14:07.559 and then ask the owner or management company, hey, you 0:14:07.559 --> 0:14:10.179 need to pay us 10 million Bitcoin for a 10 0:14:10.179 --> 0:14:13.020 million in Bitcoin for us to release the ship back 0:14:13.020 --> 0:14:16.380 to your control. So I don't think it's anything to 0:14:16.380 --> 0:14:19.200 potentially dump the cargo or hurt the crew. It's more 0:14:19.200 --> 0:14:21.600 along the lines of what financial gain can we get 0:14:21.600 --> 0:14:24.330 out of this very quickly and and be able to 0:14:24.330 --> 0:14:27.600 get a fairly quick payday, just like what we've seen 0:14:27.600 --> 0:14:30.120 in other industries? Hey, we've got all your data, we've 0:14:30.120 --> 0:14:33.150 got all of your your websites are down. We have 0:14:33.150 --> 0:14:34.830 all of this. In order to get it back. You're 0:14:34.830 --> 0:14:37.440 going to have to pay us so much in ransom 0:14:37.470 --> 0:14:40.620 and we'll give you your your ship back. That's kind 0:14:40.620 --> 0:14:41.970 of the scenario that's interesting. 0:14:42.090 --> 0:14:45.900 It it, uh, tripped me up because in that case, 0:14:45.900 --> 0:14:51.330 it's really stuff. And it's really people that you are 0:14:51.330 --> 0:14:56.100 ransoming which transfers to the physical world. But the attack 0:14:56.130 --> 0:15:02.940 you're talking about is actually technically ransomware in the cyber world. Sure. Yeah. Yeah, yeah. Fascinating. 0:15:03.300 --> 0:15:05.640 And just to put things into perspective, I was mentioning 0:15:05.670 --> 0:15:08.580 to Corey, uh, before that, uh, two weeks ago, I 0:15:08.580 --> 0:15:11.820 was at the Panama Canal. Right. And it was very 0:15:11.820 --> 0:15:13.770 enlightening because, you know, we have been working together on 0:15:13.770 --> 0:15:15.300 this for quite some time, and I've been doing a 0:15:15.300 --> 0:15:19.860 lot more reading on maritime transportation, maritime security. And, uh, 0:15:19.860 --> 0:15:22.350 I didn't realize, I think vessels pay like up to 0:15:22.350 --> 0:15:27.330 $1.5 million, right, to go through the, uh, the Panama Canal. 0:15:27.330 --> 0:15:29.850 And when you look at the cost of that's obviously 0:15:29.850 --> 0:15:32.220 very high, but some of these vessels, they can have 0:15:32.220 --> 0:15:36.780 up to 13,000 containers, right, Corey? Or even more. 0:15:36.780 --> 0:15:38.790 With some of the new super container ships, you could 0:15:38.790 --> 0:15:42.630 see 20,000 containers. So what's a 1 million or a 0:15:42.630 --> 0:15:46.440 $1.5 million cost divided by 13,000 is. 0:15:46.440 --> 0:15:47.340 100 bucks, right? 0:15:47.520 --> 0:15:49.740 Yeah, it's 100 bucks a container. Yeah. 0:15:49.800 --> 0:15:53.340 So we don't want obviously we don't want, uh, to give, uh, 0:15:53.340 --> 0:15:55.770 ideas right to the bad guys, but obviously they know 0:15:55.770 --> 0:16:00.450 this already. And we're talking about, uh, minimum cost per container. 0:16:00.450 --> 0:16:03.450 If somebody had to do this and something that they 0:16:03.450 --> 0:16:05.250 would probably say, you know what, let's pay it because 0:16:05.250 --> 0:16:07.560 we need to release these goods and we need to 0:16:07.590 --> 0:16:08.520 to move forward. 0:16:09.250 --> 0:16:14.990 Yeah, that. That makes sense. So are there any, uh, 0:16:15.440 --> 0:16:19.520 benchmarks here? Like you talked about? One thing with which 0:16:19.550 --> 0:16:22.190 Ismael and I might have talked about as well. When 0:16:22.190 --> 0:16:26.180 you have, like, traditional network security, you learn all these lessons. 0:16:26.180 --> 0:16:28.070 It takes a very long time for people to learn 0:16:28.070 --> 0:16:31.520 these lessons. Then you go to web security and nobody 0:16:31.520 --> 0:16:34.400 knows those lessons. So you basically need to spend another 0:16:34.400 --> 0:16:39.350 decade almost starting over because none of the knowledge transfers. 0:16:39.350 --> 0:16:43.640 But in terms of like all these different spaces, you know, web, mobile, 0:16:43.640 --> 0:16:47.359 all these other cyber spaces and I would say other 0:16:47.360 --> 0:16:50.570 industries as well. How does maritime compare? Like where would 0:16:50.570 --> 0:16:55.070 you put us on like a maturity model for maritime cybersecurity? 0:16:56.440 --> 0:16:59.170 I. I want to hear what Israel has to say, 0:16:59.170 --> 0:17:03.010 but I, I think honestly, from a cybersecurity in general, 0:17:03.010 --> 0:17:06.760 when you look at the maritime industry and specifically at vessels, 0:17:06.760 --> 0:17:09.220 is probably about 10 or 15 years behind the rest 0:17:09.220 --> 0:17:12.730 of the world, um, on this, it's just not a problem. 0:17:12.730 --> 0:17:16.600 The industry up until the last few years has really 0:17:16.600 --> 0:17:19.300 been awake to the fact that, hey, this is something 0:17:19.300 --> 0:17:21.820 that we need to look at and deal with. We 0:17:21.850 --> 0:17:25.750 we are talking to clients now that we never thought 0:17:25.750 --> 0:17:29.919 we'd be talking to about cybersecurity and protection, and people 0:17:29.920 --> 0:17:32.920 are realizing in, in the, in the global maritime industry 0:17:32.920 --> 0:17:35.770 that there's a cost to be able to do business. 0:17:35.770 --> 0:17:39.400 And now cyber protection is part of that cost. But 0:17:39.400 --> 0:17:42.220 if you look at what the costs are to mitigate, 0:17:42.220 --> 0:17:46.150 a potential issue could be 10 or 15 times what 0:17:46.150 --> 0:17:49.480 the cost is to provide some of the basic protections. 0:17:49.480 --> 0:17:52.659 So the industry, it seems like, is now really waking 0:17:52.660 --> 0:17:54.970 up to the fact that this could be a real 0:17:54.970 --> 0:17:58.630 potential threat. And the threat can be sitting almost, almost 0:17:58.630 --> 0:18:00.580 anywhere in the world. But our feeling has been that 0:18:00.580 --> 0:18:03.700 the industry is is pretty far behind the time when 0:18:03.700 --> 0:18:07.660 it comes to the type of of knowledge and protection 0:18:07.660 --> 0:18:11.050 and things that the industry is doing to employ to 0:18:11.050 --> 0:18:12.879 be able to mitigate this. Now, some people are on 0:18:12.880 --> 0:18:15.159 the other end of the spectrum. There's companies that that 0:18:15.160 --> 0:18:20.230 we've dealt with that have incredible protection and have standards 0:18:20.230 --> 0:18:22.900 that meet the rest of the world. And then there's 0:18:22.900 --> 0:18:26.320 other companies that don't even have a firewall operating on 0:18:26.320 --> 0:18:30.609 board their ships and are running old legacy systems, and 0:18:30.609 --> 0:18:33.820 networks aren't bifurcated. Some of the basic things that you know, 0:18:33.820 --> 0:18:35.890 that you would see, um. 0:18:36.580 --> 0:18:40.090 It's very interesting that it's not very different from what 0:18:40.090 --> 0:18:44.919 we see in other critical, uh, sectors. Right. And I'm thinking, uh, 0:18:44.920 --> 0:18:49.300 transportation in general or factoring where you have, uh, sometimes, 0:18:49.300 --> 0:18:51.909 you know, small companies with not a lot of employees, 0:18:51.910 --> 0:18:54.639 but they, they have a, you know, really high revenue 0:18:54.640 --> 0:18:57.340 and they're being ransomed on a regular basis or they're 0:18:57.340 --> 0:19:00.850 being targeted by, uh, threat actors. Um, you know, we've 0:19:00.850 --> 0:19:06.609 been looking at, uh, typhoon activity recently, uh, as probably know, 0:19:06.609 --> 0:19:10.270 an actor related to, uh, you know, China and how 0:19:10.270 --> 0:19:13.450 they're very interested in, in critical infrastructure, especially in the US, 0:19:13.450 --> 0:19:16.389 like Cisa has been reporting about this, uh, in the 0:19:16.390 --> 0:19:18.850 last few months. And we see on a regular basis, 0:19:18.850 --> 0:19:22.990 on a daily basis, activity coming from full typhoon targeting, um, 0:19:22.990 --> 0:19:28.030 some of these critical sectors. So legacy systems, right. The interest, 0:19:28.030 --> 0:19:31.150 the geopolitical interest from threat actors, that makes an interesting cocktail. 0:19:31.150 --> 0:19:33.550 And if you add to that, that there is a 0:19:33.550 --> 0:19:37.270 lot of cybersecurity solutions today that they were not designed 0:19:37.300 --> 0:19:41.350 for these type of infrastructure. Corey touched on this before, uh, 0:19:41.350 --> 0:19:43.240 these ships, these vessels that are in the middle of 0:19:43.240 --> 0:19:46.210 the ocean with as they have connectivity. Right? But it's 0:19:46.210 --> 0:19:50.800 GPS connectivity, low bandwidth, a lot of these security solutions, 0:19:50.800 --> 0:19:54.010 endpoint solutions, for example, they they rely on having a 0:19:54.010 --> 0:19:57.400 lot of, uh, a persistent connection, uh, where they can 0:19:57.400 --> 0:19:59.530 send a lot of data out and then do all, 0:19:59.530 --> 0:20:01.540 all of the analytics in the cloud and all of 0:20:01.540 --> 0:20:05.320 the AI, all the fancy stuff that doesn't always work 0:20:05.320 --> 0:20:08.409 when a system that it's an older OS and doesn't 0:20:08.410 --> 0:20:11.740 have that, uh, high bandwidth. So that that adds up 0:20:12.070 --> 0:20:13.149 to the challenge. 0:20:13.510 --> 0:20:17.500 Yeah. Interesting. And I think, Corey, you mentioned that this 0:20:17.500 --> 0:20:19.240 is going to happen more in the future and that 0:20:19.240 --> 0:20:21.910 it's even happening in the past, or at least it's 0:20:21.910 --> 0:20:24.310 been tested. But what are some of those other things 0:20:24.310 --> 0:20:25.390 that have already happened? 0:20:26.160 --> 0:20:29.250 So there's one thing that that pops out in my 0:20:29.250 --> 0:20:33.990 mind is there was back in 2013, there was an 0:20:33.990 --> 0:20:38.520 attack on an oil rig where the attackers gained access 0:20:38.520 --> 0:20:41.130 to the navigation system on an oil rig. As you know, 0:20:41.130 --> 0:20:43.890 a lot of oil rigs are floating platforms, and there 0:20:43.890 --> 0:20:47.070 is navigation where they move to stay in a particular spot, 0:20:47.070 --> 0:20:51.629 and the attackers actually gained access remotely to the navigation 0:20:51.630 --> 0:20:55.199 system and pulled the oil rig basically off station and 0:20:55.200 --> 0:20:57.060 was shut down, I think, for 2 or 3 months. 0:20:57.060 --> 0:21:00.389 That was really one of the very first cases that 0:21:00.390 --> 0:21:04.380 that we really saw where there was interference directly within 0:21:04.380 --> 0:21:08.639 a navigation system of a vessel. And this was 2013. Um, 0:21:08.640 --> 0:21:11.220 there was a case, I believe, within the last month 0:21:11.220 --> 0:21:14.219 that our Intel teams were looking at as there was 0:21:14.220 --> 0:21:18.899 a vessel in the Persian Gulf that had navigation system interference. Um, 0:21:18.900 --> 0:21:22.440 and we're seeing along with that, not just the potential 0:21:22.440 --> 0:21:24.780 of interference with the nav system on board, but one 0:21:24.780 --> 0:21:27.930 of the things that Ishmael had mentioned was the GPS spoofing. 0:21:27.930 --> 0:21:32.760 It's very easy to spoof the Global Positioning System, maybe 0:21:32.760 --> 0:21:37.290 not necessarily to get into the satellite side, but local spoofing. 0:21:37.290 --> 0:21:40.530 You can spend about 30 minutes on the internet, get 0:21:40.530 --> 0:21:43.650 a few hundred dollars in equipment, and you can fairly 0:21:43.650 --> 0:21:49.800 easily locally spoof, uh, GPS. So it's interesting the also, 0:21:49.800 --> 0:21:53.400 some of the inherent insecurity in some of the way 0:21:53.400 --> 0:21:57.389 the maritime systems are designed is much different than, than 0:21:57.390 --> 0:22:01.560 other industries. The, the International Maritime Organization or we refer 0:22:01.560 --> 0:22:05.310 to the IMO. The standards are set by the IMO 0:22:05.310 --> 0:22:10.140 and then are pushed into all of the the signatory countries. 0:22:10.140 --> 0:22:12.450 So you have to imagine that you have to get 0:22:12.450 --> 0:22:17.460 basically 190 countries to agree on a particular standard when 0:22:17.460 --> 0:22:20.280 it comes to how something is going to work. And, 0:22:20.280 --> 0:22:22.830 and some of those countries are good guy countries and 0:22:22.830 --> 0:22:26.129 others are bad guy countries. So yeah, it's it's interesting 0:22:26.160 --> 0:22:30.690 to see how this standard works that that may not have, um, 0:22:30.960 --> 0:22:34.320 be similar to like the financial industry or health care 0:22:34.320 --> 0:22:36.870 where the US can set its own standard and the 0:22:36.869 --> 0:22:39.300 UK and the EU and there's all these standards where 0:22:39.300 --> 0:22:43.560 shipping it's a pretty similar standard. So this whole global 0:22:43.560 --> 0:22:46.050 industry is able to work together. 0:22:46.920 --> 0:22:51.699 You know, what I find interesting is, uh. There's a 0:22:51.700 --> 0:22:55.239 corollary with local crime. So there's a thing in the 0:22:55.240 --> 0:23:01.240 Bay area here with people stealing catalytic converters. Um, and 0:23:01.240 --> 0:23:06.460 it's what's interesting is it, um, wasn't really a big thing. 0:23:06.460 --> 0:23:11.149 And once it became a thing. Obviously within the criminal community. 0:23:11.150 --> 0:23:15.020 It just started happening and everybody it it became like 0:23:15.020 --> 0:23:19.100 a viral spread of a meme of like, this is 0:23:19.100 --> 0:23:21.680 a way to make money. And all of a sudden 0:23:21.680 --> 0:23:24.139 a bunch of criminals started doing it. So your, your 0:23:24.140 --> 0:23:26.750 car was literally at threat. And I wonder if there 0:23:26.750 --> 0:23:30.080 was a similarity here where if criminals realize, hey, wait 0:23:30.080 --> 0:23:33.650 a minute, there's actually lots of money there. Wow. Think 0:23:33.650 --> 0:23:39.080 about how much money they have available or how important 0:23:39.080 --> 0:23:41.840 it is for them to deliver their cargo. Therefore, they 0:23:41.840 --> 0:23:44.540 will pay this much ransom. It's the type of thing 0:23:44.540 --> 0:23:47.450 where the spotlight shines on something interesting for the whole 0:23:47.450 --> 0:23:50.540 criminal community. And they're very smart and they're very synchronized, 0:23:50.540 --> 0:23:52.490 and then they just start going there. Do you think 0:23:52.490 --> 0:23:57.280 this could become like. Similar to ransomware. In the past, 0:23:57.280 --> 0:23:59.620 it wasn't being done and all of a sudden it was. 0:23:59.920 --> 0:24:02.949 Could it really jump in incidents, do you think because 0:24:02.950 --> 0:24:03.609 of that? 0:24:05.410 --> 0:24:07.300 I was actually discussing this with Corey, you know, a 0:24:07.300 --> 0:24:10.090 few weeks ago as well. We were, um, discussing like, 0:24:10.090 --> 0:24:13.270 global trends in I think it's just a matter of, 0:24:13.270 --> 0:24:17.410 of time. And sometimes it may actually be happening today, 0:24:17.410 --> 0:24:19.419 but we don't have the visibility because of the reasons 0:24:19.420 --> 0:24:22.420 we mentioned before, because they don't have the solutions in place. 0:24:22.420 --> 0:24:25.540 And we may as we get more visibility into these, 0:24:25.540 --> 0:24:28.420 we may say, oh, so these systems have been maybe 0:24:28.420 --> 0:24:31.510 compromised for, for quite some time. And it's just that 0:24:31.510 --> 0:24:35.169 it doesn't have it doesn't have that impact yet. Uh, 0:24:35.170 --> 0:24:38.919 but for example, if you look at the availability of 0:24:38.920 --> 0:24:42.340 a lot of these tools, uh, many of the weapons 0:24:42.340 --> 0:24:45.400 that we see, uh, being used by attackers today are 0:24:45.400 --> 0:24:50.560 open source. Right? And X werm a sink rat. Um, 0:24:50.560 --> 0:24:55.000 I don't know you black matter. There's a lot of rats, right? 0:24:55.000 --> 0:24:57.550 Remote access tools out there that we see being used 0:24:57.550 --> 0:25:01.119 by cyber criminals worldwide, and they're just open source tools. 0:25:01.119 --> 0:25:05.230 We just didn't have that much availability of those tools before. So. 0:25:05.230 --> 0:25:07.359 So absolutely. I think it's a matter of time. It 0:25:07.359 --> 0:25:10.090 might be actually happening, but we may not just see it. 0:25:10.869 --> 0:25:13.600 I would I would agree and I, I think to 0:25:13.600 --> 0:25:16.450 that to Ishmael's point, I think it is happening. We're 0:25:16.450 --> 0:25:21.190 starting to see more and more of of things happening 0:25:21.190 --> 0:25:24.310 on vessels that you kind of scratch your head and 0:25:24.310 --> 0:25:27.790 say that's a cyber incident. And the other thing that 0:25:27.790 --> 0:25:31.840 the industry does a very bad job of is sharing information, 0:25:31.840 --> 0:25:36.460 unless it's required by some government organization like the SEC 0:25:36.460 --> 0:25:40.180 here in the United States, you're not going to have, um, 0:25:40.180 --> 0:25:44.109 companies sharing information on how they were attacked. It's just 0:25:44.109 --> 0:25:47.800 it's really interesting to see that where in other interesting 0:25:47.830 --> 0:25:50.950 industries you do have that information sharing, but we just 0:25:50.950 --> 0:25:54.399 don't have it in the maritime industry. Eventually, I think 0:25:54.400 --> 0:25:57.399 the industry is going to get there because that spotlight 0:25:57.400 --> 0:26:01.180 is moving slowly on to this industry. But we kind 0:26:01.180 --> 0:26:04.570 of feel from the interactions that that we're having in 0:26:04.570 --> 0:26:09.340 the industry that this is happening more and more than 0:26:09.340 --> 0:26:11.950 a number of companies are willing to admit. 0:26:12.400 --> 0:26:15.820 Um, so do you have a list of these, by 0:26:15.820 --> 0:26:18.460 any chance? Uh, if not, you should start a GitHub. 0:26:18.460 --> 0:26:21.700 I'm like, all into this, uh, starting a public repo 0:26:21.700 --> 0:26:25.390 right now for different things. So it would be nice. 0:26:25.390 --> 0:26:28.570 You don't have to mark it as like, definitely. But 0:26:28.570 --> 0:26:31.659 if it's unknown and it looks fishy to you, like 0:26:31.660 --> 0:26:33.639 you're going to have like the best knows in the 0:26:33.640 --> 0:26:37.899 industry for smelling this out. Uh, especially you two combined. 0:26:37.900 --> 0:26:40.750 So what if there was a GitHub repo and it was, like, 0:26:40.750 --> 0:26:44.320 possible cyber related maritime, and then you could have at 0:26:44.320 --> 0:26:48.410 the table, confirmed or not. That would be super useful. 0:26:48.410 --> 0:26:50.840 It would be like the best source anywhere. 0:26:51.600 --> 0:26:54.120 It. It would it would be interesting to do. We 0:26:54.119 --> 0:26:56.399 would just have to figure out from our all of 0:26:56.400 --> 0:26:59.970 our nondisclosure legal agreements and protect our clients of, of 0:26:59.970 --> 0:27:02.159 that type of information. But to to give you an 0:27:02.160 --> 0:27:04.590 example we thought was really interesting is we were working 0:27:04.590 --> 0:27:07.619 with a client and we were on board their vessel 0:27:07.619 --> 0:27:10.860 and they were they were doing some repair work. So 0:27:10.859 --> 0:27:13.919 so we were talking to them about some of our solutions, 0:27:13.920 --> 0:27:15.929 and they, they mentioned to us that they had to 0:27:15.930 --> 0:27:19.740 replace all of their bridge navigation hardware. That's really unusual 0:27:19.770 --> 0:27:21.750 because it was not that old. So we asked them 0:27:21.750 --> 0:27:23.850 and they said, well, we don't know what happened. There 0:27:23.850 --> 0:27:26.669 was some issue and the computer systems are corrupt and 0:27:26.670 --> 0:27:28.950 they're not working. And we just kind of walked away 0:27:28.950 --> 0:27:32.070 from that laughing, saying, yeah, you guys were the oh, 0:27:32.070 --> 0:27:34.409 you guys were the were the victims of a direct 0:27:34.410 --> 0:27:38.280 cyber attack. And now they're replacing hundreds of thousands, if 0:27:38.280 --> 0:27:42.960 not millions of dollars in navigation hardware because it's rendered completely, 0:27:42.960 --> 0:27:47.459 completely useless. And that's that's a story that we're seeing, um, 0:27:47.460 --> 0:27:52.260 more and more often, um, that there's issues and computer 0:27:52.260 --> 0:27:55.770 systems have to physically be replaced. It's I mean, that's 0:27:55.770 --> 0:27:58.050 if you look at Maersk, that's basically what happened is 0:27:58.050 --> 0:28:00.989 every system in Maersk, for the most part had to 0:28:00.990 --> 0:28:04.740 be replaced. That that's just an interesting. And that wasn't 0:28:04.740 --> 0:28:07.260 even an a direct attack on the company Maersk that 0:28:07.260 --> 0:28:09.930 came in through, I think it was a third party 0:28:09.930 --> 0:28:13.440 accounting software provider that they were using that the attack 0:28:13.440 --> 0:28:17.310 then launched into the entire Maersk system. But there was 0:28:17.310 --> 0:28:20.430 there was a huge replacement cost for them to replace 0:28:20.430 --> 0:28:23.640 systems that were were affected by that. And we're we're 0:28:23.640 --> 0:28:28.290 starting to see that some, some more often in, in maritime. 0:28:28.590 --> 0:28:31.379 Yeah. We have been talking about cargo ships right here. 0:28:31.380 --> 0:28:35.280 But but maritime security, it's also about cruises. It's also 0:28:35.280 --> 0:28:36.270 about oh. 0:28:36.270 --> 0:28:37.590 Yeah that's a good point. 0:28:37.680 --> 0:28:42.510 Think about right. So think about, uh, you know, uh, VIP, uh, folks, 0:28:42.510 --> 0:28:47.250 executives maybe, you know, um, being targeted by some of these, uh, 0:28:47.250 --> 0:28:50.610 threat actors or just large cruises, right. 0:28:50.970 --> 0:28:53.310 Uh, or if you look at that VIP side, Ishmael, 0:28:53.310 --> 0:28:56.760 the large yachts, I mean, that's your top. You take 0:28:56.760 --> 0:29:00.480 your top 50 wealthiest people in the world, and a 0:29:00.480 --> 0:29:03.810 lot of them have their own large yacht. And it's 0:29:03.810 --> 0:29:07.410 interesting that some of these yachts do very well on 0:29:07.410 --> 0:29:11.190 protecting the vessel from a cyber perspective. And other large 0:29:11.190 --> 0:29:14.850 yachts are just absolutely head in the sand, horrible when 0:29:14.850 --> 0:29:17.730 it comes to that. But you have some of these 0:29:17.730 --> 0:29:19.860 wealthiest people in the world that are on board their 0:29:19.860 --> 0:29:23.910 yacht actually conducting business with their companies and, and all 0:29:23.910 --> 0:29:26.760 of these things that are, that are happening. And then 0:29:26.850 --> 0:29:29.280 also to your point, you look at at cruise ships, 0:29:29.280 --> 0:29:31.110 there was a there was a cruise ship, and I 0:29:31.110 --> 0:29:34.830 won't say which one, but one of our, our tech 0:29:34.830 --> 0:29:39.120 people was on board doing something, and he found that 0:29:39.120 --> 0:29:43.050 he was very easily able to pivot from the guest 0:29:43.050 --> 0:29:47.670 network into the bridge operations network with without really doing 0:29:47.670 --> 0:29:50.550 anything at all. And I'm like, oh, there's a red flag. 0:29:50.550 --> 0:29:52.710 We let them know, hey, you may want to look 0:29:52.710 --> 0:29:54.360 at that, but even some of the stuff that you 0:29:54.360 --> 0:29:57.600 would think like some of the basic IT protections in place, 0:29:57.600 --> 0:30:01.350 sometimes people don't seem to think about that. Like we 0:30:01.350 --> 0:30:04.380 recommend to our clients, like, hey, your crew network on 0:30:04.380 --> 0:30:07.380 board your cargo ship or your large yacht that shouldn't 0:30:07.380 --> 0:30:09.810 be connected to any critical system. We call it the 0:30:09.810 --> 0:30:12.660 Wild West. Let them do whatever they want. If they 0:30:12.660 --> 0:30:16.380 give each other viruses and it shuts down their systems phones, 0:30:16.380 --> 0:30:19.410 who cares? But that keep that bifurcated and everything that 0:30:19.410 --> 0:30:23.070 operates on the critical networks, that needs endpoint protection, that 0:30:23.070 --> 0:30:25.620 needs to be behind the firewall, those need to be 0:30:25.620 --> 0:30:29.310 protected and bifurcated. Uh, pretty well. But a lot of 0:30:29.310 --> 0:30:31.770 times you just don't you don't see that. And, and 0:30:31.770 --> 0:30:35.580 the crews are the ones, unfortunately, are bringing the viruses on, 0:30:35.580 --> 0:30:38.610 whether it's through social media or other sites or, or 0:30:38.610 --> 0:30:42.360 other things that are happening, just like in a financial institution, 0:30:42.360 --> 0:30:44.550 it's the people who are on their computers and jump 0:30:44.550 --> 0:30:47.880 on to a social media site or download something that 0:30:47.880 --> 0:30:50.250 they think is benign. And all of a sudden you've launched, 0:30:50.250 --> 0:30:51.750 you've launched an attack. 0:30:52.670 --> 0:30:56.000 Segmentation, right. You talked about that before, like how, you know, 0:30:56.000 --> 0:30:59.780 we keep, uh, bumping into the same problem, the same, uh, 0:30:59.780 --> 0:31:01.010 back to the basics. 0:31:01.190 --> 0:31:05.660 Yeah. Every time. Relearn the fundamentals. Yeah. What happens with, uh, 0:31:05.660 --> 0:31:10.340 autonomous or aren't a lot of people talking about autonomous vessels? 0:31:11.560 --> 0:31:14.980 So that that that's very interesting is, is there are 0:31:14.980 --> 0:31:18.340 some autonomous vessels that are operating, um, in parts of 0:31:18.340 --> 0:31:21.430 the world. And I know, um, that there are a 0:31:21.430 --> 0:31:23.890 number of governments that are looking at the use of 0:31:23.890 --> 0:31:27.910 autonomous vessels to be able to move people and cargo 0:31:27.910 --> 0:31:32.110 from vessels at anchor into shore, potentially much quicker and 0:31:32.110 --> 0:31:35.470 more efficiently than trying to have berthing space for, for 0:31:35.470 --> 0:31:37.600 all of these vessels. So there's a lot of look 0:31:37.600 --> 0:31:40.900 at being able to use autonomous vessels. Now, the nice 0:31:40.900 --> 0:31:44.890 thing about that is, is there's some really good tools 0:31:44.890 --> 0:31:48.610 that are available to protect that communication link from the 0:31:48.610 --> 0:31:51.580 shore to the autonomous vessel, and then tools for on 0:31:51.580 --> 0:31:54.550 board and and realistically, for the most part, you don't 0:31:54.550 --> 0:31:57.880 need to have a crew network on board those vessels. 0:31:57.880 --> 0:32:01.060 It's all internal operation to that vessel because it's a 0:32:01.060 --> 0:32:05.500 quick trip from the Anchorage in and and so but 0:32:05.500 --> 0:32:09.580 that does add a very interesting mix. Um, when you 0:32:09.580 --> 0:32:12.610 look at the cyber protection piece, especially as you start 0:32:12.610 --> 0:32:15.880 to get what I'd call the over the horizon autonomous vessels, 0:32:15.880 --> 0:32:18.820 these are vessels that are, that are not going, you know, 0:32:18.820 --> 0:32:22.060 ten or 20 or 30 nautical miles, but hundreds of 0:32:22.060 --> 0:32:26.320 nautical miles. And now you're moving communication potentially from a 0:32:26.320 --> 0:32:29.980 point to point network into the satellite network. So that 0:32:29.980 --> 0:32:34.030 opens up other potential vulnerabilities as, as you start to 0:32:34.030 --> 0:32:37.690 get into this and and especially with, with vessels, I mean, 0:32:37.690 --> 0:32:39.850 there's there's a lot of things that you would need 0:32:39.850 --> 0:32:43.750 to do to, to protect a vessel, um, from the 0:32:43.750 --> 0:32:47.410 autonomous standpoint, because all the navigation control is controlled by 0:32:47.410 --> 0:32:51.790 a computer in some operations center somewhere on shore. So it's. Yeah, 0:32:51.790 --> 0:32:54.730 that's going to be very interesting as, as these autonomous 0:32:54.730 --> 0:32:57.670 vessels in the next 5 or 10 years start to 0:32:57.670 --> 0:33:01.780 become more prevalent, prevalent in the industry. 0:33:02.140 --> 0:33:06.760 Yeah. And how how are people actually going to get better? 0:33:06.760 --> 0:33:09.010 Like where where are they going to learn this stuff 0:33:09.010 --> 0:33:12.070 from like, and how is threat Intel actually going to 0:33:12.070 --> 0:33:14.500 help them do that. Like do you see more coverage 0:33:14.500 --> 0:33:17.740 of threat Intel stuff? Is smile moving to this area 0:33:17.740 --> 0:33:22.330 like more interest from the industry? Um, and for for 0:33:22.330 --> 0:33:26.410 the actual customers themselves or the operators themselves. Where are 0:33:26.410 --> 0:33:28.540 they going to go? Because it doesn't seem like there's 0:33:28.540 --> 0:33:31.660 many cyber maritime resources out there. 0:33:32.580 --> 0:33:34.260 Well, that's a very good question. And I have to 0:33:34.260 --> 0:33:37.410 say that, you know, I didn't um, I wasn't very 0:33:37.650 --> 0:33:40.260 knowledgeable on this on this field before. I don't think 0:33:40.260 --> 0:33:42.570 I'm not, you know, very knowledgeable or an expert right now. 0:33:42.570 --> 0:33:46.020 But obviously since, uh, we've been working, uh, closer with, uh, 0:33:46.020 --> 0:33:50.910 Quarry and Dryad security, uh, their team, we've been we've 0:33:50.910 --> 0:33:54.780 been learning more about this, this industry and how, um, like, 0:33:54.780 --> 0:33:57.510 every industry has something in particular. Right? I think we 0:33:57.510 --> 0:34:00.060 have talked about this before, how threat intelligence is so 0:34:00.060 --> 0:34:03.540 related to the geopolitics and what we see in each region, 0:34:03.540 --> 0:34:05.880 how it's a specific to that, what we see, for example, 0:34:05.880 --> 0:34:09.810 in the Suez Canal. Right. It's very specific to to that, 0:34:09.810 --> 0:34:14.670 to that geopolitical situation right there. Um, and that transfer 0:34:14.670 --> 0:34:19.320 to absolutely everything. So hopefully by doing sessions like this, 0:34:19.320 --> 0:34:21.810 like your podcast. Thanks for having us. Uh, Daniel. Right. 0:34:21.810 --> 0:34:25.440 We can we can create more awareness on these issues, 0:34:25.440 --> 0:34:28.530 but definitely, uh, you know, Dryad is, uh, a company 0:34:28.530 --> 0:34:30.480 that is doing a lot of, uh, work on, on 0:34:30.480 --> 0:34:34.049 these with, uh, Corey leading that. And we as a 0:34:34.050 --> 0:34:37.620 technology provider, we're very happy to, to empower them to 0:34:37.620 --> 0:34:40.860 be able to provide these, uh, security, uh, protection and 0:34:40.860 --> 0:34:44.670 security services, including the threat intelligence. Right. Because, you know, 0:34:44.670 --> 0:34:46.830 correct me if I'm if I'm wrong, Corey. But you 0:34:46.830 --> 0:34:50.730 you guys have a lot of experience sharing, uh, you know, 0:34:50.730 --> 0:34:55.680 not just cyber security intelligence, but traditional threat Intel to, uh, 0:34:55.680 --> 0:34:59.160 to these, uh, vessels and these cruises. And cyber security 0:34:59.160 --> 0:35:02.100 is just one more aspect, right, of that, um, of 0:35:02.100 --> 0:35:05.130 that type of communication that you provide to your customers. 0:35:05.460 --> 0:35:09.990 So hopefully organizations are getting a lot more, um, aware 0:35:09.989 --> 0:35:10.410 of this. 0:35:10.410 --> 0:35:14.670 That's good. So is there any reason for optimism, like 0:35:14.670 --> 0:35:18.750 is there any, uh, positive side to this? Corey looking forward. 0:35:19.590 --> 0:35:24.029 I think there is. And and as we, we work to, 0:35:24.060 --> 0:35:27.360 to really try to educate the industry and and it's 0:35:27.360 --> 0:35:29.609 not just Dryad and the people here. I mean, we're 0:35:29.610 --> 0:35:32.790 working with with Ishmael and his team at BlackBerry, but 0:35:32.790 --> 0:35:36.359 also just other companies is if we start to share 0:35:36.360 --> 0:35:40.200 information and intelligence across the industry, it helps the entire 0:35:40.200 --> 0:35:42.780 industry be protected. And I think we're going to start 0:35:42.780 --> 0:35:46.049 to slowly see that shift where people are going to 0:35:46.050 --> 0:35:49.410 be willing to share that information and intelligence back and 0:35:49.410 --> 0:35:52.170 forth with each other to get an idea. Hey, we 0:35:52.170 --> 0:35:54.509 saw this, and that confirms what you guys said over 0:35:54.510 --> 0:35:58.050 here or whatever that may be. As we're seeing, information 0:35:58.050 --> 0:36:01.410 sharing really is the key to how protection is done 0:36:01.410 --> 0:36:04.620 in the government and in the health care industry and 0:36:04.620 --> 0:36:07.740 financial and critical infrastructure. And I think we're going to 0:36:07.739 --> 0:36:10.830 see that here. The maritime industry is is kind of 0:36:10.830 --> 0:36:13.530 at just the dawn of waking up to we really 0:36:13.530 --> 0:36:15.900 need to start to look at this problem. And as 0:36:15.900 --> 0:36:19.170 this evolves, this is going to evolve in the maritime industry, 0:36:19.170 --> 0:36:21.630 much different, I think, than it has in other industries. 0:36:21.630 --> 0:36:25.920 Just because technology is evolving so rapidly and we're seeing 0:36:25.920 --> 0:36:27.930 in the next few years we're going to see really, 0:36:27.930 --> 0:36:32.790 I think AI integrated into some of these solutions that 0:36:32.790 --> 0:36:36.540 is going to help this industry really advance the level 0:36:36.540 --> 0:36:41.190 of of protection. So I'm pretty optimistic. This industry, um, 0:36:41.190 --> 0:36:46.710 is is built on a ton of very, very intelligent people, um, 0:36:46.710 --> 0:36:49.830 who are very concerned about this. So it's good to 0:36:49.830 --> 0:36:53.160 see the industry waking up. And, and I'm pretty optimistic 0:36:53.160 --> 0:36:54.840 that I think this is going to be an issue 0:36:54.840 --> 0:36:56.939 from an industry perspective that we're going to be able 0:36:56.940 --> 0:37:00.750 to solve. I've been it was funny, my first cybersecurity 0:37:00.750 --> 0:37:02.940 seminar that I ever did in the maritime industry, I 0:37:02.940 --> 0:37:07.950 think was back in 2013 or 2014, and ten people 0:37:07.950 --> 0:37:10.500 showed up, and it was exciting just to have ten 0:37:10.500 --> 0:37:13.350 people in the room in maritime who are like, hey, 0:37:13.350 --> 0:37:16.680 what's this cyber thing? So you think back to 2013, 0:37:16.680 --> 0:37:21.180 2014 now when I, when I am part of these presentations, 0:37:21.180 --> 0:37:24.060 you get hundreds of people in the room and the 0:37:24.060 --> 0:37:27.030 webinars that that we do, and we have a number 0:37:27.030 --> 0:37:29.730 of them planned and not just us, but other cyber 0:37:29.730 --> 0:37:32.610 companies in the maritime industry. You're not getting 10 or 0:37:32.610 --> 0:37:35.550 20 people. You're getting hundreds of people around the globe 0:37:35.550 --> 0:37:38.310 signing up. We've had people reach out to us after 0:37:38.310 --> 0:37:40.620 our last webinar we did just a couple of weeks 0:37:40.620 --> 0:37:43.230 ago with BlackBerry as, hey, could you do a webinar 0:37:43.230 --> 0:37:47.310 specifically on on the threat intelligence for this and what's 0:37:47.310 --> 0:37:51.060 happening in this sector of the industry? So we're already 0:37:51.060 --> 0:37:53.640 seeing a sea change, you know, pardon the pun, but 0:37:53.640 --> 0:37:56.880 a sea change of people in the industry kind of 0:37:56.880 --> 0:38:00.509 waking up to this fact of like, oh, okay. And 0:38:00.510 --> 0:38:02.939 it's just but I but I laugh as like those 0:38:02.940 --> 0:38:06.060 ten people, hey, they got 100% of me. And if 0:38:06.060 --> 0:38:08.430 2 or 300 people show up, they get 100%. But 0:38:08.430 --> 0:38:10.920 it's just it's really cool to see that people are 0:38:10.920 --> 0:38:14.880 really waking up to that and now want the information. And, 0:38:14.880 --> 0:38:17.550 and so we're doing with BlackBerry to work on that, 0:38:17.550 --> 0:38:19.710 to be able to say, hey, we may see this 0:38:19.710 --> 0:38:24.299 potential threat in government or in the financial or health care, 0:38:24.300 --> 0:38:27.390 but that threat is going to very quickly, in some form, 0:38:27.390 --> 0:38:31.020 probably move into maritime. So we almost have the ability 0:38:31.020 --> 0:38:34.020 to look into the future, to say, okay, what's happening 0:38:34.020 --> 0:38:36.810 in some of these other sectors that we think has 0:38:36.810 --> 0:38:41.040 a really good potential to then migrate into the maritime space. 0:38:41.130 --> 0:38:44.250 Yeah. Well, that makes sense. And speaking of that information, 0:38:44.250 --> 0:38:46.830 you you mentioned a webinar. We're going to get all 0:38:46.830 --> 0:38:50.009 the links for the description in the video. But uh, 0:38:50.010 --> 0:38:53.850 you're talking about a webinar you did with a University 0:38:53.850 --> 0:38:57.989 of Plymouth, I think. Yeah, yeah. And then um, there's 0:38:57.989 --> 0:39:00.570 also a threat report that came out. Right. Ismail. 0:39:00.989 --> 0:39:04.170 Yep. The threat report with the global trends. And we 0:39:04.170 --> 0:39:07.230 were sharing, you know, these statistics with, uh, with Dryad 0:39:07.230 --> 0:39:09.690 Global as well. And it's very interesting because we kind 0:39:09.690 --> 0:39:12.930 of see like that correlation, right with what what's happening 0:39:12.930 --> 0:39:14.760 in maritime security as well. 0:39:16.000 --> 0:39:21.910 Yeah, it seems like I could help. Maybe be like 0:39:21.910 --> 0:39:25.270 a buffer to hopefully speed up adoption. Because the thing 0:39:25.270 --> 0:39:27.190 I like the most about AI is the fact that 0:39:27.190 --> 0:39:30.279 it never sleeps. So if you have an agent that 0:39:30.280 --> 0:39:34.600 could watch and just sort of help, maybe monitor or 0:39:34.810 --> 0:39:39.250 pay attention to the cybersecurity of the ship, that would 0:39:39.250 --> 0:39:42.759 be nice. Like like a crew member that doesn't sleep. 0:39:42.790 --> 0:39:45.940 That's one possible avenue. But, um, yeah, this is great. 0:39:45.940 --> 0:39:46.839 I definitely we don't. 0:39:46.840 --> 0:39:49.359 We don't sleep. Daniel. I mean, we're we're that's true 0:39:49.360 --> 0:39:51.340 all all the time. We're in we're in separate time 0:39:51.340 --> 0:39:53.830 zones now. So, you know, it's it's my turn to 0:39:53.830 --> 0:39:55.630 take the proverbial watch here. 0:39:56.110 --> 0:39:58.779 It's it's hard to scale, though. You got to be 0:39:58.780 --> 0:40:00.489 on a lot of boats. Got to be on a 0:40:00.489 --> 0:40:02.830 lot of boats. Well, this is, uh, great info. I'm 0:40:02.830 --> 0:40:05.560 going to put all the, uh, stuff in the video 0:40:05.560 --> 0:40:08.620 description as well. And it was, uh, great getting an 0:40:08.620 --> 0:40:10.810 education on this. Really appreciate the time. 0:40:11.560 --> 0:40:13.480 Thank you very much, Daniel. It's great to be on. 0:40:13.480 --> 0:40:14.110 Thank you. 0:40:14.140 --> 0:40:15.069 All right. Take care.