Pen Testing Ships

Partially driven by the upcoming inclusion of Cyber Security by the IMO (International Maritime Organisation), 2019 was a really busy year for maritime security testing at PTP. What can we all learn from a year of evaluating the security of ships? We’ve been involved in all sorts of ship testing, here are a few examples: What are the common (in)security themes we keep finding?

There is a distinct lack of understanding and interaction between IT and OT installers/engineers on board and in the yard. The OT systems are often accessible from the IT systems and vice versa, often through deliberate bypass of security features by those on board, or through poor design / poor password management / weak patch management.

Source: pentestpartners.com