Brister i IT-säkerhet inom svensk sjöfart? : En kvalitativ undersökning om IT-säkerhet på svenska fartyg

Gustafsson, Daniel, Hamid, Mohammadi

January 2017

Vissa typer av cyberattacker har ökat kraftig mellan åren 2015 och 2016, detta uppmärksammas både i land och till sjöss. Med tanke på sjöfartens unika situation är det av intresse att undersöka hur rederier har valt att skydda sig mot cyberattacker. Fyra rederier har intervjuats angående IT-säkerheten på deras fartyg. Resultatet av intervjuerna har sedan ställts mot IMOs riktlinjer släppta år 2016 för att undersöka ifall det finns brister i IT-säkerheten på svenska fartyg. Resultatet visar att det finns brister på flera av rederierna som intervjuats framförallt i form av utbildning av personal. Resultatet visar också att det finns klara kontraster mellan mindre rederier och större rederier, där de mindre rederierna har färre åtgärder på plats medans de större rederierna har fler för att förhindra eller hantera en IT-attack. / Certain types of cyber attacks have increased between 2015 and 2016, this is acknowledged both on land in the shipping sector. Given the unique situation of shipping, it is of interest to investigate how shipping companies have chosen to protect themselves from cyberattacks. Four shipping companies have been interviewed regarding the cybersecurity of their vessels. The results of the interviews have since been compared against IMO's guidelines released in 2016 to investigate whether there are deficiencies in cybersecurity on swedish ships. The results show that there are shortcomings in several of the shipping companies interviewed, primarily in the form of training of personnel. The result also shows that there are clear contrasts between smaller shipping companies and larger shipping companies, where the smaller shipping companies have fewer measures in place while the larger shipping companies have more to prevent or handle a cyberattack.

IT-säkerhet

sjöfart

sverige

IT-attack

ransomware

IMO

Computer Systems

Datorsystem

"Det är inte vi som är måltavla" : En studie av hur IT-attacken som drabbade Coop framställs i den svenska debatten

Galyas, Viktoria

January 2021

Sweden is one of the world's most digitized countries but falls behind when it comes to ITand cybersecurity. When we are so dependent on digital solutions and security is far behind, it leaves us with a vulnerable society. This thesis studies Coop, a grocery store, in Sweden that was affected by an IT-attack in the summer of 2021. The purpose is to understand how IT- and cybersecurity is described in the debate surrounding the incident. The theoretical framework used in this study is the securitization theory by Buzan et. al. To answer the research question of what type of security problem the IT-attack is described as in the Swedish debate, a discourse analysis is made. The material for this study is both news articles from the four largest nationwide newspapers and press releases from Coop and the Swedish government. The analysis shows that the IT-attack is described as two different kinds of security problems. In the beginning of the crisis, it is described as a problem for companies, but as the discorus evolves it starts to shift to be described as more of a problem for society as a whole. This thesis contribution is to show how the IT-attack that affected Coop is described and formed in the discourse. Henceforth it also shows the complexity of responsibility of ITand cybersecurity issues.

Coop

säkerhetsproblem

IT-säkerhet

cybersäkerhet

IT-attack

hot

diskurs

ansvar

säkerhetiseringsteorin

Political Science

Statsvetenskap

Skydd och incidentrespons inom IT-säkerhet : En studie kring utvecklingen av ransomware / Protection and incident response within IT-security: A study about the development of ransomware

Ericson, Christoffer, Derek, Nick

January 2023

Cybersäkerhet är ett konstant växande hot mot organisationer, genom det ständigt ökade digitaliserade samhället, dock finns tecken på att medvetenheten hos organisationer ökar vad gäller cyberattacker och cybersäkerhet. Cyberattacker kan skapa konsekvenser som kan förhindra organisationens verksamhet. Detta lägger grunden till arbetet, att se hur försvarsförmågan har utvecklats. I värsta fall medför en cyberattack konsekvenser som kan äventyra en organisations överlevnadsförmåga. I och med det nya hotet ransomware, där hotaktören krypterar offrets filer och sedan kräver en lösensumma, har konsekvenserna kraftigt kommit att bli mer fatala. Metoderna för ransomware utvecklas av hotaktörerna vilket kan bidra till mer än bara ekonomiska konsekvenser för organisationen. Mot ransomware gäller i stort samma skyddsåtgärder som mot alla former av cyberattacker, däremot finns en del särskilt viktiga aspekter som belyses i detta arbete, till exempel implementering av backups, adekvat dataskydd samt god Patch Management (d.v.s. protokoll för att åtgärda sårbarheter i programvara). I arbetet sammanställs en branschkonsensus för hur organisationer skall arbeta gentemot cyberattacker, specifikt ransomwareattacker. Detta har gjorts genom en litteratur- och kvalitativ intervjustudie, som sedan har analyserats och diskuterats. Intervjustudien har genomförts hos organisationer som bedöms lämpliga för detta då de dagligen arbetar med cybersäkerhet. En av rekommendationerna är att ha en bra backuprutin, där man skapar, distribuerar och testar dessa. Genom arbetet belyses även hur god patch management bör implementeras. Slutligen presenteras även en ny metod, Ransomware 3.0 där hotaktörer stjäl en organisations IT-miljö för att sedan radera denna lokalt hos organisationen och sedan säljer tillbaka denna, som används av hotaktörerna, som hittills varit okänd, där vidare forskning bör vidtas. / Cybersecurity is a constantly growing threat against organisations due to the increasingly digitalisation of society, although there are signs that the consciousness at organisations has increased regarding cyberattacks and cybersecurity. Cyberattacks can create consequences that can restrain an organisations operations. This creates the foundation for this study, to see how the defence capabilities has developed. A cyberattack can, in the worst case scenario, threaten an organisations ability to survive. In regards to the new threat, ransomware, where the threat actor encrypts the victim’s files and demands a ransom, the consequences can be fatal. The new methods associated with ransomware, where the threat actor also exfiltrates the victim’s files, strongly impact the organisations ability to operate. This could lead to economic consequences, as well as damages towards stakeholder relations. Most protective measures applies towards ransomware, however there are some especially important aspects that are presented in this paper, such as implementation of backups, sufficient data protection as well as good Patch Management (protocol to patch vulnerabilities in software). In this paper, an industry consensus on how organisations should work against cyberattacks, especially ransomware, is compiled. This was performed through a litterature and a qualitative interview study. Both studies has been analysed and discussed.The interview study has been accomplished by interviewing appropriate organisations that work with cyber security daily. One of the recommendations is to have a good backup protocol, which implies creating, distributing and testing these backups. This paper also presents how a good patch management should be implemented. Finally, this paper presents a new method, Ransomware 3.0 where the threat actor steals an organisations IT environment, and then destroys the local copy at the organisation to then sell it back, that is used by the threat actors, that is still uncommon knowledge, where continued research have to be conducted.

IT-security

Cyber Security

Data Security

IT Attack

Cyber Attack

Data Exfiltration

Ransomware

Backup

Encryption

Patch Management

Risk Management

Incident Response

Compliance.

IT-säkerhet

Cybersäkerhet

Datasäkerhet

IT-angrepp

Cyberattack

Dataläcka

Ransomware

Backup

Kryptering

Patch Management

Riskhantering

Incidentrespons

Regelefterlevnad.

Engineering and Technology

Teknik och teknologier