IMSO Seminar Effective Implementation and Management of the LRIT System 15 16 February 2018, London, UK LRIT spectrum, cybersecurity and other ITU related activities Nikolai Vassiliev Chief, Terrestrial Services Department Radiocommunication Bureau International Telecommunication Union
International Telecommunication Union Created in 1865, based in Geneva, 12 regional offices, around 750 staff staff from 80 countries, 6 official languages 3 ITU Sector: ITU-R - Radiocommunications radio issues ITU-T - Standardization standards for wired networks ITU-D Development assistance to developing countries, cybersecurity Basic ITU document Radio Regulations (RR) - international rules for all radiocommunications: aeronautical, land, space, maritime, including GMDSS
Providing spectrum for radio technologies RR is intergovernmental treaty updated by World Radiocommunication Conferences WRCs WRCs provide spectrum for new radio applications. Maritime examples: Conference, 1906: first rules for maritime mobile service (MMS); WRC, 2012: satellite frequencies for AIS 1 and AIS 2 channels WRC, 2019: GMDSS modernization, additional satellite systems, satellite VDES ITU ensures that radiocommunication channels are interference-free, via: Mandatory ITU coordination and registration of satellite networks (up to 7 years) Frequency planning in some bands ( HF or VHF maritime channeling arrangements) Technical and regulatory limitations on emissions LRIT relies on satellite-based systems operating under RR and ITU-R Recommendations
Developing standards, managing identities Radiocommunication standards ITU-R Study Groups (SG) develop international standards (recommendations), e.g. Rec. M.1371 on AIS, Rec. M.1171 on radiotelephony in MMS, M.1478 on protection Cospas-Sarsat Other recommendations, reports and handbooks on spectrum and orbit use 5000 specialists.two main maritime related SG: SG 5 for maritime mobile service, including GMDSS SG 4 for maritime mobile-satellite and radiionavigation-satellite services Management of identification resources Formation of call signs (Article 19 of the RR), allocation prefixes to countries (e.g. FAA - France) Rules for assignment of MMSIs (Recommendation ITU-R M.585)
Maritime publications and databases Maritime Mobile Access and Retrieval System (MARS) free online database available 24h, 7/7 at http://www.itu.int/itu-r/go/mars/en Information on > 700,000 ships, > 2000 coast stations/rcc, AIS, Aids to Navigation (AtoN), SAR aircraft, accounting authorities This information is published in List IV (coast stations) and List V (ship stations) The Maritime Manual describes maritime communications, GMDSS and contains extracts from the RR This information is notified by flag states ITU maritime database List IV List of Coast Stations and Special Service Stations List V List of Ship Stations and Maritime Mobile Service Identity Assignments MARS - Maritime mobile Access & Retrieval System
Cybersecurity - introduction The world is becoming digital What can be digitalized will represent information that can be transmitted, processed and disseminated. What is digital will be connected. What cannot be digitalized will be ignored Digital ecosystem (computers, communications systems, clouds, interconnected devices, information) grows and becomes vulnerable Number of cyber attacks increases, they become more sophisticated their types varies significantly Cybercrime costs for global economy is $450 billion compared with $ 175 billion caused by natural disasters Cybersecurity and data protection become critical for sustainability
Cyber attacks types Cyberattacks have various reasons: monetization, sabotage, intellectual property theft, revenge, political reasons, etc.
Cybersecurity - ransomware Encrypting files forcing the user to pay ransom Statistics: the global cost for organizations estimated around $ 5 billion in 2017 (400% increase from 2016) Financial services are the first target for ransomware Example: WannaCry, May 2017: hackers forced hospitals across England to divert emergency patients Ransomware consequences can be even more costly that the attacks e.g. a global French manufacture reported $290 million drop in sales after the attack Source: The aftermath of ransomware, Deloitte
GPS jamming In November 2016 Norwegian researches simulated a disruption of GPS reception by a ship Results: jammer could falsify the location up to 10 meters, which may lead to a major accident, considering the narrow nature of the Norwegian straits frequently affected by poor visibility A solution: combining GPS with multi-frequency GLONASS receivers
GPS spoofing University of Texas demonstrated a takeover of yacht navigation, using false GPS signals Researches simulated the use of GPS spoofing device by a person on-board Once in the sea, the spoofer diverts the ship s course by five degrees to the right and encourages an speed increase of two knots In 4 days the vessel makes landfall 10 hours earlier and 220 nautical miles away, off shore a sparsely populated part of Indonesia
Satellite jamming Uplink jamming: interfering signal is sent to satellite and blocks legitimate transmissions Downlink jamming: interference to receiving terminal on ground Uplink attack is more damaging because it saturates/destroy all possible recipients In practice jamming mainly to reception of TV and sound broadcasting programs. Examples: June 2010 - interference to reception of world cup transmissions by Nilesat October 2012: interference to BBC, Voice of America, France 24, Deutsche Welle and Al-Jazeera GPS jamming: to GPS receivers of country A on ships, aircraft and GSM base stations in 2012, 2014 and 2016 from Country B by high power ground transmitters ICAO, IMO and ITU reacted collectively to stop interference
Cybersecurity attacks other examples On mobile phones hackers are using vulnerabilities in the SS7 technology to track subscribers, intercept and decrypt mobile calls DDOS attacks: taking website down by overloading with data. Example: taking entire Lyberia s internet down in 2016 by loading more than 1 Tbps On critical infrastructure : Financial attacks, e.g. in February 2016 hackers forced Federal Reserve Bank NY to transfer $81m from Bangladesh Central Bank to Philippines Attacks on energy grids, e.g. the power cut of about 1 hour in Kiev in December 2016
Recommendations Examine information security risks. Take into account threats, vulnerabilities, impacts and develop protection measures Implement cyber security standards, e.g. ISO 27000 info security management systems Develop incident response, such as a computer team in charge of monitoring and taking care of critical events Develop and implement crisis management plans Promote the exchange of information and good practices Implement cyber security awareness campaigns and training (cyber drills)
T h a n k y o u!