The shipping industry is on a voyage to a new horizon. We are already in the era of the Connected Ship, with floating assets becoming increasingly digitalised, higher levels of remote monitoring, more data collection and analysis.
Crew-operated vessels will remain the norm in the short term and there will be more Digitalised Ships, using remote assistance using industrial IoT and real time analytics. The ultimate leg of the voyage will see a complete digital transformation, with Smart Ships potentially operating remotely with crew assistance.
But navigators need to understand the main obstacle to progress. It’s not traditional resistance to change, it is the need to protect the current and next generation of assets. Without adequate cyber security this voyage cannot make progress.
What shipowners must understand is that the digital journey means that a vessel is a single ecosystem, encompassing Information Technology (IT) and Operational Technology (OT) and that they need a partner who can help them address both.
Traditional cyber security focuses on the IT system and its normally visible components with well-established protective tools. In order to meet the baseline requirements of IMO2021 amendments to the ISM Code - as well as the much more demanding voluntary systems such as SIRE and TMSA - owners need to document protection of OT assets which means proactive threat detection and response is necessary too.
Understanding IT and OT Risk
An analysis of the data gathered by Marlink from a sample of shipowners illustrates the problem. On average the vessel IT network (the ship’s collection of Admin PCs and back of bridge support systems) accounts for 22% of cyber threats. The OT network of connected machinery and devices accounts for 10%. The crew LAN remains the biggest area of threat at 68%.
This suggests that crew do not in the main have enough awareness around cyber hygiene and procedures for safe use of their handhelds and mobile devices. The situation many crews find themselves in since the start of the pandemic may explain this to some extent but the responsibility lies with owners to provide them with the necessary training.
The IT/OT numbers are equally troubling because they suggest that threats are being increasingly recorded against both PCs and unattended systems and components. Experts have long warned that IoT poses a serious threat to security without proper protection measures and the impact of a successful attack could be fatal.
On the bridge and in crew cabins it suggests that hackers and attackers could be exploiting unpatched software, out of date operating systems and poor hygiene, from default passwords to simple breaches of procedure.
Since the amendments to the ISM Code came into force in January 2021 shipowners and managers have shown increasing interest in Marlink’s IT and cyber security services. The regulation requires owners to demonstrate that they have a process of cyber risk management in place, including latest OS and software patches and updates. More and more ship owners also opt for threat detection and remediation on top.
A suite of solutions
To help shipowners and managers come to terms with cybersecurity challenges and requirements Marlink has developed Cyberguard, a full suite of cybersecurity solutions based on the NIST framework of Identify, Protect, Detect, Respond and Recover.
The first simple and cost effective solution, ITLink Monitor provides a remote, fleetwide view of onboard computers and their operating system environment. Hardware, software and operating system status and details are reported onshore in an easy-to-view dashboard, providing complete visibility of IT status across the fleet. Compliance with IMO requirements can be demonstrated and basic cyber hygiene maintained onboard.
ITLink Monitor’s popularity stems from its easy adoption; with activation requiring minimal physical intervention onboard the ship and low cost of ownership – the system requires no Capex.
Of the 1,000 ships using ITLink Monitor, 400 have already supplemented it with ITLink’s advanced managed services that provide enhanced cyber security functions, standardise and simplify remote support and maintenance of operating systems and applications from shore.
Because the majority of threats come from the crew LAN protecting endpoints is a necessity. Marlink has leveraged the latest Endpoint Detection and Response technology and now offers it as a standalone service or as part of its larger IT managed services, ITLink Advanced or SkyFile, its maritime emailing solution.
Once basic hygiene and protection is in place, the next step is detection of the threats that go beyond these first barriers. This is the purpose of the Cyber Detection service, which is based on smart AI deep data packet inspection of network flows, complemented by ad hoc analysis of our Security Operation Center experts. While the automation of such analysis is the only way to handle massive flows of data, the expertise of people trained to spot the real threats among the fake ones ultimately makes the difference. The Cyber Detection service can be activated almost instantaneously and does not require installation onboard. Results are made available on real time on a user-friendly dashboard. More than 1,000 vessels have now subscribed to this service.
Once informed of the main cyberthreats and their degree of importance vs urgency customers then have the choice to take remediation actions by themselves or delegate them to a trusted partner. The one party who manages vessel IT is usually in a good position to execute fast remedy and restore.
Securing the Transition
The need to secure the digital transition from cyber threats means that owners cannot be complacent; cyber security needs to become ingrained in day to day operations – onboard ship and ashore.
We recognise that for many vessel operators, this can be a challenge. The different elements of Operation and Information Technology – as well as security for the crew - make finding a solution difficult.
Marlink has the understanding of the issues, the experience and the expertise to help. We believe that shipping’s digital future needs cyber security to be built in and we have the tools to help. Our approach to cyber threats and how to manage them means we can support the shipping industry on its journey to a digitalised future.
