Insight | Shipping: making the connection on cyber security
Maritime
Speaking on a panel at the World Economic Forum in 2018, A.P. Møller-Maersk Chairman Jim Hagemann Snabe revealed that responding to the NotPetya ransomware attack of the previous year had required the reinstallation of 4,000 new servers, 45,000 new PCs, and 2,500 applications, all within 10 days. During this period, the company reverted to manual systems.
In hitting a company equipped with experienced cyber security specialists, NotPetya showed that the cyber threat is as real for shipping as it is for any other connected business, especially where legacy systems proliferate.
Despite this, the Inmarsat Research Programme report, The Industrial IoT on Land and at Sea (2018), suggests that maritime minds are slow to change. The 2018 study drew on testimony from 750 survey respondents across a range of industries to establish preparedness and perceptions regarding the adoption of Internet of Things (IoT)-based solutions.
The survey found 87% of maritime respondents believed that their cyber security arrangements could be improved. It also saw sizeable proportions of them identifying data storage methods (55%), poor network security (50%) and potential mishandling/misuse of data (44%) as more likely to lead to breaches in cyber security than outright cyber attack (39%). Given the self-diagnosis, it is perhaps surprising to find that only 25% of maritime respondents said they were working on new IoT-based security policies.
Inconsistent views on cyber security appear free to coexist with immature ones. Around 70% of respondents identify reducing marine insurance premiums as a main driver for IoT uptake, where insurers have shown themselves as especially sensitive to cyber threats. At the same time, other studies have found attitudes such as “I’m not the target /we have security in place, don’t we?/I will be protected by AntiVirus” alive and well among seafarers.
For those prepared to engage in the IoT, ships today sustain crews in small numbers, representing both an opportunity and challenge for cyber security. On the one hand, low crew numbers aligns strongly with operational technology that is remotely updated, self-managing and supported by automated security. On the other, the opportunities to ‘patch’ embedded operational technologies (OT) safely are not frequent, and patches usually require certification by control system manufacturers.
The broader point, though, is that cyber security is not just about software patching and systems configuration. Ship operators do not buy computer processors, disk storage and software and then build them into a system; they procure turnkey systems. Again, shipboard engineers may well be IT-literate, but no space has been made on the crew roster for cyber security specialists.
In these circumstances, the integrity of the systems on ships is best maintained by software which can identify, contain and resolve threats wherever they appear in the network. Such Unified Threat Management (UTM) detects all deviations from the ‘known good’ configuration as anomalies and potential threats to security and can update securely, even during operation. Some specialist functions such as a deep analysis of alerts or security forensics will need to be delivered remotely.
Inmarsat believes that a collaborative approach – that includes shipboard systems, but also the crew operating them and the processes involved – is vital to develop the maturity of response demanded by multiple threats from cyber villains, whatever their origin. For this reason, we have been working with some of the best security-focused experts available to tailor products and services to meet shipping’s requirement.
Our work with Singtel cyber security subsidiary, Trustwave, for example, has brought Fleet Secure into the industry as the first independent service designed to detect vulnerabilities, provide alerts, respond to threats and protect ships from cyber attack. In fact, Fleet Secure is a UTM available without additional outlay on hardware which also has no impact on contracted bandwidth. It can identify external attacks through high-speed broadband connectivity, including malware introduced accidentally to the ship’s local area network. It then isolates that part of the operating system infected to prevent wider disruption.
As noted, however, software is only part of the answer: vigilance for ‘the human element’ and a well-thought-out recovery strategy to mitigate against multiple, automated assaults are also critical. I will be looking at these critical components in the second part of this blog.
Peter Broadhurst is responsible for the development of Inmarsat’s safety and security services. He defines the strategy, development and evolution of Inmarsat’s satellite communication services for maritime safety, navigation, safety of life at sea and data security.
Peter started his career at Inmarsat in 2014 as Vice President of Service Delivery for the Maritime Business Unit and was instrumental in the launch of Inmarsat’s high-speed broadband service Fleet Xpress in March 2016. With over 25 years’ experience in the maritime industry, Peter began his career at sea as a Radio Officer.
