Raised awareness is valuable but enforced procedures will be decisive in the battle against maritime cybercrime. Peter Broadhurst, Inmarsat Senior VP, Inmarsat Maritime, said Fleet Secure Endpoint can help change shipboard cybersecurity culture
Remote maintenance, IoT-based crew connectivity and applications that enhance ship management efficiency have become maritime mantras but connecting to faraway assets also creates new opportunities for the cybercriminals to get on board.
With Inmarsat logging a doubling of data use by merchant ships roughly every eight months, and an average of three devices brought on board by crew, the risk of malicious intent shaking hands with ship systems is on the rise. While network security can detect and protect ships from shore-based attacks, crew laptops, USBs and other ‘endpoints’ offer multiple gateways for attacks.
The spread of COVID-19 has forcefully demonstrated the critical role played by the first line of defence against any virus but has also confirmed the superiority of enforcement over awareness as a protective shield.
If the 2017, Maersk NotPetya incident showed how high the stakes can be when a global shipping business comes under cyberattack, passing time may nonetheless have blunted cyber vigilance, even where awareness campaigns have been energetic. For this reason, it will be formal procedures which provide the better defence against multiple lines of attack that also include phishing mails and scamming websites.
Part of the answer lies in forthcoming IMO rules to incorporate cyber risk management guidelines into the ISM Code safety management systems by January 1, 2021. This means shipowners and operators must define cyber security roles and responsibilities, document at-risk systems, implement contingency plans and identify recovery measures. P&I Clubs have been active in developing cyber risk assessment tools and recovery plans during early 2020.
However, effective protection will not be achieved if planning is the only outcome of the new rules, according to Broadhurst. “Class is also playing a critical role in developing guidelines for technical control management, threat assessment and management, incident response and governance, and in training cyber resilient habits. However, as the threat is IT-based, owners must also ensure that cyber protection, response and recovery are built into ship systems themselves.”
Guideline steps to meet the new regulations from BIMCO and ICS include having the ability to monitor and detect anomalies and incidents, and to respond and recover to reduce the impact and prevent more damage from being done by being transparent.
Owners who seek to anticipate the IMO 2021 regime can act now by selecting Fleet Secure Endpoint, which Broadhurst describes as “the only cyber security product that provides a single solution to protect ships and the communication network to enable compliance.”
As a multi-layered protection solution developed by Inmarsat with ESET, Fleet Secure Endpoint uses multiple scanning engines to analyse the network and eliminates malicious encryption (possible ransomware), blocks forbidden sites, shuts down malicious connections (botnets) and runs anti-spyware and anti-phishing software.
It only allows trusted endpoints to interact with the network, with new devices labelled rogue until verified. Endpoint Threat alerting notifies of recently detected threats via email, while Malware introduced by infected USBs prompts manual intervention via ‘guardian portals’. Fleet Secure Endpoint includes a remote dashboard to give customers an overview of their network and what is secured.
“Fleet Secure Endpoint will detect the infection and respond by blocking it and removing it, and finally reporting it, then offer an overview of the security status of the vessel in a format that is IMO 2021-compliant,” said Broadhurst. “Security events such as neutralized viruses and blocked USB drives need to be reported to shore teams but they will also need to be available for the master of the vessel to show Port State Control.”
A recent adopter of Fleet Secure Endpoint has been gas carrier owners and operator Pacific Gas, which recently committed its operational and future takeovers to Fleet Xpress. As part of its strategy to address growing crew and operational traffic, the Hong Kong-based company selected Fleet Secure Endpoint to provide protection against cyber-attacks and meet IMO 2021 cyber risk regulations.
“Companies such as Pacific Gas recognize that, with more connectivity, the threat from the cybercriminals is also rising, which is why they are choosing security across all touch points, including endpoints,” said Broadhurst.
For Fleet Xpress customers, Fleet Secure Endpoint can be utilized as an add-on for a complete Fleet Secure Unified Threat Management (UTM) service, although Broadhurst emphasizes that it is also entirely compatible with FleetBroadband and Fleet One.
As wider events have also recently demonstrated, true resilience against the spreading of viruses relies on a realization that ‘we are all in this together’. “For maritime cyber security, that means stakeholders working towards a common goal that recognizes the revised ISM Code as a watershed identifying the owner’s cyber-responsible individual and crystallizing the roles of other stakeholders,” added Broadhurst.
Inmarsat provided early input to the Joint Working Group (JWG) formed by the International Association of Classification Societies (IACS) in 2017 to develop a coordinated position on cybercrime and its prevention. The company has also sought to increase its involvement in autonomous ships and related technologies that devolve some aspects of vessel control to shore-based staff, where cyber security as well as connectivity are critical issues.
The recent ‘Maritime 2050 – Navigating the Future’ report from the UK Department of Transport nonetheless observed that it was unlikely that every maritime organization will have the resources to employ dedicated cyber security specialists in the next 1 to 5 years. As a consequence, “industry should consider exploring models that could provide the maritime industry with cyber support services more effectively,” the report said.
Broadhurst noted, “I would say that Fleet Secure Endpoint is an example of the type of effective cyber security service to support an industry that the Navigating the Future report has in mind. It aims to help owners face a real and present threat and achieve compliance next year in a single step.”
There are certainly numerous business opportunities to go around, according to Nils Solvang, Managing Partner of ICT consultancy CloudCIO. While maritime cyber security remains “an up-sell,” Solvang recently suggested it could be a $1 billion business, assuming a sea-going fleet of 95,000 ships with average IT spend per vessel of $100,000 and 10 percent set aside for cyber protection. Even limited to the 53,000 merchant ships counted by Statista in 2019, the same assumptions would mean an addressable market worth more than $500 million.