Home >> November 2018 Edition >> Maritime Cyber Security: Let’s talk holistically...
Maritime Cyber Security: Let’s talk holistically...
By Tore Morten Olsen, President, Maritime, Marlink


Digitalization has the potential to transform the maritime world. Data can optimize operational efficiency, maximize profits and improve safety for passengers and crew.

However, perhaps one of digitalization’s most important applications, considering early October’s somewhat chilling ‘final call’ from scientists for immediate global action on climate change, data can also make the shipping industry greener. Cold, hard cash talks the loudest, of course, but a future where cargo movers may be selected on their environmental credentials is a persuasive argument for the maritime industry to focus on reducing emissions.

All this means SATCOM at sea is expected to experience continued growth. This does come with greater risk, of the cyber variety. For example, in May of 2017, the UK’s National Health Service was practically crippled by an outbreak of the WannaCry ransomware virus. Another well-known event, at least within the maritime industry, is that one of the world’s largest shipping companies was also severely affected by the related NotPetya malware.

While cyber security has been growing in importance to the maritime industry for more than a decade now, this was a stark warning of the damage that determined cyber criminals can cause when malware finds a way through to affect operations.

Addressing cybercrime at sea and at the onshore office requires a multi-layered approach. The nature of cybercrime means that there can be no single solution that will ensure a fleet and business is secure. The countless attack vectors, from email, phishing and social engineering to DVD, USB sticks and infected websites all require specific forms of defence.

Add into this hostile mix the diversity of the weaponry used by cyber criminals; Trojan Horses that pretend to be legitimate software, but actually carry out hidden, harmful functions; Spyware that enables advertisers or hackers to gather information without permission; Adware that displays unwanted adverts on computers, slowing them down and eating bandwidth; Ransomware which blocks the system or encrypts data, forcing its victims to pay a ransom to the cyber attackers in order to regain access; and 0-Day exploits for which no patch will exist and that are not detectable by conventional anti-viruses.

There is also a key human element to consider on ships. With the expanding VSAT deployment, internet connectivity onboard is no longer restricted to business usage, but is also provided to seafarers for welfare purposes. In segments such as merchant shipping, crew consumption represents as much as 50 percent of the overall data consumption on board.

Although most vessel operators would implement an IT policy to ensure staff usage remains reasonable, e.g., by blocking illegal (BitTorent) or bandwidth hungry applications (video streaming), crew members can find ingenious ways to bypass these safeguards; swapping network cables or using business-usage computers for leisure purposes are just two basic examples.

While deployment of sophisticated tools such as Anti-Virus and firewalls, as well as ensuring regular software updates and back-ups on board, can help defend against cyber-attack. Marlink has found that a surprisingly large number of business-usage computers or crew devices on vessels do become infected.

How to improve the situation? How does the industry defend against such a prevalent issue, one that can have a hugely damaging safety and financial consequences?

Holistically speaking
Marlink’s approach, as one of the largest global maritime SATCOM providers, is to think holistically.

The company’s cyber security solutions have protected customers from thousands of cyber-attacks/ However, with the growing sophistication of today’s cyber criminals, a more joined up approach will help to secure the maritime industry for the battle ahead.

Leading this charge is the development of Marlink’s new Cyber Guard offering, an integrated portfolio of disparate technology solutions that, when used as part of a an all-encompassing approach, can significantly reduce cyber risk. The Cyber Guard portfolio enables Marlink customers to protect, detect and resolve any cyber-threat through the product’s holistic combination of network resilience and redundancy, dedicated maritime cyber-security technology that include Anti-Virus and firewalls and maritime Security Operation Center (SOC) experts.

Cyber Guard introduces a new maritime cyber security framework that brings together a diverse set of powerful tools to defend against cyber-attacks or resolve any successful intrusions. Cyber Guard uses proven maritime cyber security technologies, and to answer the ever-changing threat patterns, the product is in constant development.

The latest solution for Cyber Guard is a unique new service called Cyber Detection, which monitors all outbound and inbound network traffic around the clock and enables customers to view threats affecting their vessels through an intuitive, web-based dashboard.

Requiring no additional installation of equipment onboard vessels, nor upfront investment (CAPEX) for the ship owners, the Cyber Detection service identifies more than 50 different threat categories (including malicious applications, intrusion attempts, confirmed intrusions, abusive usage and social engineering), whatever type of SATCOM technology used to connect the ship, VSAT or MSS.

As part of the Cyber Detection solution, Marlink has established a new SOC and introduced a dynamic and intuitive Cyber Dashboard, which provides customers with real-time actionable alerts and counter-measures while delivering easy to digest insight on the cyber risk level throughout their fleet.

A combination of machine and human intelligence is integral to Marlink’s Cyber Detection service and offers a significant improvement over existing maritime cyber-security systems. While using proven rule-based algorithms to detect malware or unauthorized activity on a network, Marlink’s SOC experts investigate in parallel any anomalies and pro-actively hunt for Advanced Persistent Threats (APT) designed to stay ‘under the radar.’ Augmented by the SOC team’s deep knowledge of how cyber criminals target maritime industry operations, continuous service tuning and data analytics, the dynamic nature of the Cyber Detection service enables it to become more intelligent over time, improving its ability to detect advanced cyber criminality on a maritime customer’s network.

While stopping in bound threats before they even reach a computer offers an extra layer of defence, Cyber Detection’s network monitoring is also capable of identifying already Malware-compromised computers on board a vessel by investigating data traffic anomalies from, i.e., covertly transferring files from a hard disk or receiving in bound commands from cybercriminals. It will also guard against a newly emerging threat for the maritime industry, the targeted cyber-attack. In a targeted cyber-attack, attackers select a company for a specific objective such as disruption, financial gain or even smuggling, and spend several weeks or months to find weaknesses in the cyber security systems.

After infiltration, such tailored malware is designed to stay undetected while performing its mission, concealing its tracks and following a very specific strategy. This is a highly sophisticated intrusion that can only be detected through services like Cyber Detection, which provides Deep Packet Inspection (DPI) and 24/7 cyber expert monitoring.

With the operational, financial and environmental benefits of digitalization driving the expanding VSAT deployment in maritime making networks secure is now an industry-wide issue and no longer the sole domain of SATCOM providers and IT departments in shipping companies.

Whether an indiscriminate or targeted attack, the negative impact on maritime operations as a whole can be severe. However, a holistic approach combining technology and cyber security experts, as well as focused and on-going development of new defenses like Cyber Detection, can provide a much more secure platform with less interruptions for the maritime industry to leverage the power of digital transformation.