In a changing digital landscape, passenger ship operators need to evolve their cyber security to prevent threats affecting maritime operations
In a changing digital landscape, passenger ship operators need to evolve their cyber security to prevent threats affecting maritime operations
Ferries and cruise ships are becoming more vulnerable to threats as passengers and crew are provided with greater access to online services and social media while on board.
New online threats to maritime are constantly emerging, and Lloyd’s Register (LR) consultancy manager for data, digital and security in maritime, Graeme Ripley tells Passenger Ship Technology that the use of new and emerging technology and the reliance on internet connections contribute to the increase in the threat surface, but that “the biggest threat vector in passenger shipping is likely to be social engineering and in general human factors, which hackers will seek to exploit to access the network.”
He says shipowners, managers and operators need a cyber strategy to identify their particular threats and gain a greater understanding of the assets and operation. Owners need to use threat intelligence “to identify the most credible threat vectors”.
“The biggest threat vector in passenger shipping is likely to be social engineering and in general human factors"
LR subsidiary Nettitude has created a cyber strategy framework (CSF) for owners. It uses threat intelligence and a deep understanding of assets, people and technology from a process point of view. LR CSF will define the areas of capability, the governance, assurance needs and the priorities of work to become cyber secure.
“This can be applied to diverse environments including IT and OT [operations technology] and is designed to look at organisations holistically,” says Mr Ripley. This can be adopted for ships, shore centres and for third parties.
If the growing online threats are not powerful enough to drive passenger ship operators to review their cyber security, the threat from maritime regulators should.
IMO’s Maritime Safety Committee adopted resolution MSC.428(98) covering cyber risk management in safety management systems in June 2017.
“The resolution affirms that an approved safety management system should take into account cyber risk management,” says Mr Ripley. “It ensures that cyber risks are appropriately addressed in safety management systems no later than the first annual verification of the company’s Document of Compliance after 1 January 2021.”
This resolution was incorporated into a new appendix in the latest update of the ISM Code in May 2018. “Shipping companies will be soon be expected to demonstrate that cyber security risks have been suitably addressed in the safety management systems,” says Mr Ripley.
In reaction to greater security regulation, LR introduced Cyber Enabled Ships and the Cyber SAFE notation. It revised Digital Ship Shipright and introduced a Cyber Security descriptive note to be applied to individual systems.
DFDS secures communications
Cyber security is vital to ferry owning group DFDS as it introduces a new communications system on its passenger ships. In March, DFDS selected Swedish Nowhere Networks as its strategic supplier of fast broadband on cross-Channel ferries working between the UK and France.
DFDS is rolling out Nowhere Networks’ wireless antenna tracking solution on all six vessels operating the Dover-Calais and Dover-Dunkerque routes. This is after evaluating the technology, ensuring it enhances passenger and crew communications, says DFDS vice president and chief information officer Gert Møller.
He tells PST that this secure radio link only works in the waters between Dover, Calais and Dunkerque, which means when these ferries sail outside these routes, such as for regular maintenance dockings, satellite communications is required.
“When sailing 40-50 km away from the ports, the radio link will fail,” he explains. “Our ferries must then be able to rely on the secure VSAT.”
“This new solution will not impair ship cyber security”
When DFDS ferries use Nowhere Networks’ wireless broadband there will be no detrimental impact on security. “This new solution will not impair ship cyber security,” says Mr Møller.
“We still maintain a closed satellite link for the ships’ operations, so only passenger communications will use the new radio link.” Nowhere Networks’s wireless services will provide high-quality broadband at a considerably lower cost compared to satellite communications to passengers.
“The radio link is terminated on a separate network, which passengers access via onboard wifi,” Mr Møller explains. “But of course, there are also the usual security measures on the radio link, such as Blue Coat filtering and we will still need to retain the secure VSAT link.”
Nowhere Networks is installing its technology on DFDS ships during Q2 2019. “We will install ship trackers on the vessels and we will place land trackers ashore at different locations,” says Nowhere Networks vice president and sales director C G Sänne. “We will complement the land trackers with offload sector antennas in the ports.”
He says the radio links and vessel tracking are managed by secure and intelligent cloud-based software. This service can be extended to more ferries in the future. “Our aim is to deliver high-speed broadband on all DFDS vessels in the English Channel before the end of Q3 2019,” says Mr Sänne.
Cyber secure solutions
Inmarsat introduced Fleet Secure and add-on services as part of its Fleet Xpress connectivity this year. It represents a third pillar of Inmarsat’s enablement strategy for IoT-based solutions for passenger shipping. The other two being Fleet Data’s shipboard data infrastructure and dedicated high-speed bandwidth.
In January 2019, Inmarsat introduced Fleet Secure Unified Threat Management service, which offers Fleet Secure Endpoint to protect vessel networks by isolating attacks and a cyber awareness training app for mobile devices, says Inmarsat Maritime president Ronald Spithout.
The service protects Fleet Xpress against cyber attacks “by identifying external attacks or malware introduced accidentally or otherwise to the vessel’s local area network,” he says.
Marlink teamed up with Microsoft for secure cloud-based connectivity services to shipping. Together, they created an ecosystem using Microsoft’s Azure Stack where owners and developers can offer their own digitalisation solutions in a cyber secure environment.
“We are running trials with Microsoft and some of the largest operators in the shipping market and are seeing real benefits,” says Marlink president of maritime Tore Morten Olsen. They are jointly developing a virtual local data centre to manage business, IT and IoT applications in a secure cloud.
GTMaritime provides secure email for passenger ship crews. Email needs multiple layers of cyber security, says GTMaritime head of service Jamie Jones. “Email is the easiest way to get malware on board a vessel,” he tells PST. “We have a multi-layer approach to protect vessels from these threats.” The first layer is to “weed out spam and junk mail”, the second layer is to use antivirus programs to check messages for known viruses.
Mr Jones says a third layer of protection is an advanced threat protection (ATP) program that uses artificial intelligence to analyse the behaviour of email. An anti-phishing program is a fourth layer of protection within GTMailPlus ATP secure email solution.
VSAT provider KVH promotes a six-level approach to cyber security at different strategic levels, including:
This means onboard local area networks can be configured for segmentation into operations, crew networks and third-party charter networks. KVH vice president of satellite products and services Rick Driscoll says it uses MegaPOP, a point of presence access point and an interface between communicating entities, on its VSAT.
Passenger ship operators, owners and managers will be able to learn the lessons that others have been forced to take from cyber attack experiences at a forum in London.
AP Moller-Maersk chief information security officer Andy Powell will explain how his company implemented lessons learned from a major cyber attack in 2017. This will be part of Riviera Maritime Media’s 4th Maritime Cyber Risk Management Forum, to be held in association with Norton Rose Fulbright, in London, 25 June 2019.
During that session Mr Powell will focus on Maersk’s experiences during and after the NotPetya cyber attack in June 2017. He will address how the attack happened, how it was dealt with and what steps were taken, what the consequences were, what the cost implications were, and what form the follow up to the attack took in terms of cyber threat contingency planning.
© 2023 Riviera Maritime Media Ltd.