With connectivity on the rise, failure to take steps to ensure shipboard networks are secure could result in costly data breaches
Massachusetts-based tech consultancy IDC has forecast that worldwide spending on internet of things (IoT) will reach US$745Bn this year, with transportation one of the leading sectors.
IDC’s Worldwide Seminanual Internet of Things Spending Guide forecasts that the transport sector will spend US$71Bn, with more than half of this going on freight monitoring and a significant chunk going on fleet management.
While the maritime sector is often accused of lagging behind industries such as aerospace and automotive when it comes to technology, there are those that are seeing real benefits from IoT already, resulting in cost and energy savings, with more planning to incorporate the technology into their processes in years to come.
But with IMO’s 2021 cyber security requirements looming, it is worth remembering that IoT can be vulnerable to breaches, especially in an era of always-on satellite connections.
A demonstration by UK-based digital security specialists PenTest Partners (PTP) at the Infosecurity Europe conference in June 2018 showed just how vulnerable maritime IoT could be to malicious actors. PTP identified satellite terminals as a way to gain access to vessel systems.
They found that many vessels’ satcom terminals were available on the public internet and still used default login credentials, which are easy to guess without any direct hacking required – even something as seemingly straightforward as resetting these could make life more difficult for a would-be attacker. PTP noted that ships often have little, or no, network segregation, meaning that once access has been gained to one system it is possible to access others.
The penetration testers demonstrated that it was possible to configure an insecure ECDIS system so that a vessel had a kilometre-square footprint, and that it was possible to spoof the location of the GPS system on the vessel, 'jumping' it from one side of Dover harbour to the other. Given that ECDIS often feeds AIS tranceivers, an attacker could theoretically make it appear that a kilometre-square vessel was blocking a major sea route such as the English Channel, wreaking havoc. They also identified that operational technology onboard vessels, used to control IOT-enabled systems such as engines, ballast pumps and other equipment could be insidiously compromised by inserting subtle errors to push a vessel off course.
But as well as the risk of direct action being taken against compromised systems, such attacks could put data at risk if safeguards such as encryption are not in place.
A report by Maryland-based data protection specialists Gemalto on IoT security makes for sobering reading. Gemalto’s report found that 48% of businesses that use IoT technology surveyed were unable to detect cyber security breaches in their IoT devices, and that 40% of organisations left some portion of data unencrypted. The main challenge to cyber security was ensuring data privacy, the survey found, followed by the volume of data collected and balancing user experience and security. Respondents were clearly aware of the importance of cyber preparedness, with 97% seeing a strong approach to IoT security as being a key competitive differentiator and 95% seeing a need for IoT security regulations to be put in place.
Another finding of the survey is that organisations that manufacture IoT devices, or provide software, services or security for such devices are moving more toward a “security by design” approach when it comes to developing their products and offerings. 57% said they have already adopted such an approach, as compared to 50% last year, and 37% are working towards this, as compared to 42% last year. Only 1% felt that this should not be a consideration at all. Current security precautions are largely based around encryption (71% of respondents) and password protection, including hashing (66%).
Gemalto said “More numerous and varied smart devices create a multifaceted IoT ecosystem, which adds to the complexity of the IT environment in general.
“Such intricacy creates digital risk, as attackers have a greater number of devices to target and asset relationships to abuse.”
Dell Technologies and Arundo Analytics formed a strategic partnership to improve onboard connectivity and deploy IoT technology across vessel fleets
Shipowners and managers will be able to detect vessel performance anomalies with the next generation of internet of things (IoT) connectivity and analytics software. They can already detect anomalies in critical onboard equipment, including engines, pumps and compressors using data analytics.
However, a combination of machine learning, statistical modelling and analytics of a wide field of data sources from voyage and machinery information will expand this to cover the whole vessel, said Arundo Analytics vice president for strategic partnerships Martin Lundqvist.
He provided his thoughts on the future of maritime IoT and onboard connectivity to Maritime Digitalisation & Communications following the announcement in November 2018 of a collaboration between Dell Technologies and Arundo Analytics to deliver IoT solutions to shipping.
Their partnership will provide vessel crews with plug-and-play advanced analytics to improve ship and fleet operations. It combines Dell Technologies’ new IoT bundle and Arundo’s software and cloud technology for maritime applications.
“We expect analytics products to be simple yet powerful and highly scaleable,” Mr Lundqvist explained. “Arundo’s out-of-the-box maritime application will enable ship operators to very quickly access any selection of streaming key performance indicators (KPIs) across their fleet.”
These KPIs include indicators of fuel consumption, engine performance, weather conditions and voyage efficiency, which will be analysed to generate performance information for the whole vessel. “More advanced data products will emerge based on statistical models and machine learning,” said Mr Lundqvist. These will “support ship operators in the early detection of potential vessel performance anomalies.”
From 2019, Dell Technologies and Arundo will together deliver connectivity and IoT for seafarers and fleet managers to select, buffer, stream, compute and run advanced analytics on a range of signal data from critical equipment and systems.
“This particular collaboration is aimed at ship operators, owners and service providers looking to harness the potential of full streaming data transparency across their fleets,” said Mr Lundqvist. This technology is suitable for deployment on commercial shipping, tugboats, offshore exploration and supply vessels and cruise ships.
Their solution involves Dell Edge Gateway 5100 devices preloaded with Arundo Edge Agent software. It enables data streaming from onboard machinery and other vessel systems, while remotely linking bridge systems for diagnostics and remote support. “Our technology can be integrated with surrounding data infrastructure in order to display the results on existing bridge systems,” said Mr Lundqvist. “Our focus is on enabling the fastest and most convenient route from industrial IoT data to operational value.”
There are a few of these deployed on tugboats and supply vessels as pilot projects, but Mr Lundqvist expects more to follow. “We expect scaled deployment to commence during 2019 and peak the following year,” he said.
There are huge maritime and offshore markets to cover with IoT solutions as demand for data analytics and performance information increases. “These sectors are desperate for an independent software suite enabling end-to-end data and analytics solutions,” said Mr Lundqvist.
“This is for all participants in the maritime eco-system, ranging from equipment manufacturers to ship operators, service providers, certifiers and insurers.” With Dell technology, he expects Arundo will “demonstrate a quick path to advanced analytics products.”
Dell Technologies head of global OEM and IoT partnerships Chris Wolff thinks its partnership with Arundo will advance analytics for improving vessel performance. “Crews and field personnel will have a plug-and-play solution to stream ship-to-cloud or run advanced analytics locally, even while offline, to improve ship, fleet, or field operations,” she said.
Arundo Analytics provides cloud-based and edge-enabled software. Dell Technologies provides robust computers and connectivity devices in maritime and oil and gas industries. IoT makes machine-to-machine connectivity possible and prioritises critical data, only transmitting what is necessary from ship to shore.