World-Link Communications, Port-IT, WatchGuard and GTMaritime have developed cyber security specifically for shipping to prevent malware from entering computers over satellite links
Cyber security plays an increasingly important role in maritime communications as threats become more frequent and costs rise. This was demonstrated by cyber attacks on shipping, including one on Maersk in June 2017 that is estimated to have cost that group around US$300M, and others that have been reported (Marine Electronics & Communications, Q1 2018).
Malware can enter ship computers from a number of sources, such as data storage devices and mobile phones, but the majority come from seafarer email received over satellite communications.
Communications service companies have recognised this problem and are introducing new cyber security products with anti-malware and viral detection. There are also companies that specialise in providing cyber security products for VSAT and broadband communications and secure crew email.
For example, World-Link Communications has added functions to its maritime cyber security platform, ShipSecure. This is a multi-layered fleet security management system that can give shipowners, managers and operators an indication of the cyber threats to their assets. ShipSecure gives owners the ability to control onboard security to protect computers that are linked to the internet.
World-Link president Asad Salameh explained that ShipSecure incorporates three main components that improve a fleet’s cyber security. “We deploy virtual machine and cloud-based technologies to integrate onboard unified threat management (UTM) devices and sensors,” he said.
“We deploy virtual machine and cloud-based technologies to integrate onboard unified threat management (UTM) devices and sensors”
These operate alongside Cisco’s latest threat intelligence services for an integrated service, which Mr Salameh said allows World-Link to provide ship operators with “access to the latest global threat intelligence and the latest in firewalls,” which are intrusion detection and protection systems.
ShipSecure provides fleet managers with policy-based protection of onboard computers with real-time and historical data analysis of data collected from onboard security sensors. It has anti-virus and anti-malware software and onboard network firewalls.
World-Link said a security IT manager can use ShipSecure to identify threats across the fleet, isolate the problem area and take immediate remedial action to minimise the effect of any threat or breach.
ShipSecure uses a centralised management portal that delivers real-time network traffic data. IT managers can use this to analyse and instil actionable policies across the fleet. Within ShipSecure is ShipGate, a global threat management module that provides an outer layer of protection and analysis around a vessel fleet. This shields ships from internet intrusion and protects vessels from being detected from potential hackers.
ShipNet is a second module in ShipSecure. It is a vulnerability management system that is continuously assessing existing threats on board ships in a fleet. It has a priority system for critical resolution of existing vulnerabilities on vessels.
IT managers can manage ShipNet from a central dashboard to perform scanning and reporting tasks against known vulnerabilities of software applications, operating systems and network protocols.
World-Link said it continuously updates the ShipNet database of vulnerabilities and has so far identified 50,000 of these. It is installed as a virtual machine in World-Link’s ShipSat satellite communications hardware. ShipGuard is within these onboard ShipSat virtual machines. It builds an internal layer of protection that shields vessels from external threats and connects the vessel’s protection components to the threat intelligence at the onshore management system.
Other specialist email and online security providers, Port-IT and WatchGuard created a unified threat management package for maritime customers in 2017. Port-IT Vanir will protect all computers from malware and viral infections for a monthly fee, said Port-IT managing director Youri Hart.
He told MEC that this service was developed in response to successful cyber attacks on shipping and the resulting interest in marine-specific services. Vessel computers are protected by a custom implementation of endpoint security from internet security provider ESET. Antivirus signatures are updated daily and synchronised between the shore and vessels that are using Port-IT’s software.
This endpoint security has firewalls and protection against denial-of-service attacks with WatchGuard software installed for viral detection. WatchGuard uses various security vendors for network security, such as Kaspersky, Bitdefender, Websense and Lastline.
Shipowners can get reports from Port-IT’s monitoring software to analyse network security and implement any required changes or upgrades. Port-IT Vanir will block websites, monitor crew internet usage and prioritise bandwidth so that critical communications can get through.
Mr Hart said vessel operators using this service have greater control over what online content crew can access. “In our security centre we actively monitor for any strange behaviour and, if found, we contact the customer and can eliminate the computer in the network by disconnecting it remotely,” he said.
Trials with Port-IT Vanir in 2017 identified active denial-of-service internet devices that were trying to slow ship data transmissions over the satellite link.
GTMaritime is another provider of cyber security that uses Lastline’s network-based malware protection. In February this year, it announced that Lastline’s malware detection technology was included in its GTMailPlus service.
This should “diminishes the risk of malware infecting critical systems that could lead to devastating results,” said GTMaritime chief executive Rob Kenworthy. In tests last year, Lastline software was effective at detecting advanced malware. It achieved 100% security effectiveness in the 2017 NSS Labs breach detection systems tests.
GTMaritime has deployed the Lastline detector in GTMailPlus to isolate, independently analyse and block malicious attachments and internet addresses before they are routed to recipients. GTMaritime’s engineers can use Lastline analysis and reports to respond to cyber threats and incidents. GTMailPlus includes an online dashboard that facilitates remote configuration and administration of email on vessels.
© 2023 Riviera Maritime Media Ltd.