Cyber-awareness and safety needs to be at the fore for shipping and maritime companies as new fast and connected digital technologies mix with more traditional ones in ways no one has really seen before. Samantha Fisk went to find out how.
It has been stated that shipping is a slow industry to react to new concepts and none more so than the digitalisation of the industry, but with solutions that need quick response times now coming on to the market; there are challenges and a greater need for awareness for those solutions.
As Mate Csorba, global service line leader – cyber security, DNVGL highlights: “Ships are no longer like islands, but rather like branch offices.”
One of the main issues currently challenging the implementation of digital solutions is the integration of new systems with older systems and that of aging software. This in itself creates a weakness in the security for systems.
Csorba comments that: “Software obsolescence is much more rapid than traditional obsolescence of components in maritime. Cyber-vulnerabilities in systems underlying the maritime systems, such as operating systems are surfacing rapidly, and patching cycles are not able to cope with that pace. Security in industrial control systems is often an afterthought, not by design, so securing these systems becomes adding band aids on top of band aids.”
Also, integrating newer solutions onboard a vessel that may be using older systems also can cause issues and further consideration need to be kept in mind, such as network segregation, where previously isolated systems are now getting increasingly connected to the outside world/networks. “Secure interfaces, in order for new software to be able talk to existing dated systems typically legacy ways of connections (protocols) have to be used, which were not designed with security in mind”, Csorba adds.
Working with aging systems are creating a stumbling block for the industry, but with other industries also trying to go digital this may not be such a unique issue. “Aging may be similar to other industries utilizing industrial control systems. The difference, however, is that the maritime industry is perhaps more cost sensitive, hence upgrading or retrofitting, or even patching, which all involve some cost, can be slower”, explains Csorba.
Looking to the future Csorba notes that to address cyber security in the future: “I think a shift needs to take place on management level to embrace that there is a new surface of business threat, complementary to the traditional strong safety culture in maritime that needs to be addressed. There is no safety without security. Organisations could start with mapping their current cyber-readiness.”
DNVGL are also part of the joint awareness project for cyber security. “We are hoping to improve cyber-awareness among the participants crew and help them achieve better visibility into their vessel’s current cyber security. Also, as there is a general lack of public information on the state of cyber security in maritime, we would like to use the anonymized summary of results to improve on that”, Csorba adds.
Having system’s that are connected and “talk” to each other is one factor, but another factor to be taken into consideration is when data needs to be extracted and communicated back to land-based systems. Csorba notes that at some point there will be a cross over and will rely on proper implementation of systems segregation of communication channels.
Inmarsat, in order to try and bring some clarity to the picture, has published its field guide to ICT best practice at sea, which focuses on the design, deployment and ongoing operational management of the entire ICT system on board, including communications, the business network, and the crew and ship’s IOT systems.
“This guide offers specific advice for the ICT experts seeking to overcome this challenge by designing and building better and more robust systems on ship, factoring in the distinct Cyber Threats facing the maritime sector as well as the routines of equipment maintenance scheduling and upgrades”, comments Richard Lim, senior sector development manager, Inmarsat.
Transferring data to shore is still one of the main challenges for the industry as this is done through e-mail. “In addition, Smart Connected Ships that utilize IIOT to improve key elements in ship operations need predictive maintenance, visibility to inventory status, harvesting of ship’s sensor data back to shore for analysis, and machine learning and artificial intelligence treatment to bring in efficiency in performance”, Lim adds.
Safety back-ups and redundancies will need to be put in to place in to make sure that systems avoid going down in the future. These back strategies will need to be automated with minimal input from crew, notes Lim. Tape-based backups or similar solutions requiring frequent crew intervention should be avoided. It is recommended to use interconnected Storage Access Network (SAN) or disk-based technologies, which benefit from duplication, convenience and faster recovery.
Lim explains the necessity for a good cyber response plan in that: “It is important to have a documented section on ICT Workarounds under the Cyber Response Plan. In this workaround the ICT manager and ship manager must agree and be informed on set procedures on the action to be taken should the ship’s ICT system fail. For example. if the ship’s primary internet connection is down the steps to be taken by the Master must be documented. It is also recommended that ICT teams participate in Vessel Emergency drills to ensure efficiency of workarounds.”
Creating awareness to cyber security is a key element in the next steps for implementing more digital solutions onboard and making standard process that help crew familiarise themselves with the solutions and also to keep systems safe. For the industry developing the solutions, learning how they work and where the weaknesses are will help better protect it in the future from cyber security threats.