vor 1 Jahr

HANSA 03-2017

  • Text
  • Hansaplus
  • Maritime
  • Shipping
  • Hansa
  • Jahrgang
  • Ships
  • Vessels
  • Hamburg
  • Cruises
  • Ports
  • Marine
Maritime Hub USA | Tax regime U.K. & Ireland | Market Report | Cruise | Green Shipping | Ballastwater | Ausbildung & Digitalisierung | U.S. Ports | Finnland | Seehafen Kiel | Nordrange

Schifffahrt | Shipping

Schifffahrt | Shipping Mature approach to maritime cyber security The threat ships face from cyberattack demands a response to technical, operational, training and insurance needs. One example of an answer from the industry is coming from Satcomm company Inmarsat It says to be »separating fact from fiction« as it prepares to launch »the industry’s first fully managed unified threat management service«, says Senior Vice President Safety and Security Peter Broadhurst. The Dyn cybersecurity breach of October 21, 2016 saw multiple denial-of-service attacks target the Domain Name System provider which, it turns out, supports Internet platforms across Europe and North America. Victims included Twitter, Paypal, Spotify, CNN, and the New York Times, as Mirai malware triggered lookup requests from tens of millions of IP addresses. Printers, cameras, home gateways and even baby monitors conspired to load attacks in 1.2 terabits per second waves. The maritime sector is far from immune to the hacking threat. In August 2016, French naval contractor DCNS fell victim to a hack that left The Australian newspaper holding 22,000 documents detailing the design of a submarine under construction for the Indian Navy, including combat capability. In the same month, US ports reported attacks using an SQL injection flaw to the Web-based component of widely used Navis maritime transportation logistics software suite. Many in the maritime sector nonetheless still assess the probability of premeditated cyberattacks on shipping as low. This must be one explanation why a recent Coventry University study supported by the CSO Alliance (Company Security Offcer) found 100% of participating shipowners saying their crews were given no training in cyber security at all. However, in 2016 things are changing fast, as mobile connectivity brings ships at sea into the »Internet of Things«, not least following the launch of Fleet Xpress from Inmarsat. The hybrid Kaband/L-band service redefines what is Photo: Inmarsat 56 HANSA International Maritime Journal – 154. Jahrgang – 2017 – Nr. 3

Schifffahrt | Shipping Peter Broadhurst Photos: Inmarsat possible in maritime communications, offering consistent, higher bandwidth communications and always-on capability, and enabling advanced business applications and crew connectivity via mobile devices. As land-based users know, however, »freedom« to roam the web is just as open to fraudsters as it is to legitimate users. This year has also seen the launch of the »Be Cyber Aware at Sea« campaign by UK-based maritime cyber security specialist JWC International, which Inmarsat is actively supporting and has attracted support from The Standard Club, North P & I Club, and insurance broker, Integro. Yves Vandenborn, The Standard Club Director of Loss Prevention, says: »This emerging threat is very real and current. Technology on ships continues to advance and so do the challenges that arise as a result. Educating crew and spreading awareness is the first step in fighting cybercrime at sea.« Inmarsat is developing an end-to-end cyber security solution, which »includes a technical answer to report and prevent attacks or malware on a ship, but also offers a programme of awareness, risk assessments and the training that drives best practice procedures,« Broadhurst says. Part of the cohesive approach sees Inmarsat seeking to include its cyber security capabilities in a scheme to upgrade of its network and infrastructure accreditation in line with ISO27001. In a world where half of online traffc is automated and an entire black market supplies hackers with tools to breach corporate security, Broadhurst is nonetheless keen to keep shipping’s cyber threat in proportion. »I think there are cyber companies out there now who have made their mark with the financial institutions and are looking to other verticals; superficially, they can make an impression by predicting doom and gloom on the cyber threat to shipping,« he says. »It is time to introduce maturity into maritime security.« Only Inmarsat will be able to offer a fully-managed, end-to-end service, Broadhurst says. »Other offerings we have seen and those we are aware of that are under development address part of the threat, or part of the management requirement, but only Inmarsat’s approach to threat management is all-inclusive.« Broadhurst adds that the fully-managed approach will be critical. An individual ship’s vulnerability to cyberattack may only be exposed when its departure from or arrival at a port is denied, for example because loading information is not shown correctly. Ransomware is a »huge phenomenon,« Broadhurst states, but shipowners may still be willing to consider buying their way out. »The owner may think, if the computer fails, the best solution is to go out and get another one because landing the cargo is the imperative. In the new era of ship connectivity, those days are over.« Although ships can be carrying high value cargoes, many individual vessels do not have large amounts of valuable data onboard; their attractions for hackers is that they offer a way in to a company’s corporate system. Inmarsat is working within a strategic alliance with Singtel to utilise capability available through the Singaporean telecoms company’s Trustwave subsidiary. Shipboard tests of a maritime UTM (Unified Threat Management) system from Inmarsat are currently underway and the full launch is envisaged later in 2017. The Inmarsat solution will be embedded in all Fleet Xpress hardware going forward, as an option which can be switched on or off by the operator as required. In the future, the same capability will be extended to FleetBroadband, Broadhurst says. The technology will be supported through a network of already established security operations centres, Broadhurst continues. »Owners will be able to get a view of what is going on at both the ship and the fleet level, and track causes behind any security compromises, whether they are due to attacks or to the presence of malware on board. We also see the system’s use as the basis for improving training and achieving the best practice that block threats coming from malware.« Broadhurst believes the maritime satellite company is taking the initiative at a critical time for shipping. »The ISO has been talking about a maritime IT cyber standards but it is 2-3 years away, while the IMO is developing guidelines,« he says. »We are at a place where everyone realises that there is a threat, but that realisation actually emphasises that shipping is a fragmented industry. As the launch of new guidelines by BIMCO aimed at helping shipping secure itself against the threat of cyber-attackers, however, there are many in the industry who are wide awake to the threat.« ED HANSA International Maritime Journal – 154. Jahrgang – 2017 – Nr. 3 57

HANSA Magazine

HANSA Magazine

Hansa News Headlines