Raised awareness is valuable but enforced procedures will be decisive in the battle against maritime cybercrime. Fleet Secure Endpoint is helping to change shipboard cybersecurity culture
Remote maintenance, IoT-based crew connectivity, and applications that enhance ship management efficiency have become maritime mantras but connecting to faraway assets also creates new opportunities for the cybercriminals to get onboard.
With Inmarsat logging a doubling of data used by merchant ships roughly every eight months, and an average of three devices brought onboard by crew*, the risk of malicious intent shaking hands with ship systems is on the rise. And, while network security can detect and protect ships from shore-based attacks, crew laptops, USBs and other ‘endpoints’ offer multiple gateways for attacks.
Part of the answer lies in forthcoming IMO rules to incorporate cyber risk management guidelines into the ISM Code safety management systems by 1 January 2021. This means shipowners and operators must define cyber security roles and responsibilities, document at-risk systems, implement contingency plans and identify recovery measures.
However, effective protection will not be achieved if planning is the only outcome of the new rules, according to Peter Broadhurst, Senior Vice President, Inmarsat Maritime. “Since the threat is IT-based, owners must ensure that cyber protection, response and recovery are built into ship systems themselves,” he says.
Owners who seek to anticipate the IMO 2021 regime can act now by choosing Fleet Secure Endpoint, which Broadhurst describes as “the only cyber security product that provides a single solution to protect ships and the communication network to enable compliance”.
As a multi-layered protection solution developed by Inmarsat with ESET, Fleet Secure Endpoint uses multiple scanning engines to analyse the network and eliminates malicious encryption (possible ransomware), blocks forbidden sites, shuts down malicious connections (botnets) and runs anti-spyware and anti-phishing software. It only allows trusted endpoints to interact with the network, with new devices labelled rogue until verified. Endpoint Threat alerting notifies of recently detected threats via email, while Malware introduced by infected USBs prompts manual intervention via ‘guardian portals’. Fleet Secure Endpoint includes a remote dashboard to give customers an overview of their network and what is secured.
“Fleet Secure Endpoint will detect the infection and respond by blocking it and removing it, and finally reporting it, then offer an overview of the security status of the vessel in a format that is IMO 2021-compliant,” says Broadhurst. “Security events such as neutralized viruses and blocked USB drives need to be reported to shore teams but they will also need to be available for the master of the vessel to show Port State Control.”
The recent ‘Maritime 2050 – Navigating the Future’ report from the UK Department of Transport observed that it was unlikely that every maritime organisation will have the resources to employ dedicated cybersecurity specialists in the next 1-5 years. As a consequence “industry should consider exploring models that could provide the maritime industry with cyber support services more effectively”, the report said.
“I would say that Fleet Secure Endpoint is an example of the type of effective cybersecurity service to support an industry that the Navigating the Future report has in mind,” says Broadhurst. “It aims to help owners face a real and present threat and achieve compliance next year in a single step.”
*Futurenautics Crew connectivity 2018 report
