Maritime Cyber Security: Good, Better & Best
By Rolf Berge
As an industry that spends a great amount of its resources procuring and sending data in order to operate, the maritime industry is an attractive target for cyber criminals. Due to the remote locations of vessels and limited staff aboard ships and rigs, organizations and their offshore vessels and platforms are often ill equipped to ward off cyber threats.
The cost and repercussions of a breach can be extensive in terms of both money and crew safety. According to a recent study, the cost of cybercrime has even surpassed that of drug crime. While cyber breaches are on the rise, they can be prevented with the proper preparation.
Being prepared is the first step in securing your data against cybercrime. This includes ensuring all individuals within a company understand the importance of security, from top-level management to base-level employees.
Top leadership needs to set an example and focus on requiring network safe guards while raising awareness of the importance of keeping systems and data secure. If management isn’t concerned about it, then employees further down in the company will be relaxed about it as well and unconcerned about how they tend to the network. Cyber security should be on the agenda of the Company Board.
A lack of preparation can lead to dire consequences when the employees installing and maintaining network devices are too relaxed or unaware of potential threats to security. Often in these situations, network ports of these devices can inadvertently be left open, devices aren’t properly configured, or software patches and updates are skipped, putting the company at risk. As 42 percent of cyber security risks are caused by careless insiders, proper training is essential to safeguarding a company’s network.
When evaluating cyber security needs, a company should ask the following questions:
- What data would be considered most valuable to a cybercriminal?
- What training and safeguards are in place to minimize employee threats?
- Is there a cyber security solution already in place?
- If so, is there a formal way to evaluate the effectiveness of the security?
- Is there a disaster recovery plan if things go wrong?
Answering these question will help a company determine next steps, whether that means implementing new security solutions or simply enhancing those already in place. While there are many different levels of security a company can implement to safeguard their data, the best solutions involve defense, monitoring and prevention. Speedcast, the critical communication company, is a great example of a firm providing such capability.
Speedcast’s SafePass Pro combines the best of content filtering and monitoring with threat management services, including vulnerability assessments. With this combination of solutions, clients can benefit from working with Speedcast cyber security experts to pinpoint system vulnerabilities, monitor insider threats, proactively defend the network and respond to incidents.
SafePass Pro is broken down into three different levels to defend, monitor and prevent cybercrime within the client’s system. Altogether, this solution improves network resources, minimizes malware and spyware, enables centralized control across all sites, enforces acceptable use and security policies (AUP) and provides an opportunity to assess and eliminate network weaknesses.
With that in mind, let’s look at the good, better and best guidelines and options for protecting your system
Level 1 – Defend – Good
This first, basic level is a firewall to keep unwanted visitors out. Most can filter traffic based on URLs, or classes of URLs, and single applications.
This can often be customized to customer needs or wants, with enhanced, granular blocking capacity to go deep into the types of classes of URLs to block – down to both geography and type of applications. With this level, the client can block users from accessing any site or application at risk for malware or other cyber threats.
Level 2 – Monitor – Better
The second level would build on the basic firewall defense mentioned in level one. This would be a monitoring service that reviews traffic that goes in and out of a client’s network – whether that is a tanker, cruise ship, oil rig, semi sub or a single offshore vessel. All traffic is monitored by an appliance onsite that checks for any anomalies, strange traffic or patterns of traffic that suggests it is unwanted or could present a risk. At the discovery of such a threat, an alert is sent to the security operations center, for further action.
Level 3 – Prevent – Best
The third and final level is the preventative level. This level allows the customer to work with experienced firms like Speedcast on more of a consulting basis to perform vulnerability assessments. This is done by assessing open source threat intelligence to find out what information is present on the deep web or darknet that could represent a threat for the customer. This could be anything from financial data, key intellectual property or plans as well as entryways into on-board monitoring and control systems. Chatrooms provide forums for bartering such information. Knowing that the information openly available on the internet is only 4 percent of the total Internet content and that the other 96 percent is hidden (i.e. deep web and darknet) , there is a vast amount of data that can be assessed to find out what types of threats the client is vulnerable to. Navigating this gargantuan amount of information in clandestine places in the darknet and identifying data representing threats requires skill and experience.
Additionally, this level of engagement provides more than simply finding out what is out there, but also provides the client with variations of penetration testing. This means that cyber security experts conduct tests to see how well a customer’s security system protects their network. Even though a client may have blocked sites and is monitoring all the traffic going in or out of their network, there can still be vulnerabilities in the network itself through open ports or unpatched software on devices. This testing helps dive into any remaining problems to tighten security solutions.
Finally, clients have the opportunity to sit with companies such as Speedcast to review their current security stance including everything from how executives view the threat of cyber security and how they train employees, to the types of policies they have in place. This ensures proper training and threat management procedures can be implemented to safeguard from cyber threats.
Maritime companies without a cyber security solution leave themselves open to critical risks to their operation, and while having a program in place helps prevent these risks, an installation or network that isn’t properly maintained or updated can be just as vulnerable. Taking proactive measures to ensure a company has a system in place that defends the network, monitors traffic and prevents cyber attacks can provide peace of mind and prevent significant financial loss.
Rolf Berge is Director of Energy Products, Speedcast