Simple and generic antivirus is no longer fit for purpose: a genuinely effective, multi-layered, maritime cyber security solution has to combine cyber awareness, network security and endpoint security, writes Wayne Perks, Manager of Security Services, Inmarsat Maritime
Cyber security, or the lack of it, is often portrayed as a pivot point upon which the smooth running of contemporary society is precariously balanced. There can be little doubt that it legitimately represents one of the most fundamental concerns of our times, considering that the integrity of everything from
business-critical services and sensitive personal data to asset monitoring, transport network infrastructure and even political processes is now entirely contingent upon the impregnability of online networks.
Maritime cyber security naturally presents its own set of specific challenges. Cyber-attackers have been characteristically quick to exploit vulnerabilities in this sector, leading to threats not just on individual vessel systems, but also sophisticated, enormously damaging ransomware attacks on multinational shipping conglomerates. In one such incident, the infamous NotPetya incursion of June 2017, a major ship company was forced to retreat into using manual systems over the space of 10 days while it hurriedly invested in 4,000 new servers, 45,000 new PCs and 2,500 applications.
Grim episodes such as these should be interpreted as the most deafening of wake-up calls, yet the evidence suggests that a worrying percentage of vessel owners and operators are still either implementing outdated, insufficient and ineffectual cyber security measures, or languishing in blissful ignorance of the threat severity – despite having first-hand experience, in many cases, of cyberattacks on their own onboard systems.
In the superyacht sector alone, the statistics make for sobering reading. In a poll conducted for Inmarsat’s 2018 Superyacht Connectivity Report, almost 40% of respondents admitted that their onboard cyber security regime merely consisted of a basic firewall. Combine this in the bigger picture with the 2017 findings of FutureNautics’ Ship Operators Cyber Security Survey, in which 39% of respondents reported a cyberattack on their vessels’ onboard systems within the last 12 months, and it becomes obvious that cyber resilience remains an issue that entire swathes of the seafaring community urgently need to engage with.
At its most basic level, the initial problem may be one of perception. The assumption among superyacht skippers and crew has often appeared to be that a standard antivirus program will cover all their cyber security requirements. Not unreasonably, many are drawn to the idea of a one-shot easy fix, a silver bullet that will discreetly seal off their systems for good – job done. There is, of course, no such thing, and infallible, 100% cyber security is a hopeful concept at best; so it’s important to acknowledge that an in-depth cyber defence incentive consisting of multiple layers is by some distance the most effective approach to adopt for achieving far higher security maturity.
It is for this reason that Inmarsat developed its Fleet Secure Portfolio, which consists of three services – Fleet Secure UTM (Unified Threat Management), which is a comprehensive set of tools designed to continuously inspect, detect and protect the vessel’s network; Fleet Secure Endpoint, a powerful multi-layered endpoint security solution to prevent attacks whilst removing infections and threats throughout the onboard endpoints; and Fleet Secure Cyber Awareness, cyber security training specifically targeted for seafarers, raising awareness to assist in preventing threats before they get on board. Each service is separate, so customers can opt to choose one of the three, or deploy all of them. The Fleet Secure Portfolio actively seeks to maintain a secure system core by ringing it with this three-pronged defence strategy combining network security, awareness and training, and endpoint security.
If this level of safeguarding is to be achieved, it stands to reason that all the bases have to be covered. Generic antivirus software only has anti-spyware and anti-phishing capabilities, and will only work if the most recent update version is installed. Updates often need to be actioned on a daily basis, and with modern attack vectors encompassing methods to bypass antivirus there can still be no guarantee to catch every form of malicious software.
However, in order to fulfil its brief, Fleet Secure Endpoint has to encompass a raft of additional duties including ransomware prevention, botnet protection, network monitoring, web control, multi-engine scanning, endpoint health status and threat alerting, and the provision of a full asset inventory – software, hardware and so on.
A significant shortcoming of standard antivirus is its inability to recognise malware and ransomware which hacks into the network, as opposed to being launched from system files. The deceptively benign-sounding EternalBlue and EternalRomance exploits, for example, linked with the ruinous NotPetya and WannaCry attacks of 2017, capitalise on vulnerabilities present within the Server Message Block (SMB) protocol in some versions of Microsoft Windows.
Clearly, a proactive means of detecting, alerting and reporting ever-more insidious and cunning methods of cyberattack is key to staying ahead of the curve. The Fleet Secure Endpoint solution is designed to spot new nodes on the network or malign encryption attempts: the solution instantly informs users of any anomalous activity which deviates from the ‘known good’ configuration while simultaneously barring access to all files on the device, segregating the affected part of the system so that other systems aren’t impacted.
In purely practical terms, another attractive aspect of the solution is that it places little surplus demands on contracted bandwidth and requires no extra outlay on hardware. Operating via high-speed broadband connectivity, it determines external attacks including, crucially, malware which may have been introduced into the vessel’s local area network by accident.
It has been estimated that 95% of maritime cyberattack incidents are caused by simple human error. The entire network can be compromised by crew members downloading from unreliable sources, unknowingly plugging infected USB sticks into operational IT equipment (navigational equipment and engine monitoring systems, etc), or even merely charging their vape pens through USB ports. The belief that devices which carry no data are impervious to infection is, sadly, untrue. And on this topic, superyacht crews need to be made aware that tech items such as drones, smart TVs and music systems are also vulnerable.
Preventing accidental cyber security breaches such as these before they can occur is a central pillar of the Fleet Secure ideology. The first line of defence is to encourage best practice through detailed guidelines, appropriate training and strict adherence to designated processes (including the regular changing of system passwords and Wi-Fi access codes). To this end, Inmarsat has collaborated with the Marine Learning Alliance and management consultants Stapleton International to devise Fleet Secure Cyber Awareness – a dedicated cyber security training regime to enlighten crews and captains about the many ways through which the onboard IT infrastructure can become compromised.
Forewarned is forearmed: but the process needs to be ongoing. Effective cyber awareness requires seafarers to drill into all the corners, all the time: always ensuring that passwords aren’t shared, ensuring that users know how to readily identify generic/phishing emails, ensuring that coherent plans are in place for a manual system override (or similar recovery procedures) in the event of the network becoming overwhelmed by a series of automated cyberattacks, and so on.
The onset of autonomy poses a new set of cyber security challenges for the future, with worrying potential scenarios including the hacking of a vessel’s navigation systems when there is no captain aboard to perform corrective manual manoeuvres. Clearly, preventing situations of that alarming nature must be taken into consideration when designing new superyachts bristling with state-of-the-art but nonetheless vulnerable technology. With the Fleet Secure Portfolio as an evolutionary cyber security solution, we see our role as not just providing peace of mind for seafarers, but also encouraging the implementation of a more responsible and attentive mindset – perpetuating a higher standard of cyber maturity across the maritime community.
For more details visit www.inmarsat.com/maritime