Topics March 15, 2018
Cybersecurity on Ships

With increased digitization and networking aboard ships, the risk for data abuse and cybercrime also increases. Anyone considering the possibilities of Maritime 4.0 must also consider the increased requirements for cybersecurity – and more importantly, find suitable solutions for implementing it.

A ship's various intelligent subsystems ensure problem-free operation: from tank and ballast water management through drive control up to alarm and monitoring systems. They all function using industrial automation technology.

Cybersecurity on Ships – This Is How WAGO Helps:

  • As networking in the marine sector increases, so does the exchange of sensitive data.
  • Electronics such as navigation, tracking and collision warning systems require off-ship connections, thus creating a potential target for cybercriminality. With “IT Security by Design,” a layer-based security architecture is integrated into the controllers from the start.
  • WAGO establishes such VPN tunnels using OpenVPN or IPsec directly from the WAGO PFC200 Controller, for example.

Data Security in Focus

At many points, advantages result from networking these subsystems – for example, when ship operations can run with greater resource or energy efficiency. The exchange of sensitive data also increases everywhere systems are networked. And yet this is not enough. In comparison to applications on land, ships have additional electronics like navigation, tracking and collision warning systems. They serve the safety of the ship; however, they also represent an additional threat, primarily because they not only increase the level of onboard networking, but also establish external connections. Internet-based network technologies or mobile services are seeing greater use for these connections. And these communication paths provide access points for manipulation – particularly at the points between the ship and land.

Functional Safety at Risk?

Access to or the reading of sensitive data is a comparatively less important problem when compared with the effects caused by hackers introducing malware into the control systems of ships or drilling rigs, altering coordinates, or accessing a vessel’s security-relevant subsystems. These acts don’t just endanger cybersecurity, they also impede functional safety, and ultimately the crew’s safety. This is precisely why recommendations regarding cybersecurity have increased along with the level of digitization and networking. The American Bureau of Shipping, the Baltic and International Maritime Council, Lloyd’s Register Group, the UK Chamber of Shipping, and the European Union Agency for Network and Information Society have all published guidelines regarding cybersecurity aboard ships. In general, they define processes, model approaches or technical measures for implementing cybersecurity; for the most part, these align with the guidelines for automation technology.

The reasons for remote access vary greatly between shipping companies and OEMs.

“IT by Design” Instead of “Defense in Depth”

There also seems to be agreement that additional communication relations are generated by Industry 4.0 or Maritime 4.0, providing an increasing potential for cyberattacks. What is more important is that isolation concepts are reaching their limits. This is because of the opportunities provided by networking, which both increases the frequency of outside access and allows much deeper penetration into the ship's automation systems than before. There is a completely transparent reason for this: by using remote solutions, shipping companies obtain the possibility for remote diagnosis of their ships, which allows them to optimize their fleets and remarket the recorded data. In addition, they can reduce labor costs if fewer personnel or a less qualified crew is used that can receive support from engineers on land for repairs.

Why Permit External Access?

And finally, better networking of shipping companies and harbor unions improves the logistics at the docks and reduces fuel consumption for the ships. Simply preventing external access cannot be a solution for fixing security on ships. Defense in depth, however, which has previously been considered as state of the art, will soon become insufficient – even if it starts with access limitations, network segmentations and monitoring systems on the various levels of ship automation.
Security concepts are increasingly required that always function, regardless of the time or remote access point. The new demand is for “IT Security by Design,” that is, functions of cybersecurity that are integrated from the start into the configuration of a layer-based security architecture in the controllers.

Typical systems on ships that use big data and have undergone increasing levels of networking.

From the PLC to the Cloud – Securing the Path that Data Takes

Such technical possibilities already exist and are capable of closing gaps in security. For example, a reliable means of communication is the establishment of a virtual private network (VPN), based on OpenVPN and using SSL/TLS connections (Secure Sockets Layer, Transport Layer Security). These connections enable the transmission of encrypted data, even over wireless communication systems. WAGO establishes such VPN tunnels using OpenVPN or IPsec directly from the WAGO PFC200 Controller. The WAGO controller additionally records all relevant measurement and control data, encrypts it directly in the controller using SSL encryption and transmits the data as VPN. This means that no additional VPN tunnels have to be established by modems or routers, and, what may be more decisive, the line between the controller and modem is then directly encrypted as well.

Text: Norman Südekum, Eva Bannholzer | WAGO

Photo: WAGO

WAGO Marine and Offshore Solutions:
We will gladly answer your questions.

Your Shopping Cart

Added to shopping cart.
Go to the shopping cart Request offer Continue shopping.

Are you sure?

Fast Entry

Please enter an exact item number (e.g., 2002-1201) and confirm your entry with the “Enter” key. Use the “Tab” key to navigate between the columns.
Order quantity: Max. {0}
PU (SPU): pcs
Please wait ...
Change Country

You are leaving the currently selected country website and will be logged out. Your user account only applies to one country. Your newly selected country website has other contacts and may have different content and functions.

orderlist with csv import

Import your order list file in the following format:
  • CSV files only
  • [article number] separator [set]
  • One item per line

Add from orderlist

Copy your order list to the text box in the following format:
  • [article number] separator [quantity]
  • One item per line

Copy watchlist

Please enter a unique name for the new watch list. Then all noted products, downloads and pages are copied to the new watch list.