Data Security in Focus
At many points, advantages result from networking these subsystems – for example, when ship operations can run with greater resource or energy efficiency. The exchange of sensitive data also increases everywhere systems are networked. And yet this is not enough. In comparison to applications on land, ships have additional electronics like navigation, tracking and collision warning systems. They serve the safety of the ship; however, they also represent an additional threat, primarily because they not only increase the level of onboard networking, but also establish external connections. Internet-based network technologies or mobile services are seeing greater use for these connections. And these communication paths provide access points for manipulation – particularly at the points between the ship and land.
Functional Safety at Risk?
Access to or the reading of sensitive data is a comparatively less important problem when compared with the effects caused by hackers introducing malware into the control systems of ships or drilling rigs, altering coordinates, or accessing a vessel’s security-relevant subsystems. These acts don’t just endanger cybersecurity, they also impede functional safety, and ultimately the crew’s safety. This is precisely why recommendations regarding cybersecurity have increased along with the level of digitization and networking. The American Bureau of Shipping, the Baltic and International Maritime Council, Lloyd’s Register Group, the UK Chamber of Shipping, and the European Union Agency for Network and Information Society have all published guidelines regarding cybersecurity aboard ships. In general, they define processes, model approaches or technical measures for implementing cybersecurity; for the most part, these align with the guidelines for automation technology.
The reasons for remote access vary greatly between shipping companies and OEMs.
“IT by Design” Instead of “Defense in Depth”
There also seems to be agreement that additional communication relations are generated by Industry 4.0 or Maritime 4.0, providing an increasing potential for cyberattacks. What is more important is that isolation concepts are reaching their limits. This is because of the opportunities provided by networking, which both increases the frequency of outside access and allows much deeper penetration into the ship's automation systems than before. There is a completely transparent reason for this: by using remote solutions, shipping companies obtain the possibility for remote diagnosis of their ships, which allows them to optimize their fleets and remarket the recorded data. In addition, they can reduce labor costs if fewer personnel or a less qualified crew is used that can receive support from engineers on land for repairs.
Why Permit External Access?
And finally, better networking of shipping companies and harbor unions improves the logistics at the docks and reduces fuel consumption for the ships. Simply preventing external access cannot be a solution for fixing security on ships. Defense in depth, however, which has previously been considered as state of the art, will soon become insufficient – even if it starts with access limitations, network segmentations and monitoring systems on the various levels of ship automation
Security concepts are increasingly required that always function, regardless of the time or remote access point. The new demand is for “IT Security by Design,” that is, functions of cybersecurity that are integrated from the start into the configuration of a layer-based security architecture in the controllers.
Typical systems on ships that use big data and have undergone increasing levels of networking.
