When the average person thinks of the dangers faced by the maritime industry, malicious hackers probably aren't the first to come to mind. More tangible risks likely pop into their head first, such as piracy or extreme weather, or perhaps broader issues like economic complexities, regulations or workforce shortages.
But as an IT professional, you're probably not surprised to learn that the rise of digital connectivity and ships' growing reliance on computers for navigation and operations - all of which provide greater efficiency and a healthier bottom line - are contributing to another major risk: cyberattacks. So much so that maritime groups have joined forces to develop new voluntary guidance for ship owners and operators.
How could a commercial ship be attacked at sea? Incidents could be initiated by physical or remote intrusions, committed either maliciously or accidentally. For example:
- Pirates could compromise systems to locate the exact whereabouts of valuable cargo they are seeking to plunder.
- An unwitting crew member could install a USB stick into a PC, freezing access to vessel computer systems until a ransom is paid.
- Remote attackers could exploit a weakness to reach navigation systems, allowing them to take the targeted vessel off course or incite a collision. This seemingly far-fetched scenario becomes more concerning when you consider the expected influx of self-driving ships in the years to come.
Sensing the growing need to secure the networks of vessels at sea - and the lack of security resources among crews - Inmarsat, a British FTSE 250 company that provides global mobile satellite communications to the enterprise, marine, aviation and government sector, wanted to become a market leader in cybersecurity.
So it linked up with us, recently lifting the curtain on its new "Fleet Secure" managed service, powered by Trustwave. This unified threat management service contains intrusion prevention, anti-virus, web filtering and application control for thousands of ships, as well as round-the-clock managed cloud log, compliance and threat monitoring.
The partnership has impressed cybersecurity observers and industry experts alike, including 451 Research, whose Aaron Sherrill published a case study on the alliance. The paper re-affirms the importance of protecting the infrastructure of the maritime industry. It also discusses the challenges that come along with doing so, including working within tight windows for provisioning, and how Trustwave helped Inmarsat overcome them.
While your business is likely land-based, many of the pressures faced by vessel owners and operators are the same as any organization. A managed security model, in which the often-onerous tasks of threat prevention, detection and response are delegated to an external specialist, frees you up to do what matters most: captaining your own ship, whatever it may be.
Dan Kaplan is manager of online content at Trustwave.