Fleet IT Security

Fleet IT Security

   Ships are increasingly using systems that rely on digitization, digitalization, integration and automation, which call for cyber risk management on board. As technology continues to develop, information technology (IT) and operational technology (OT) onboard ships are being networked together – and more frequently connected to internet.

Cyber Security is a process in which we start to care about digital threads, learn to recognize them and prevent them. Cyber Threads:

  • Ransomware (malicious software designed to block access to a computer system until a sum of money is paid).
  • Malware (software that is specifically designed to disrupt, damage, or gain unauthorized access to a computer system).
  • Phishing (is a form of social engineering where fraudulent email or text messages that resemble those from reputable or known sources are sent).
  • Crypto locker (is a Trojan horse that infects your computer and then searches for files to encrypt).
  • Social Engineering (is an attack that relies on human interaction. It tricks users into breaking security procedures to gain sensitive information that is typically protected).
  • Hackers.

Important Sectors to counter threads

Users

(End Users / Crew education).

Procedures

set by an organization or someone individually.

Technology

Software or Hardware required for protection.

Benefits of Cyber Security

  • Business protection against cyberattacks and data breaches.
  • Protection for data and networks.
  • Prevention of unauthorized user access.
  • Improved recovery time after a breach.
  • Protection for end users and endpoint devices.
  • Business continuity.
  • Improved confidence in the company’s reputation and trust for developers, partners, customers, stakeholders and employees.
  • Regulatory compliance (organization’s adherence to laws, regulations, guidelines and specifications relevant…).

Cyber Security for Maritime

Cyber security is an increasingly important topic for Shipping Companies due to rapid technology & digitalization development. Cyber Systems for Ships are divided to:

  • IT (Standard Information Systems) is more mature when it comes to Cyber security, with established technology and training procedures. A breach of IT can have significant reputational and financial impact. However, it typically does not impact the safe operation of Ships.
  • OT (Operation and Control Systems) is less mature when it comes to Cyber security and an attack on on-board OT systems may jeopardize the vessel’s and crew’s safety.

 

Typical Vessel Network

A common Vessel network combines a primary satellite (VSAT) with a backup (FBB) Antenna. Some Vessels use 4G Antennas for fast low-cost communications when near shore.

IT network is divided into Business and Crew. Business contains computers and printing devices used by crew members for daily tasks concerning Vessel operation. Crew is being used by crew members for entertainment and personal use. Cyber security is applied to Business network.

Why Securing fleet IT Network is Crucial for Marine

  • Vessel is shipowner’s main income source. A secure Network with a Cyber Security plan is the best way to keep it working 27/4.
  • Vessel must be an autonomous operating unit even if there is no Satellite communication with owner’s office.
  • IT Hardware and Software must be operational for loading / unloading (crew must be able to use filing and print necessary Documents, send and receive messages with involved parties.
  • Lots of visitors attend to Vessel, use USB ports to transfer files from/to their medias or print documents putting in risk IT network. If everything is protected with correct security policies and well -trained crew, minimizes risk.
  • With project competition, we provide IT structure blueprints and instructions for safe use of the network by the crew which can be followed even by members with basic technological knowledge.
  • Cyber security is not mandatory for now but it’s going to be at the end of 2024.

Our Solution

Proposed solution is:

  • Placing a firewall after Satellite equipment. It will filter all incoming / outgoing internet traffic. Has a built-in antivirus scanner.
  • Placing two physical rack mount servers. First will be primary and secondary backup Server. Primary will include all Virtual machines used by Crew. Once per day, a backup will send an exact copy of them to Backup Server. Backup Server will be an exact copy of primary. In case of Primary malfunction, Backup Server will remotely be powered on in about 10 -30 minutes depending on Virtual machines load.
  • A UPS is needed to support two physical Servers. Watts depends on Servers power supply load.
  • The crew will use thin clients. They will connect remotely to a Virtual Terminal Server and use all necessary applications.
  • Four Virtual Machines will be created to Primary physical Server, a Domain Controller (DC), Terminal Server (TS),  File Server (FS) and Application Server (AS). DC is a type of server that processes requests for authentication from users within a computer network. TS allows multiple users to access a centralized server, its applications and files simultaneously from any thin client. FS will keep all users files. AS will be used to install Vessel applications.
  • ESET antivirus will be installed to every Virtual Machine and thin client and will get updated once a week.
  • Installation of one Office 365 Email per Vessel.
  • NAS installation. It will keep backups of users files and Virtual Machines state.

Monthly Support Service (included in our proposal)

  • Customer & crew support requests.
  • Check Backups.
  • Check physical Servers status.
  • Check Virtual Machines status.
  • Check for Firewall Updates and Customers requests for permissions to URLs or Ports.
  • Check NAS Status.

Monthly Support Service not included in our proposal.

Contact with Satellite communications provider to resolve issues.

Additional Services (Not included in our proposal)

  • Internal email Server to exchange email between crew members.
  • Crew Welfare. Movies Collection for Crew in English language.
  • Vessel files synch with Office.
  • Guest internet through Wi-Fi Access Points.

Hardware

  • One Watchguard firewall.
  • Two physical servers. Specs depend on customer needs. Our solution can include refurbished machines to lower costs (1 year warranty).
  • Synology NAS with 4 Disks. Size depends on customer needs.
  • Thin clients or refurbish mini workstations.
  • Network Switch 24 ports unmanaged, not POE.
  • UPS Line interactive Watts depend on hardware power consumption.