Improving the quality and stability of shipboard IT supports the bottom line by securing the availability of your assets while mitigating cyber threats. With a single keystroke, data breaches can ravage revenue and your reputation. In an increasingly connected world where businesses are generating, collecting and sharing more data than ever before, we must accept this new reality and adapt accordingly.
Regulation and the rise of data
Environmental regulations have played a central role in the rise of data. As the maritime industry moves towards a greener future it becomes more tightly regulated with each step —and each regulation requires the collection of data. The Ballast Water Management Convention came into force in 2017. The EU Monitoring, Reporting, Verification (MRV) regulation mandating the monitoring of CO2 emissions followed in 2018, along with amendments to MARPOL Annex VI that require ships to collect fuel consumption data. Looking ahead to IMO 2020, the mountain of data is poised to get even bigger.
This mass of data must be kept secure —an imperative recognised by IMO when it issued a recommendation urging shipping companies to incorporate cyber risk management into their ship safety programmes by 2021.
While the importance of data security is well understood, thousands of vessels continue to rely on physical media s for software updates. In addition to being the most common sources of malware, these methods also leave room for human error or outright omission. PCs that lack updates are particularly vulnerable to cyber crimes that can, in some cases, cost millions of dollars.
AP Moller-Maersk paid out more than $300m following the NotPetya attack on their network in June 2017, though a subsequent investigation suggested that the shipping giant wasn’t the primary focus of the attack. If that is the cost of collateral damage, the fallout from a targeted attack on global fleets—particularly those carrying hazardous cargo—is beyond comprehension.
Simple solutions for complex challenges
So, how can you maintain shipboard computers and networks while keeping them secure? The key is centralisation and automation. Bringing IT and cyber security skills into a hub and distributing automatic updates over the air (OTA) from shore to ship is fast, effective and allows owners to amortise the cost across an entire fleet. Full OTA deployment and management services remove the human factor from the loop, which ensures that systems are kept as compliant and secure as possible. By rolling out, for example, Windows or anti-virus updates within a matter of hours or, at most, days, a maritime network can be as resilient as a well-managed shore-based network. Computers with significant issues can be identified, remotely cleaned and re-formatted almost immediately, a highly resilient backup system can be implemented using both onboard and cloud storage, and pro-active scanning of hardware, software and event logs can be carried out across a whole fleet rather than ship-by-ship.
Whether it’s a single vessel or many, the task of managing and securing networks has evolved and now requires dedicated knowledge and sophisticated skills—and the consequences of failure can be catastrophic. And yet the results of a recent third-party survey of over 200 shipowners and managers suggests many are yet to achieve a level of IT compliance that could satisfy current requirements or new regulations. The stakes are high and simple, effective solutions exist, which begs the question, as data becomes ever-present in the shipping industry, who can afford not to embrace IT compliance?