Last week I have the pleasure to meet Brian Worning from Oceanshield. Oceanshield is a team of maritime cybersecurity specialists. They have a strong background in OT Cybersecurity. Cybersecurity of Operational Technology. Their background is coming from practical experience in power plants cybersecurity.
The background of OT networks at power plants is not far away from the vessels. Which also have their own generators. So basics for these systems are the same. Modern vessels are equipped with more automation systems. Every year systems become more and more advanced. Vessels have less crew and more machines. Therefore, this has to be somehow protected. This is why OceanShield adjusts its devices to protect the ship’s OT networks.
Guest: Brian Worning from OceanShield
Brian is head of Commercial at OceanSheild. Brian work in Oil & Gas, and the maritime industry for over 15 years. He has global experience in executing commercial efforts and strategic initiatives. Skilled in analytical & critical thinking and complex problem-solving.
OceanShield Pte. Ltd. is a pioneer within maritime cybersecurity solutions. We have a specific focus on the protection of vessel OT networks. Our offer is a suite of cyber detection and prevention systems. Therefore, we ensure continuous real-time protection of your vessels.
OceanShield is a company with a vision. They are ready to provide solutions for now and the future problems in the industry. Above all, they offer also an IMO 2021 consultancy service. To support maritime companies in fulfilling requirements.
What is OT, and why it needs Cybersecurity?
OT is Operational Technology. This means that this network is controlling the physical hardware. In other simple words, OT is replacing the physical operator. All automation operations like change the position of the valves, starting of an engine, stop of a pump are done by operational technology. In automation, we have main 2 types of control. Direct control, when automation is control locally, usually for a small installation. The second type is a remote control, which operates on data from different systems.
Remote control networks contain devices like PLC, control and monitoring system as Kongsberg or Wartsila, HMI’s, Embedded computing technologies and machinery. OT network connects everything that is called Industrial Control Systems ( ICS). Very often You can see OT systems connected to an IT network and this creates serious risks for the vessels. Why you need cybersecurity of OT? That’s actually very easy to explain. Look at the colonial pipeline. The complete fuel distribution system stopped because of an attack at the OT network. For more details about it, look here.
OCEANSHIELD – IMO 2021 Cybersecurity resolution
Together with Brian, we agree that IMO 2021 is a good step, but this is just a first step on the road. IMO 2021 makes a general description of how to prepare a vessel for a cyberattack. However, in our opinion, this is the same as in the case of fire. At the moment we know that the fire can happen. But we have tools on board to fight against fire. There are fire pumps, water mist systems, etc. IMO 2021 introduces knowledge on how to prepare for cyberattacks, but there are no tools for fighting the attack or detect them. There are not so many companies that specialize in maritime cybersecurity and Oceanshield is one of them. Vesselshield is their product, which is monitoring traffic in OT networks. It is based on AI (Artificial Intelligence) and neural networks. Here comes two examples where VesselShield could help:
OT Cybersecurity – Wrong thinking about segmentation
Very often ship owners say: “We don’t need OT cybersecurity, because we split our IT and OT systems.” This would be really nice if this would be true. As ETO, very often I have seen onboard, office printers connected to the IT network. Which originally were installed only for OT. This printer is also printing the daily reports from a monitoring system. The second very popular mistake is that onboard is installed a new printer with a wifi connection.
As You know, the control and monitoring system is a hub, which connects almost every installation. Monitoring system. This means that IT and OT networks are connected. In this case, not directly, but they use the same equipment. So, they are communicating with each other as well. This is the gate, which hackers can use to explore the ship network. By IP and MAC addresses he can create a topology of installations. During this time You would don’t even recognize, that You actually under attack.
OT Cybersecurity – Modification during years
The second really popular fault in thinking is, “Look at the system diagrams. Everything is separated!”. Very often this is also partly true. Every shipyard, the vessel has modifications. New installation of Ballast Water Treatment System. New installation of a Scrubber. These are just 2 of the most popular examples. Everyone connected to the maritime industry knows, how much vessels are changing during their lifetime. Sometimes original, spare parts are not available, and You need to update a new controller. Sometimes this controller requires the first calibration with connection to the IT network. Are You sure that your crew checks it after all? Therefore, in all these devices which are modified or new, You can have connections between IT and OT. Does someone in Your company check it?
Role of OceanShield in maritime cybersecurity
Oceanshield invites products to monitor the OT network in real-time. Data packages in your network are constantly under monitoring. With help of AI (Artificial Intelligence), the device detects all threats and untypical behaviors in your network. AI work based on a neural network algorithm. The design of the algorithm is adjusted to the infrastructure of the vessel’s OT networks. Additionally system is a signature base, with its own authoring database.
All this new technology is responsible for detecting the intrusion or malware in the system. When You know that something in happened in Your network. The alarm appears immediately. You can immediately take an action, to switch off IT infrastructure, and go on hand operation. Therefore it is important to equip the vessel with any kind of intruder detection system.
Brian opinion about Maritime Cybersecurity
Obviously, vessel digitization & automation greatly benefit maritime operators but also impose new and poorly understood risks of malicious intrusion into vessel control systems. This is especially apparent where lines blur between IT and OT (Operational Technology) and when OT systems come online with IP-based communication capabilities. With key vessel OT infrastructure increasingly coming online and being networked together, we find that maritime operators often have very limited situational awareness with little visibility on their OT topology and understanding of their cyber risks.
My private opinion about OT Cybersecurity in maritime industry
I think that my articles can interest around 20% of the maritime industry. All the rest will pass without even reading in details. Above all, the biggest problem with the maritime industry is, that all improvements are coming after the accidents. I am 100% sure, that OT cybersecurity will become mandatory for all vessels. However, this will happen after the first serious accident. In conclusion, a lot of vessels need cybersecurity now.
But we have to wait for insurance companies. Only a few % of the market is preparing for cyberattacks. From the rest, someone will suffer from a cyberattack. Therefore insurance will not cover the costs of this attack. Because they will be not compliant with the highest standards. The rest of the market will introduce the changes after the first serious accident.
