How Can We Secure Modern Maritime Communications?
by Anastasios Arampatzis
A new generation of digital maritime communications
The emergence of new technologies in the early twentieth century caused a sharp increase in maritime trade, which led to more traffic and the consequent need to monitor such traffic. This was the backdrop to the appearance of the first communications systems for improving maritime safety, protection of the marine environment and/or the adjacent coastal area, and navigation efficiency.
While communications needs were initially met using beacons and other light-signaling devices, these systems were subsequently replaced by voice communication systems. Meanwhile, the passage of time and the consequent advances in technology led analogue communications to migrate to a digital scenario, which is where we can place today’s systems, such as:
- Automatic Identification System AIS Although the original purpose of AIS was collision avoidance, it is being used in various use cases such as fishing fleet monitoring and control, identification of specific vessels and their activity within or near a nation’s Exclusive Economic Zone, search and rescue (SAR) operations and accident investigation.
- Digital Selective Calling DSC which is the core component of the Global Maritime Distress Safety System (GMDSS)
- VHF Data Exchange System VDES a radio communication system that operates between ships, shore stations and satellites. VDES is seen as an effective and efficient use of radio spectrum, building on the capabilities of AIS and addressing the increasing requirements for data through the system.
The organizations responsible for regulating the context of maritime communications include the ITU, IALA, IMO and COSPAS-SARSAT. Coordination and cooperation between these bodies is essential to ensure an effective approach to maritime communications and support their various developments.
- International Telecommunication Union ITU is the specialized telecommunications agency of the United Nations tasked with regulating telecommunications internationally among the various administrations and regulators.
- International Association of Marine Aids to Navigation and Lighthouse Authorities IALA is a non-governmental organization that groups together the Lighthouse Services of most maritime countries worldwide, which are responsible for the supply and maintenance of lighthouses, buoys, radio-navigation systems, and other aids to navigation.
- International Maritime Organization IMO is the world authority responsible for setting standards for safety, cybersecurity, protection and environmental behavior to be observed in international maritime transport.
- COSPAS-SARSAT is an element of the International Maritime Organization’s Global Maritime Distress Safety System and is of great importance in search and rescue operations.
Benefits of digital maritime communications
Today, ships generate, collect and transmit an ever-increasing volume of data. To achieve efficient data transfer, wireless communications have been widely adopted for many years. Marine very high frequency (VHF) installations, satellites and Wi-Fi are just a few examples.
With the integration of 5G, Wi-Fi and new generation satellites, as well as conventional marine radio communication networks, we will see transformation everywhere. Stakeholders will be able to monitor live audio and high definition (HD) or 3D video collected onboard. Radio-frequency identification (RFID) tags will support asset management, including tracking the status of cargoes, and structural and machinery components.
Evolution will also take place in various workflow processes. Physical onboard surveys for regulatory compliance and enforcement will be achieved remotely without visiting the ship. Real-time decision-making in ship management and autonomous operation will become feasible. Emergency evacuation will be conducted more quickly and in a more transparent manner. Consumers will be able to track product supply chains from factories to retailers and scrutinize the shipping footprint along the journey. Meanwhile, we will see an improvement in the quality of interpersonal communication between ship and shore, as well as an improvement in the wellbeing of the crew.
Digital communications increase threat landscape
Ships are becoming more and more integrated with shoreside operations because digital communication is being used to conduct business, manage operations, and retain contact with head office. Furthermore, critical ship systems essential to the safety of navigation, power and cargo management have become increasingly digitized and connected to the internet to perform a wide variety of legitimate functions.
The increasing use of digital, network navigation systems, with interfaces to shoreside networks for update and provision of services, make such systems vulnerable to cyber-attacks. A cyber incident can extend to service denial or manipulation and, therefore, may affect all systems associated with navigation, including AIS, DSC and VDES.
Availability of internet connectivity via satellite and/or other wireless communication also increases the vulnerability of ships. The cyber defense mechanisms implemented by the service provider should be carefully considered but should not be solely relied upon to secure every shipboard system and data. These systems include communication links to public authorities for transmission of required ship reporting information. Applicable authentication and access control management requirements by these authorities should be strictly complied with.
Best practices for securing digital communications
Cybersecurity of the radio and satellite connections should be considered in collaboration with the service provider (for example Inmarsat). When establishing the requirements for onboard network protection, the security team should consider the specifications of the satellite link. Establishing an uplink connection for a ship’s navigation and control systems to shore-based service providers, attention should be given on how to prevent illegitimate actors from gaining access to the onboard systems.
The security of such connections follows a shared responsibility model. The access interconnection is the provider’s responsibility, while the final routing of user traffic from the internet access point to its destination onboard is the responsibility of the shipowner. User traffic is routed through the communication equipment for further distribution on board. It is therefore necessary to provide data security, firewalling, and a dedicated connection at the access point.
When using a Virtual Private Network (VPN), the data traffic should be encrypted to an acceptable international standard. Furthermore, a firewall in front of the servers and computers connected to the networks (ashore or on board) should also be deployed.
Onshore traffic filtering is also a matter between a shipowner and the service provider. Both onshore filtering and onboard firewalls or blocking gateways are needed and supplement each other to achieve a sufficient level of protection.
Producers of satellite communication terminals and other communication equipment may provide management interfaces with security control software that are accessible over the network. This is primarily provided in the form of web-based user interfaces. Protection of such interfaces should be considered when assessing the security of a ship’s installation.
Wireless access to onboard networks should be limited to appropriate authorized devices and secured using a strong encryption key, which is changed regularly. The following practices should be considered for controlling wireless access:
- Use of enterprise authentication systems using asymmetric encryption and segmenting networks with appropriate wireless dedicated access points (e.g. guest networks isolated from administrative networks)
- Adoption of systems, such as wireless IPS, that can intercept non-authorized wireless access points or rogue devices
- Protection of the physical interconnection between wireless access devices and the network to avoid unauthorized access by rogue devices
ADACOM considerations for Maritime sector
Adoption of standards & best practices is just the first step. The maritime sector has a specific threat profile, that is a mix of threats and risks related to the business needs of the particular sector, as well as, the relation to safety issues, and the entanglement of ICT & Operational Technology.
Maritime sector shall follow a holistic approach towards the protection of information, as well, the protection of the operational digital infrastructure. In order to do so, ADACOM propose the adoption of the following:
- Holistic approach to Security Risk Management (addressing all applicable digital, physical, hybrid risks)
- Risk mitigation based of processes and technology tailored to Maritime sector
- Adoption of a continuous risk & effective assessment process
- Development and enforcement of an Information Security Management Systems, based on the concepts of information resilience
- Awareness tailored to the needs of the Maritime sector, especially to the needs of the offshore operations
How ADACOM can help
ADACOM can help shipping organizations safeguard their digital communications and be resilient against cyber incidents and data breaches through a comprehensive risk management and cyber security technology adoption program, which includes the following:
- Identify, evaluate and propose treatment for the cybersecurity related risks
- Define and develop the information security management system in compliance with the international requirements
- Maximize the effectiveness and the adoption of the required Information Security controls in both Company premises and Vessels.
- Adoption of the required cyber security technology such as, endpoint protection, threat protection, privileged access management, identity management.
You may learn more by contacting our experts.