Overcoming the Human Element

Itai Sela
Itai Sela
Naval Dome

19 September 2018


Crew training is no solution to the threat of maritime cyberattacks as people are part of the problem not the solution.Ships can no longer be considered as islands beyond the reach of cyber hackers. Having critical operational technology onboard not connected to the internet is no defence. Self-defence is best and this is what Naval Dome’s product aims to provide.

The message that ships are no longer islands has been reinforced by recent high profile cyberattacks on maritime companies, although Naval Dome maintains defence breaches happen with alarming frequency but are kept under wraps.

Human On Ships

A recent simulated attack undertaken by the company showed that bridge teams remained unaware of the incident throughout, despite bridge technology showing a totally false picture of the actual position.

At the centre of the problem is a lack of awareness that IT systems used by shipping companies function in a completely different way to critical operational technology like ECDIS, RADAR, machinery control and other systems, requiring a fresh approach. When Naval Dome speaks to shipping company personnel - whether company directors or crew - they are unaware that although operational technology they use may not be connected to the Internet, it is still not secure from attack and their sense of security is based on a false premise.

In addition, personnel responsible for cyber issues in companies are generally IT personnel that do not understand operational systems. Therefore, in seeking a solution to the cyber issue, they consider the issue purely from an IT perspective and “that is not good enough”. Today, if a shipowner has a cyber problem, he does not know who to go to. The OT people know the system very well but don’t understand cyber while the IT people understand cyber but don’t understand what cyber means for OT.

Naval Dome believes system manufacturers still do not have the knowledge of how to protect their systems against an attack and will not be able to respond adequately in an emergency. It has approached a number of companies that claim to have cyber-protected products but upon in-depth enquiry, this proves not to be the case. No one knows there is a problem, no one will talk about it or knows how to deal with it. We can provide a solution and be the one to call in the middle of the night.

Training is not the solution

The system needs to be smart enough to have the ability to stop an attack and if, it succeeds, have the ability to give an alert that something is wrong.” There is no such thing as a 100% success rate in warding off an attack, so as a minimum an alarm needs to be sounded when there has been an attempt to hack into the system.

Training is a waste of time and a waste of money and it is not the issue. The crew have enough to do and cyber is not an additional thing they need to worry about. Even highly trained people make mistakes. If no one knows what the problem is the easy way out is to blame the crew. In some cases insurers find it difficult to establish whether a cyber-attack has actually taken place because the problem looks like it could have been caused by human error.

CTO Asaf Shefi agrees that those IT personnel dealing with cyber issues only have limited knowledge of OT functions and the view from head office will be very different from that onboard a vessel.

In the case of IT, if one computer is affected by an attack it is possible to disconnect from the network. On a vessel, where OT systems are being used to operate the vessel, disconnecting the equipment is not an option. For example, if a virus is detected which relates to the engine, stopping it during the approach to a port is not possible, even if a degree of redundancy is incorporated in ships’ systems.

Any solution needs to combine IT and OT considerations. “If you want to protect the OT system, it should be with a solution that is not dependent on connectivity.” While an OT system may be connected for short periods – to install ECDIS updates or monitor wear and tear to components for example – this will not be continuous.

IT practices like using passwords to protect an OT system do not work in the same way because different teams may be required to use the systems, for example when the watch changes. Some IT processes, like the use of SMART cards for example, may not be applicable to OT systems.

The differing demands of IT and OT systems need to be reflected in the regulations, and this is not currently the case. Essentially Naval Dome’s protection system is a bolt on one, which does not require any alternations to be made to how the system operates. This means the legal liability remains the same in terms of the system’s operability.

In the case of establishing liability in the event of a cyber-attack, no one wants to accept responsibility and therefore use training failures as an excuse. In the absence of an acceptable solution the crew are left to take the blame, with all that that entails in terms of liability.

The industry as a whole remains naïve about the impact that connecting a USB stick to a part of the OT system could have in introducing dangerous material in addition to the information that the operator is seeking, for example the latest update of an electronic chart.

Bridge PCs may have connections from HQ, local agents, map providers and the like. Another issue is that of outside technicians visiting the vessel to service equipment and who connect to the onboard system. It is the same for the system manufacturer who wishes to update something. The vessel does not need to be attacked directly but this can happen via the company HQ, an agent or another trusted individual who will deliver the virus to the ship. Attacks can arrive via the IT and very easily get to the OT.

The Naval Dome approach is to give its customer peace of mind in the knowledge that if they have a problem they can contact the company on a 24/7 basis and it will deal with the issue. The Naval Dome system acts as a cut out between the IT and OT systems so that any IT communication passes through their secure system before it reaches the OT system, which is itself also directly protected. In the event of an attack there is an alert on the OT system which can be sent to the IT but there is no connectivity between the two. This is where the self-defence approach proves to be the best one, the company believes.•