Networked on the high seas
Ship crew members are exposed to enormous stress and are often isolated from family and friends for months at a time. Using a smartphone or laptop, they can surf the internet via the ship's satellite network and maintain personal contacts. However, these devices are a popular gateway for cyber attacks.
Thanks to modern satellite connections, modern merchant ships are usually connected to the mainland at all times. Sensitive and important data for ship operations is constantly exchanged with the shipping company via the IT infrastructure installed on board. On modern ships, more and more components are controlled via ship networks and software. This makes their IT infrastructure vulnerable. As networking increases, so does the risk of cyber attacks.
Digital security as a challenge
The digitalisation of shipping is in full swing. This is opening up new value chains and opportunities to increase efficiency for the maritime industry. One reason for this is the importance of the industry: today, 95% of the intercontinental exchange of goods is carried out by shipping. According to the German Federal Ministry for Economic Affairs and Energy, the industry generates an annual turnover of around 50 billion euros in Germany alone. In order to do justice to this, the German federal government and the maritime industry have named digitalisation as a central field of action in the Maritime Agenda 2025.
‘The increasing exchange of data between ships, shipping companies, harbour operations, offshore facilities, authorities and other communication partners on land increases the risk of cyber attacks for all parties involved. It is important for all players in the maritime industry that the IT systems involved are protected as comprehensively as possible against cyber attacks’ (Joint Declaration on Digitalisation in the Maritime Industry, Federal Government and the Maritime Industry, Hamburg, 4 April 2017)
In this context, the Maritime Safety Committee declared cyber risk management to be part of the ISM Code in June 2017. Measures to organise safe ship operations and protect people on board are therefore mandatory for international shipping. Implementation must take place by 2021.
Cyber pirates on a privateer voyage
The importance of IT security on ships and crew protection became clear with the #NotPetya attack at the end of June 2017. Computers were infected with malware, the attackers encrypted data and demanded a ransom. #NotPetya attacked almost 80 ports worldwide. Large fleets of container ships were put out of action for days. Among the victims of the digital blackmail were several European shipping companies, including one of the largest container shipping companies in the world. There have also been attacks on the electronic navigation information system Electronic Chart Display and Information System (ECDIS).
According to the 14th World Economic Forum's Global Risk Report 2019, major economic damage from extensive cyber attacks or malware as well as massive incidents of data fraud and data theft can also be expected in the future.
The starting point for innovative security solutions
Information Technology Engineering (ITE) GmbH specialises in modern IT infrastructure for shipping companies and seagoing vessels. With ‘ITE connect’, the Hamburg-based company offers customers innovative security solutions for shipping and the maritime industry.
ITE supports the IT infrastructure on around 250 ships worldwide. Its customers include well-known shipping companies from Hamburg and Bremen as well as internationally oriented shipping companies from Asia.
The company has been using NextGen UTM firewalls from the German manufacturer Securepoint since the beginning of 2018. This interaction resulted in the ITE connect security solution: the crew can surf securely and the ship's network is comprehensively protected.
‘Our project objective was to set up secure, controlled internet access for the crew members on the one hand and to configure and maintain the ship's network from shore via a VPN gateway on the other,’ explains Frank Eggert, Managing Director of ITE.
ITE connect, including Securepoint NextGen UTM firewalls, has provided security for Hamburg and Bremen shipping companies 62 times to date:
‘What convinced us about Securepoint's solutions was the quick setup of the VPN gateway between ships and the mainland. This is certainly partly due to the fact that the firewall image is only 70 MB in size. It was also important to us that the solution used complies with the requirements of the European General Data Protection Regulation. Securepoint fulfils all expectations in this respect and is guaranteed not to use any back doors. That is a clear statement for us. The manufacturer's professional support was the icing on the cake,’ says Frank Eggert.
The high quality of the high-end content filter including zero-hour protection and the integrated one-time password system also tipped the scales in favour of the Securepoint NextGen UTM firewall.
Safely across the oceans
Digital threats from malware or malicious software spread rapidly via the internet. The time between the emergence of new threats and their arrival at individual users in the shipping company or on the ship is becoming ever shorter. Traditional methods often do not offer any solutions.
‘ITE connect’ is the answer to this challenge. Integrated into ‘ITE connect’, the Securepoint NextGen UTM firewall from Securepoint forms the hull to protect your maritime fleet and your IT. With all its features, ‘ITE connect’ is the security solution for the maritime industry. It provides shipping companies and ships with secure Internet use, a secure network, secure connectivity and secure communication via e-mail. A central technology of the Securepoint NextGen UTM firewall helps with this: the Cyber Defence Cloud. Machine learning, swarm intelligence, data mining, powerful protocols and the expertise of the analysis team are used to link findings from technical innovations and people.
Benefit from the value-added service solution that can be used in combination with professional IT and communication systems such as 3g / 4g (and in future 5g), FBB or VSAT, without being tied to a specific provider. ‘ITE connect’ can be installed or retrofitted on board your maritime fleet at any time. ‘ITE connect’ is also available as a fully integrated part of the comprehensive ITE shipping system.
‘ITE connect’ means:
The high-end content filter is an important security feature of the Cyber Defence Cloud. It impresses on the NextGen UTM firewall integrated in ‘ITE connect’ with high accuracy, speed and low resource consumption. The Threat Intelligent Feed is the most important category of the Cyber Defence Cloud. The IPs and URLs accessed via the ship's network are checked for spam/phishing, ransomware, malware or macro downloads and other threats. Prohibited, dangerous or offensive content is thus blocked. Shipping companies thus fulfil their duty of care and enforce the desired access restrictions and internal security rules. This also protects them from potential liability claims that can be asserted due to employee misbehaviour when using company-owned devices.
Mail security on a new level: with quarantine of dangerous emails directly on the integrated NextGen UTM firewall and a self-developed time lock for suspicious messages. After a defined period of time, the emails are checked again and only delivered if there is no security risk. The result: 99.9% less spam/viruses and a maximally reduced error rate during detection. Scanning 25 billion emails per day in the Cyber Defence Cloud makes this possible. For ship networks and shipping companies, this means the highest level of security. Data can hardly fall into the wrong hands due to carelessness or ignorance on the part of users. This minimises the risk of the entire network being compromised.
VPN-capable UTM gateways allow any number of locations to be securely networked, whether PC workstations in the shipping company or superintendent laptops within the ship network. The Securepoint SSL VPN Client enables mobile employees to have encrypted VPN access to the company network, including secure Internet use. Dynamically customisable sets of rules can be assigned to individual users.
The goal of a simple yet powerful interface for all system administration tasks is fulfilled by ‘ITE connect’ with the Mail Admin. This web-based tool is used to manage the integrated e-mail accounts and the entire configuration of the mail server and its components. The ability to be a natively implemented component in a Microsoft Active Directory environment makes it a perfect addition to your ship's network.
Any number of virtual domains can be created. All you need to do is enter the domain name for the email accounts of the respective users. Aliases can also be defined for a virtual domain so that sending an email to a virtual domain or to one of its aliases becomes transparent.
The email server can be configured to use a content filter for messages. To do this, the filter server must receive the message from a specific port and send the result back to another port where the mail server must listen to the response. You can select a customised email filter or use the integrated email filter, which is used by default.
Standard protocols such as POP3 (S), IMAP (S) or SMTP as well as CardDAV, CalDAV and SIEVE are supported.
Mail Admin provides an infrastructure that allows the modules to log all kinds of events that may be useful to the administrator. These logs are available via the web interface. Logs are stored in a database (MySQL®), making queries, reports and updates easier and more efficient.
Share your emails, calendars and address books across your corporate network with our webmail solution. It offers a comprehensive AJAX-based web interface and supports several native clients with standard protocols such as CalDAV, CardDAV and GroupDAV as well as Microsoft ActiveSync. The component is not a simple webmail client, but functions as a groupware solution. This is located in the centre of the servers and offers your users a standardised and complete interface for accessing their information. It can be used in small company environments with just a few employees as well as production environments with thousands of users.
The internet is provided by a Wi-Fi based internet to the crew on board ships and has adjustable data transfer, time and bandwidth limits. Hundreds of devices such as smartphones, laptops, tablets and many more are easily accessible. The centralised management dashboard allows you to monitor networks, devices and individual users and report and manage events at any time and from any location.
A captive portal can be described as the access control component of a WLAN network. The captive portal communicates with the server to allow or deny access to the Internet.
