Securing Maritime Assets Demands a New Approach by Colonel (Ret.) Zohar Rozenberg

Posted on the 22 August 2019 by Arirusila @AriRusila
Below is a fascinating guest post by Colonel (Ret.) Zohar Rozenberg, former Head of IDF’s Cyber Department. 

At this moment, cyber-attacks threaten thousands of vulnerable cargo ships, which carry billions of dollars’ worth of goods. Due to the lack of maritime-specific cybersecurity solutions, vessels are highly susceptible to digitally-led hijackings or even ransomware. This threat can wreak havoc on global shipping– the backbone of modern economics. With Artificial Intelligence functionality, future solutions include autonomous safety mechanisms which recognize that they are the sole line of defense.

Unlike enterprises or fixed-location systems, maritime vessels face unique challenges due to rotating crews and remote positions. A lack of industry-wide cybersecurity practices has robbed the industry of hundreds of millions of dollars. Turning a blind eye to this danger is an open surrender to cyberattacks, leaving countless openings for opportunistic hackers to infiltrate ships’ software systems.  

Hijacked ships being held for ransom or run aground into a reef or dock, risks catastrophic damage to humans and natural habitats alike. Beyond that, the blow dealt with a company’s reputation may take years to recover from, resulting in a significant loss of revenue and consumer confidence. Notably, Maersk’s 2017 cyberattack had a rapid response, resulting in a minimal loss of only 300 million dollars.

In order to secure investments and ensure security, practical solutions must act on their own, without human intervention. 

Unique Challenges
Today’s market has no lack of quality cybersecurity software, but when it comes to the maritime industry and its unique set of challenges, most of the existing solutions do not fit. 

Legacy solutions lack viability. No cybersecurity software accounts for protecting a floating mini-city forced into radio silence. Cargo ships, cruise liners, and offshore rigs face greater cybersecurity challenges than the International Space Station. The difference is: astronauts spend two years preparing for a single mission, while deckhands have zero computer expertise.

Modern maritime vessels rely on unstable, low-bandwidth, and choppy communication. With such a massive area and so few people, there is no room for an IT expert. In reality, the inability to secure a vessel with maritime-focused cybersecurity solutions is of greater concern than a poorly screened crew.

These increasingly digitally-managed ships rely on outdated systems, some running Windows XP, without a means to properly encrypt information. If a compromised ship has been given new coordinates, the onboard system has no cloud to rely on and no IT department to ask. Tech support is simply unavailable at sea.  

Even if a ship’s captain were to determine that a security breach has occurred, they would have no way to address it. Without regulated protocols to secure all connected devices from ship to port, the frequency of cyber-attacks will continue to climb.

Solutions
Crews and cargo transport all kinds of smart devices– each a potential gateway for hackers. The first step to countering a cyberattack is acknowledging it. Any viable system which is expected to block an attack can not shut down and wait for instructions. The risk of irreversible damage is too great. 

Understanding the uniqueness of the challenge and the seriousness of the risk, we at Elron found only one solution which was able to fully meet the needs of securing maritime environments in front of cyber risks.Comprised of ex-Naval Officers and Cyber Security experts, Naval Dome is the first multilayered cybersecurity solution for critical onboard systems. Offering remote secure access, OTA updates, and anomaly analysis, this application acts as an onboard IT team. It is the first of its kind to offer a hands-off solution. Addresses both internal and external threats, invaders can never reach the navigational or operational systems.Having ample experience to understand this industry’s distinct challenges, they have proven that securing sea bearing vessels can be practical and reliable. This is why Elron has Invested in this venture, helping them to implement their software on ships and platforms of some of today’s largest maritime corporations. We hope their product will bring a greater awareness of what is possible for practical cybersecurity technology. 

Conclusion
An immobile ship loses money and a compromised ship ruins reputation. With our global economy becoming increasingly accessible, we at Elron expect to see a rise in global shipping and cruising. A secure maritime industry is a secure global economy.

To make this a reality, the ecosystem must develop and implement maritime-specific solutions. Rapid and autonomous response cybersecurity solutions are the only option. Patchworking legacy solutions are ineffective and risk the whole ecosystem.

A product that can act quickly and self-correct is an essential piece of technology when it comes to a vessel’s security. Simply encouraging companies to implement a cybersecurity solution by 2021 is not enough. We are investing in securing the industry today.


About Zohar RozenbergColonel (Ret.) Zohar Rozenberg is the VP of cyber Investments at Elron. He retired as a colonel after 20 years at IDF’s 8200 unit where he led and directed several innovative projects and organizations. He was also involved in the founding of the National Cyber Bureau and the formalization of the Israeli national cyber strategy. In 2008, he received Israel’s highest defense award. Col. Rozenberg holds a B.S in Electrical Engineering and an M.B.A from Tel Aviv University