The Cyber Security Feature is a value-added service that enhances the onboard network security already offered by internet management systems.
It provides a non-intrusive operation with minimal administrative overhead, minimizing false-positive errors (“false alarms”) & false-negative errors. Network Protection has been engineered to fit that framework.
The onboard internet management system, as deployed for a fleet of vessels, comprises of one server onboard each vessel, one land based server that controls the onboard servers of the fleet plus additional land-based servers for a range of services. The cyber security is already security-focused. The architecture and deployment of the platform is such that there are multiple levels of protection, compartmentalization and a range of provisions for damage control and service continuity. Security assessments of the whole infrastructure, including rigorous full penetration tests, are performed regularly by independent field experts.
How does it work?
The cyber security features consist of a lightweight but comprehensive traffic analyser which monitors any traffic that traverses the vessel-based server and, upon detecting a potential threat, instructs the firewall to activate appropriate counter-measures, (such as blocking all traffic from any IP address that performs a scan/attack for a specified amount of time).
Besides acting on identified or suspected threats, it also records its findings and provides detailed information. This Intrusion Detection/Intrusion Prevention Systems (IDS/IPS) will help to protect vessels from external threats, and it is all managed from the centralized management console incorporated in the HUB interface.
The management console is part of the platform administrative backend and is the central location where administrators enable/disable/configure the service and browse collected information. A carefully selected number of configuration options are available and there are options for whitelisting IPs/networks, enabling/disabling detection rule categories and even individual detection rules. Blocking/unblocking actions are recorded along with useful information (time, description of threat etc).