Objectives of the service
The digital revolution also impacts the shipping industry by integrating automated navigation, cargo-tracking systems and digital platforms which facilitate operations, trade and the exchange of data. To achieve this transformation, the mitigation of cybersecurity risks is critical.
In the trend of more and more connected ships and their dependence on receiving data on board and being connected to the internet, ship operators are now concerned that their fleet become the weakest link of the chain.
Cyber-attacks on board ships are today mostly spoofing and jamming attacks on GNSS signals disturbing the ability of a ship to know its exact position at sea. In 2019 only, numerous incidents were reported in China, Eastern, Central Mediterranean Sea, Suez Canal, Strait of Hormuz, Black Sea, etc.
Positioning data are among the most critical on board a ship, and not only on board but also on ground when they are read and analyzed by their owner or a public organization for example in the form of AIS data.
Developing an end-to-end security approach able to securely collect data on board and transmit them safely to shore for storage and analysis would constitute a breakthrough in the maritime industry.
Indeed, besides navigation data, many other service providers and ship operators themselves have the need to guarantee the authenticity, integrity and confidentiality of such information.
As a result, the objectives of the project were to design an end-to-end security architecture that would be compatible with existing and future communication channels, in particular satellite communications, and would be interoperable with existing on-board equipment collecting and transmitting data.
Users and their needs
Ship Operators are the companies operating fleets of commercial vessels around the world. They need a secure communication between their backend (e.g. cloud infrastructure) on ground and their maritime assets in order to optimize the management of their fleet and to reduce the risks of cyber-attacks.
Equipment providers include all companies supplying equipment on board the ship with associated services, such as satcom connectivity providers, VDES connectivity providers, ECDIS providers, VDR providers, Engine manufacturer, PNT terminal manufacturers, etc. It is more and more frequent nowadays to not only sell hardware but also services to optimize the equipment usage and save costs, for example via predictive maintenance. These services require to collect, transmit and analyze sensitive data that need to be protected against cyber threats.
Service/ system concept
The proposition of CYSEC to secure maritime communications is centered on 2 pillars:
1. End-to-end security
As described above, cyber attacks come from all sides of the architectures and only a global approach can prevent breaches as it is recommended by security experts. As a result, CYSEC proposes an end-to-end solution inspired by recent advances in the Internet of Things (IoT) market facing similar issues related to vulnerabilities in the “Edge” as well as in the backend.
If solutions exist to secure a backend infrastructure either on premises or in the cloud, there is a missing brick in maritime related to the security of the ship itself. Hence CYSEC is proposing its future product ARCAmarine to fill this gap by being the first shipborne trusted execution environment.
2. Easy to use and no Capex
Like other emerging markets not yet mature in terms of security, any new solution for the maritime industry will need to be simple and accessible to non-experts.
This is the main reason why CYSEC decided to offer its solution as “Security as a service” which will be accessible via an online platform. The only condition for the service to work is to have installed and connected ARCAmarine to the other equipment on board.
Space Added Value
Ships rely heavily on satellite systems: for navigation and positioning via GNSS constellations, for connectivity via satcom links, etc. As a result, it is critical to take into account satellite links and components in building end-to-end security for maritime communications.
The project ran between March and December 2020, the team is now working on the demonstration phase.