Cyber security but without the digital limits
February 2, 2021 IMO
If ‘IMO 2021’ brings clarity on cyber security, attention must now turn urgently to ship system interoperability so that the true rewards of digitalization are not allowed to slip through shipping’s grasp.
International Association of Classification Societies Recommendations on Cyber Resilience unsurprisingly feature shipowners and connectivity providers among the “many stakeholders” involved in the International Safety Management (ISM) Code cyber provisions from 2021.
With ship owners/operators tasked with keeping software onboard updated and crew alert to meet cyber threats, ‘service providers’ are to ensure procedures, technical competence, reporting and remote maintenance are up to requirements.
However, stakeholders also include data providers, whose ability to acquire data from shipboard sensors, store it, pre-process and transform it, then evaluate it and use the results for decision-making purposes provide the platform for shipping’s digital revolution. In this context, cyber security relies on preserving data ‘quality’, its safe production, delivery and integration.
Data stake holding
As one such data provider, METIS Cyberspace Technology already uses the scalability, unlimited storage and processing power of cloud computing to empower Big Data analytics, machine learning and AI onboard 250+ ships. Today, its solution gathers 1.5bn sensor measurements every month, using these inputs as a game-changer in decision-making across a range of performance parameters, including fuel consumption, emissions, hull fouling and charterparty agreement fulfilment.
In doing so, and based on real installations, the METIS platform has been refined to standardize interoperability with leading navigation, cargo control and alarm monitoring systems, as well as with torque meters, flowmeters, steam production and Power Management & main switchboards.
METIS does not specialise in cybersecurity, therefore, its position as stakeholder rests in the need for its cloud-based platform data acquisition, pre-processing, uploading and transmission to be fully cyber resilient.
Regardless of its source, the METIS solution allows data to be filtered and stored in a central database, while any processing, analysis, functionality and service implementation are executed by independent microservices.
All microservices are interconnected either through an Application Programming Interface or a common Message Bus System, so that none has direct access to the main database to execute SQL inquiries. Any applications or users are prevented from accessing a vessel’s information without permission, while the administrator can see, set and revoke user and app permissions.
Ships typically feature diverse digital interfaces and fragmented systems, and their IT networks are can sometimes be of low quality and do not unify all systems on board. Given these conditions, vessel control and monitoring systems are accepted as the most viable route to digitalisation.
Here, stakeholders look to the International Standards Organization for recommendations covering a ship’s control and monitoring systems encryption and threat detection capability, rather than to IMO itself. However, at a time when cyber security is uppermost in the maritime consciousness, a CIMAC ‘Systems Integration’ Working Group merits separate attention, given its special focus on the design and use of alarm and control systems to manage marine hybrid propulsion.
Cyber security requirements provide a ‘golden thread’ running through the work of this group, of which METIS is a member. Even so, while some stakeholders may still be catching up with IMO2021 regulations, the group is also deconstructing the shipboard control and monitoring system itself in a way that aims to conserve cybersecurity while advancing interoperability.
In doing so, the Systems Integration WG defines monitoring system functionality as:
■ Data Acquisition (including hardware/software for measurement and conversion to signals)
■ Data Storage – in the acquisition module, the virtual server, the cloud or backend system
■ Data Pre-Processing and Transformation
■ Interpretation and Evaluation (may vary)
■ Information and Recommendations supporting decision-making
Interoperability standards
Looked at from the practical situation as it exists today, the group’s work suggests, opportunities exist to avoid duplication by ‘synthesizing’ modules from multiple systems within each category, and standardizing system or module interfaces to enable interoperability by sharing data and services.
International Electrotechnical Commission data exchange standards can already be used to access data from navigational equipment, for example. Again, while standardisation has not so far been achieved for ships’ machinery, equipment, etc., ISO standards do provide unified rules for developing machine and human-readable identifiers and data structures to enable exchange and processing of sensor data from ships.
What is more, ISO standards provide guidelines for the installation of ship communication networks for equipment and systems: this means a monitoring system defined as a shipboard data server and sharing information to any other system can already be designed to ISO recommendations.
At a time when owners can feel pressurised to follow the digital lead of individual equipment makers, or to settle for the absurdity of multiple cloud-based solutions, METIS therefore believes strong focus should be placed on standardising shipboard control and monitoring systems. We will therefore continue to work closely with our partners to realise a vision for the digitalized maritime industry whose common goals of safety, security, environmental performance and efficiency are best served by common solutions.
Source: xindemarinenews