Until relatively recently, topics relating to cybersecurity have been the domain of the IT department. Today, however, securing Operational Technology (OT) is becoming critical for business. In the marine industry in particular, ships are becoming more reliant on smart, cutting-edge tech. The IMO has recognised the need to make sure these systems are secure with its requirement that all maritime administrators appropriately address the cyber risk of their Safety Management Systems by January 2021.
Operators who use Wärtsilä solutions are already ahead of the game, however. In December 2019, Wärtsilä’s network architecture for main and auxiliary machinery, which integrates the company’s Data Collection Unit, was awarded system-level cyber certification by maritime classification society Lloyd’s Register. It is one of the first certifications of its kind to be awarded globally and helps cement Wärtsilä’s reputation as a force to be reckoned with in the fight against cyberattacks, unauthorised access, or software failure on ships.
The convergence of IT and OT
Jonas Blomqvist, General Manager, Cyber Security, Marine Business at Wärtsilä, says OT is being taken more seriously because IT and OT are steadily converging.
“There is a growing appreciation of the interconnected nature of IT and OT, and this has raised the awareness of possible risks that could be introduced through OT systems that are now everywhere in the maritime industry,” Blomqvist says. “IT security processes and controls have been part of IT systems for many years, and OT had been thought of as being disconnected from that. But that’s just not the case anymore.”
Blomqvist points out that the sheer quantity of information transmitted from ship to shore has increased dramatically thanks to falling costs for sending and storing data in the cloud and an ever-increasing reliance on tech-enabled on-board systems. This data pertains to a multitude of support services that Wärtsilä offers its customers, involving everything from route planning to maintenance.
“As we start to talk about autonomy and unmanned ships and so on, then we have an ever-more important role to play in protecting this data,” says Blomqvist, adding that mesh networks and, potentially in the not-too-distant future, long-distance radio traffic networks all bring extra layers of complexity to the data mix that need to be handled with care.
Towards a new cyber culture
When Wärtsilä introduced its vision for a Smart Marine Ecosystem in 2017, the goal was to lead the industry towards a new era of digitalisation, connectivity, improved efficiencies, and enhanced environmental performance. Harnessing the power of new technologies like AI, Wärtsilä mapped out how waste could be cut, and productivity boosted, among other things.
Maritime intelligence agency Lloyd’s List praised Wärtsilä’s ambition, stating that the company “stands out for going above and beyond short-horizon maritime technology.”
Keeping data safe and secure continues to be a cornerstone of this vision. However, not everyone in the industry has been quite so quick to follow suit.
“If you’d asked me a year ago if the maritime industry was taking cybersecurity seriously, I would have said, ‘No’,” says former naval officer Chronis Kapalidis, a maritime cybersecurity researcher at HudsonAnalytix and an analyst at Chatham House. Things started to improve, he says, following the IMO’s insistence on cyber-resilience by 2021.
Digitisation is now a key issue in the shipping industry, notes Kapalidis. “All new builds are based on software that runs systems within the ship pertaining to safety and security, and also for monitoring of operations,” he says. “It’s important that cybersecurity across IT and OT becomes part of a new cyber culture. It shouldn’t be something that ship owners are requesting and pushing the vendors for – it should be something vendors have in place to demonstrate their competitive advantage.”
As with turning a container ship, industry-wide change won’t happen in the blink of an eye. Kapalidis says he was recently in discussions with a large shipping company that was developing a cyber IT policy completely separately to the one their OT department was working on. “And yet there still is only one connection to the satellite, only one network in use,” he laments. “There should have been a single, unified cybersecurity approach.”
It is a philosophy that has certainly been embraced by Wärtsilä. As IT and OT converge, it is those businesses in the maritime industry who take a holistic approach to data security that will help their customers sleep most soundly at night.