Maritime networks are getting even more serious about security following the high-profile cyber attack of shipping giant Maersk in June. The coordinated attack impacted business on a global scale as Maersk had to take IT systems offline to respond to the breach over the span of about a week.
It’s not the first time maritime networks have been a victim of a cyber attack, but the scale and high profile target was significant. The industry has been taking strides to catch up to their landlocked networking peers for some time. A joint effort of industry groups just released Version 2.0 of The Guidelines on Cyber Security Onboard Ships. Similar to the NIST framework for cybersecurity, the maritime guide is designed to help ship owners and operators assess their operations and “put in place the necessary procedures and actions to maintain the security of cyber systems onboard their ships.”
Unlike hacking into a business, hacking into a shipboard network adds to the standard potential targets like personal data and business intelligence, new targets like cargo manifests, communications, bridge systems and propulsion and machinery controls. As in the industry parallels the interest in driverless automobiles with autonomous ships, locking down the networks and systems of vessels is more critical than ever.
Uplogix has been part of maritime networks for more than a decade. Initially Uplogix provided remote management for satellite communications gear with out-of-band links over Iridium satellites. As shipboard networks have grown into what are effectively branch office networks, the devices Uplogix manages has increased. In some cases, Uplogix is deploying as a VM in an SD-WAN configuration.
Some of the same security features Uplogix delivers for land-based networks could become standard for maritime networks including:
Locking down maritime networks
Uplogix extends role-based administrative access policies to devices with detailed auditing and reporting for compliance when the network is up, or down. Some of the specific cybersecurity functions that help reduce insider threats include:
- Maintaining and enforcing AAA (Authentication, Authorization and Accounting) of the state of the network. Under normal circumstances, Uplogix integrates with remote multi-factor authentication mechanisms, such as TACACS and Radius, but if connectivity is lost, Uplogix can failover to other AAA servers before falling back on cached authentication data to maintain authorized access.
- Prevent unauthorized user access by automatically closing idle sessions, eliminating a potential security gap. Uplogix also ensures that the right users have the right access by enforcing granular, role-based permissions. Set up user groups for
- Enable audit and compliance reporting by constantly logging all changes made to managed devices and the results of these changes.
When (not if) there is a breach
Before having to deal with a breach, you can take the step of moving management of network infrastructure out-of-route. By configuring devices to only accept management traffic from Uplogix over the console port, these devices are locked down. Potentially malicious outside traffic aimed at changing configurations, powering down or other unauthorized changes are blocked. Access to Uplogix is highly secure, integrating with TACACS and Radius and incorporating a highly granular authorization system.
Cybersecurity experts agree that when planning for a breach, think in terms of WHEN, not IF. So after a breach, Uplogix can operate independently of the network over its dedicated out-of-band connection. Continuous monitoring means quick alerting when there are issues and last-known or golden configurations can be pushed to devices, wiping out malicious changes already made. The secure out-of-band access ensures access even when the primary network is down or degraded.
With Uplogix, you can store configurations for a “safe mode” for network devices, limiting functionality to effectively quarantine sections of your network. With Uplogix you can push a config to one device, or thousands deployed across your network to get things back up and running.