In March 2021, a container ship had run aground in the Suez Canal, causing major disruption to global shipping. During a short six-day time span, the accident prevented the passage of 13 million barrels of oil [1], causing daily losses of $9.6B [2] across industries. The Suez Canal obstruction is remembered as a human error with no malicious intent behind. Nevertheless, it stands as a reminder of just how heavily the global economy relies on a fully functioning maritime transportation infrastructure. With approximately 90% of global trade transported by sea [3], the global economy depends on maritime shipping to function. It cannot survive large-scale cyberattacks that render vessels inoperable.
Our customer, a global marine integration and service company, understood its role in the maritime transport system: ensuring vessels reach their destinations safely by providing support whenever it is needed.
To fulfill this responsibility, the company required complete visibility into operations in the ships’ engine rooms for process tracking and systems analysis. However, establishing a direct line of communication between IT and OT systems is not advisable, as it introduces significant vulnerabilities into critical OT systems. If malicious actors were to infiltrate the IT environment, they could move laterally into OT systems and operational equipment with relative ease. Such a breach could disrupt operations; not only for the customer, but also for their clients and, ultimately, the broader global trade network. The customer deployed MetaDefender Optical Diode (Fend) to mitigate these risks. The diode enables one-way communication, facilitating service planning before docking. Shore-based operations centres receive real-time data in advance:
- Real-time AMCS (Adaptive Modulation and Coding) signals from engine rooms.
- BCS (Business Control Systems), EMS (Electronics Manufacturing Services), and on-board security systems at sea.
Securing Visibility Without Operational Risks
The customer needed a cybersecurity solution which was available, affordable and easy to install. Moreover, the solution had to be flexible enough to allow the customer to:
- Gain secure access to the ships’ systems without exposing them to operational disruption.
- Achieve full visibility into activities within clients’ engine rooms without compromising onboard processes in any way.
- Keep vessels running at all times, as every day a ship remains docked can mean lost revenue and reputational damage.
Strengthening Maritime Operations Through One-Way Communication
OPSWAT’s MetaDefender Optical Diode (Fend) was able to provide a secure way for the customer to get the ship-to-shore information and operational data they needed quickly and cost efficiently.
How MetaDefender Optical Diode (Fend) Works
Data diodes segment and secure operational data systems from the crew’s personal networks by enforcing strictly one-way communication. In doing so, they prevent any inbound traffic from entering critical environments.
Diodes deliver the same level of protection as a physical air gap, while still allowing secure data transfer out, without introducing additional vulnerabilities.
The customer is now able to:
- Send real-time engine room and security system data to shore-based operations centers.
- Safely integrate live operational data into a centralized control center while reducing OT network threat vectors.
- Monitor vessel equipment from anywhere at sea while effectively blocking cyber threats.
- Share data securely with onshore maintenance teams, saving time and money.
- Reduce downtime and uncertainty around a vessel’s return to sea by giving teams full context before the ship even docks.
- Position supplies in advance when vessels return to port, minimizing delays and helping them get back to sea faster.
Looking to the Future
For many years, data diodes have been too costly for the maritime shipping industry. Now, the technology is affordable for marine vessels and other transportation assets, allowing real-time analytics that protect operational networks and assets to keep precious cargo moving. Contact OPSWAT today to learn how MetaDefender Optical Diode (Fend) can enforce one-way communication to protect industrial control systems from cyberattacks.
