While the voting procedure for the 2019 SAFETY4SEA Awards is open, Tore Morten Olsen, President of Marlink, introduces us the ‘Cyber Guard portfolio’ for which the company has been shortlisted for the Technology Award. Mr. Olsen talks about Marlink’s future plans to enhance their cyber security capabilities and new solutions while he highlights that cyber security affects a company as a whole; it is not an issue only for IT and in that respect, complete awareness of the cyber challenges for people onboard and ashore is vital.
SAFETY4SEA: Your organization has been shortlisted for the 2019 SAFETY4SEA Awards in the ‘Technology’ category alongside a number of other distinguished nominees. What would you like to share with industry’s stakeholders with respect to this development?
Tore Morten Olsen: We have all seen the reports of successful attacks and how much disruption and expense they leave behind and as the world’s leading VSAT service provider we are 100% committed to helping our customers avoid and resolve cyber crime. There is a much stronger demand for cyber security solutions nowadays.
As the main maritime ICT specialist, we have always been focused on cyber security for our customers, offering an extensive portfolio of solutions on-top of our highly resilient network; from the ship-based SkyFile Anti-Virus and secure VPNs through to remote access solutions and an arsenal of network and teleport-based technology. Our mission is to provide the tools and the human expertise to secure customer networks and technology; from the user stations on board all the way to our land portals and beyond. To achieve this, we have deployed a holistic approach with a flexible and cost effective platform with powerful solutions for developing a unified cyber security and IT compliance strategy. This is not only about defence tools, but also about IT security procedures and how they are applied among ship owners. One part of the challenge is how to interpret and implement new cyber security guidelines, another part is the willingness and ability to enforce necessary changes internally to achieve upcoming IT compliance.
Through the Cyber Guard portfolio, we provide the technology basis for a cyber security strategy that covers protection, detection and resolution. Through this, ensure that customer networks are protected at all times, but the on-going cyber arms race, and of course the human element on board or in the office makes this difficult. Which is where detection comes in. Here we can identify suspicious activity on a network and through the same services portfolio we can support our customers with a resolution to their problems. Depending on the severity if the problem, this could be an over-the-air software based fix, or a full investigation and clean-up operation conducted by our expert cyber security team.
With this three-layered approach, we are providing the most complete arsenal of tools to defend against cyber attacks that threaten to cripple global trade and infrastructure, making the Cyber Guard portfolio not only of importance to shipping, but the stability of the global economy also.
S4S: What is the key feedback from your existing & prospective clients on the barriers and drivers towards investing into your technology?
T.M.O.: Not all companies are doing everything they can to secure their IT and communications networks. For some it’s a budgeting issue but others are still operating on a ‘security by obscurity’ approach. Frankly, ten years ago and this would be fine, ships were not in the sights of cyber criminals, but the situation today is different. Shipping is under direct threat and there are way more targeted attacks using sophisticated social engineering tactics and new malware strains to get inside of office and on board networks.
Additionally, with more bandwidth consumed by ships there are way more attack vectors; from malware infected websites unknowingly visited by crew members to the fact that there are more email addresses and access points that act as a huge net for spam, phishing and infected emails. So, while keeping your head down may have once been an acceptable strategy, the current cyber climate requires the industry to take the example set by forward thinking and IT-focused ship owners and managers, who have all so far been very positive towards the Marlink Cyber Guard portfolio.
S4S: Do you have any new projects on the pipeline and/or plans that you would like to share with the rest of the industry?
T.M.O.: We continue to develop our cyber security capabilities and new solutions will be added to the Cyber Guard portfolio in the coming months and years.
We’d like to highlight the latest addition to the Cyber Guard portfolio, which adds new detection capabilities. ‘Cyber Detection’ is a dynamic, 24/7 service that oversees all incoming and outbound network traffic, granting users an instant view of any potential cyber-threats via its intuitive, web-based Cyber Dashboard, which issues live alerts and maintains a complete archive. It can be configured to dispense critical threat notifications via SMS and/or email. Each threat description is accompanied with practical counter-measure suggestions available within the Cyber Guard portfolio.
Additionally, users have the option of consulting a specialist surveillance team at Marlink’s Security Operations Centre (SOC) – highly-trained experts, working in tandem with the Cyber Detection solution, who are well-versed in chasing down and identifying targeted, under-the-radar threats which can often slip past traditional automated security solutions.
S4S: If you could change one thing about the shipping industry, what would it be and why?
T.M.O.: In terms of cyber security, we want to make sure that the problem is not only considered within a company’s IT department. There should be complete awareness of the challenges from crew members who interact with the IT networks on board, but also board members who are responsible for budgets and steering a company’s processes and culture. With more recognition at all levels, CIOs are empowered to take the action that’s required to negate the cyber threat and deliver continuous availability of their networks.
S4S: What is your key message to the industry for enhancing safety culture onboard and ashore?
T.M.O.: One of the toughest challenges is to ensure that IT policies are followed across a fleet. It just takes one employee to unknowingly open backdoors on corporate devices, and a cyber-attack could follow. For example, by using on board PCs to download content from untrusted sites, it is possible that malicious components may be installed acting as a Remote Access Tool (RAT) for cyber attackers. While the human element has always contributed to cyber-risk, Marlink has worked with customers to build a new IT Breach Policy solution which will mitigate the risk of crew members inadvertently enabling a successful incursion by hackers. However, IT usage training and policy adherence must become part of a company’s accepted culture to really protect networks from attack.
You may cast your vote for Marlink at 2019 SAFETY4SEA Awards dedicated webpage till 6th of September 2019!
The views presented hereabove are only those of the author and not necessarily those of SAFETY4SEA and are for information sharing and discussion purposes only.
About Tore Morten Olsen, President, Marlink Group
Tore Morten Olsen holds a M.Sc in Telecommunications from the Norwegian Technical University from 1993, and has participated in Executive MBA programs at Wharton Business School in the United States, Insead in France and Stockholm School of Economics in Sweden. He has 24 years of experience in the satellite communications sector, starting out as a technical product manager in 1994 and moving on to hold several senior management positions with Telenor, Astrium Services, Airbus Defence and Space, and Marlink.