Written by Walter Hannemann, Product Manager | 26 February 2020
As discussed in part 1 and part 2 of this article, data confidentiality and data integrity – the first two governing principles of the CIA triad security model – are essential to keeping business-critical data protected and trustworthy.
Today we bring it all to a conclusion by looking at the last pillar of the CIA model: Availability.
Systems, applications, and data bring value to your organisation and your customers, but only when they are available, i.e. when authorised users have timely and uninterrupted access to them when they need them.
And paradoxically, ensuring access is in many cases the opposite of what cybersecurity must accomplish: prevent access. So, the first dilemma is to address ‘access to the right users and applications and no one else’.
So, what are the recommended measures to help ensure the availability of the data generated and used onboard your vessels?
Let’s have a look at the most important ones.
Many factors can jeopardise availability, including hardware or software failure. If this happens, getting your IT infrastructure up and running again, as quickly and safely as possible, is the number one priority.
Data availability relies on two main aspects:
Regarding hardware and software platforms, it’s important to have:
The best hardware is less likely to fail, so investing in top quality pays off in better availability – and thus in reduced risk of degraded ship operations and costly network, system and application downtime.
Beware the harsh onboard environment. Vibration, heat and humidity can damage hardware, so consider carefully where to install it.
All hardware eventually malfunctions, so in order to ensure zero inaccessibility or downtime for the most critical data and applications, it’s important to have redundancy. Hardware redundancy simply means adding a duplicate device or component within the system that steps in when a primary device or component fails.
On a regular basis, make sure to copy a primary hard drive to a backup drive. If the primary drive fails, the secondary drive can be slotted in. The only vessel data lost will be anything produced since the last time the files were copied.
Because all hardware will eventually fail, planned replacement of older hardware (and software, for that matter) will make your overall infrastructure more reliable and provide improved availability.
As reliable storage has a cost that is somewhat proportional to the amount of data that is kept, it’s also important to clean up old and no longer relevant data, so your storage needs are kept under control.
Relevant hardware and software installations on board should be updated to help maintain a sufficient level of data and system availability. Put in place procedures for timely software patching and updates (take into account the ship type, speed of internet connectivity, sea time, etc.)
Software includes computer operating systems, which should also be kept up to date.
Additionally, a number of routers, switches and firewalls and various OT devices will be running their own firmware, which may require regular updates.
Data recovery capability is the ability to restore a system and/or data from a secure copy or image, thus allowing a clean system to be restored. Essential information and software-adequate backup facilities should be available to help ensure recovery following a breach or other cyber incident, a hardware or software failure – or even a user mistake.
The confidentiality, integrity and availability (CIA) model provides a framework for assessing the impact of:
The importance of confidentiality, integrity and availability depends on how the information or data is being used. For example, assessing the vulnerability of IT systems related to commercial operations may focus on confidentiality and integrity rather than availability.
Conversely, assessing the vulnerability of OT systems onboard your ships, particularly safety-critical systems, may focus on availability and/or integrity instead of confidentiality.
Besides the now traditional applications like planned maintenance systems and emails containing sensitive operational data, more and more business documents like packing lists, bill of lading, certificates or customs clearance documents are increasingly being provided in digital form. Moreover, a modern ship may contain thousands of sensors, generating ever-growing pools of data. This data needs to be turned into trusted information as the basis for true insights and value creation.
Data quality is essential when it comes to creating value from data. To harness the full potential of data for more effective operations and decision-making, you need to be able to trust it. This means you need to be able to trust the generation of the data (through sensors or manual collection), the equipment that stores, processes and cleans the data, and the algorithms that make sense of the data.
Poor-quality or compromised data is of little or no value to your company, as it cannot be relied on. More so, faulty onboard data or systems may be counterproductive, adding waste and costs, and potentially endangering safety, operations, environment, profitability, reputation and compliance.
For this reason, it is vital that you implement a robust, multi-layered IT security strategy to safeguard your onboard applications, networks and systems and ensure data confidentiality, integrity and availability, from ship to shore.
Walter Hannemann started his career in a computer factory product development laboratory in 1983, while taking his education in Electronics and Information Systems. Since then, his jobs have involved software architecture and development, infrastructure design and overall IT management, in both large enterprises and startups. With a passion for “making things work”, shipping applications and all digital things onboard ships became his interest after joining Maersk in 2008. Managing IT in large companies like Maersk Tankers and Torm has given him insider’s knowledge in the shipping industry and enticed his entrepreneurship to help moving the industry into the digital future. Based in Copenhagen as Product Manager for Dualog, Walter enjoys finding solutions for big (and small) problems while keeping the overview and a forward-looking approach, with deep dives in technical subjects when necessary – or possible.