Written by Walter Hannemann, Product Manager | 11 December 2019
The shipping industry is moving more and more business-critical processes and data to digital platforms and cloud systems, increasing the need for robust identity and access management (IAM). Creating, tracking and managing personal and digital identities is vital for a smooth shipping operation.
On a cargo ship at sea, a couple of years ago: The main application server is infected by ransomware, completely disrupting the IT infrastructure. Every critical file on the server is encrypted, destroying sensitive data and applications needed for administrative operations.
The story above is not some made-up scenario but a real-world incident, reported by BIMCO. The root cause of the infection turned out to be a poor password policy that allowed attackers to brute force remote management services.
Identity and access management in the complex maritime setting is a challenge that needs attention. The ever-shifting crew, the abundance of equipment with thousands of onboard sensors and the many players involved in running a shipping operation pose challenges for identity and access management.
With its continued adoption of cloud applications, the maritime sector is struggling with visibility of user access and activity. At the same time, compromised user credentials often serve as an entry point into an organisation’s network and its information assets, both onshore and offshore.
In a business environment such as shipping, access to onboard systems is granted to various stakeholders. Suppliers and contractors pose a cyber risk, as they often have both intimate knowledge of a ship’s operations and full access to systems. Third-party technicians are typically left to work on equipment without supervision.
These security challenges have made identity and access management systems gain prominence. In today’s digitally connected world, Identity and access management is a critical component of any shipping company’s cybersecurity plan.
Identity and access management in enterprise IT is about defining and managing the roles and access privileges of individual network users and the circumstances in which users are granted (or denied) those privileges.
Organisations use identity and access management to safeguard their information assets against the rising threats and vulnerabilities related to digitalisation.
As the right individual is granted access to the appropriate resources at the right time, while unauthorised individuals are kept away from sensitive resources (user information, passwords and digital certificates), IAM safeguards critical shipboard assets and improves data security.
Your fleet crews are dispersed all over the world oceans, doing their jobs in distributed IT environments far away from your company headquarters. This atomised work model – with crews working remotely, across regions, time zones, and disparate devices – represents a whole host of IT security challenges.
Privileged access abuse is a growing attack vector, where cybercriminals are increasingly attempting to access sensitive systems and data.
The goal of identity and access management is to improve productivity and security while lowering costs associated with managing users and their identities, attributes, and credentials.
When implemented correctly and safely, identity and access management help to improve efficiency by giving your employees access to systems and platforms faster. What’s more, it lowers operational IT costs. There will be fewer calls made to support for resetting passwords and similar time-consuming tasks, allowing your IT staff to get more meaningful and strategically valuable work done.
Let’s look at some key procedural protection measures for ships, as recommended by BIMCO’s Guidelines on Cyber Security Onboard Ships.
Modern-day cyber criminals are ramping up their efforts to break into systems using compromised user and access credentials. The maritime sector is no exception.
Administrator privileges allow full access to system configuration settings and all data. Users logging onto vessel systems with administrator privileges may enable existing vulnerabilities to be more easily exploited.
Therefore, proper identity and access management is a crucial part of your cybersecurity strategy.
Walter Hannemann started his career in a computer factory product development laboratory in 1983, while taking his education in Electronics and Information Systems. Since then, his jobs have involved software architecture and development, infrastructure design and overall IT management, in both large enterprises and startups. With a passion for “making things work”, shipping applications and all digital things onboard ships became his interest after joining Maersk in 2008. Managing IT in large companies like Maersk Tankers and Torm has given him insider’s knowledge in the shipping industry and enticed his entrepreneurship to help moving the industry into the digital future. Based in Copenhagen as Product Manager for Dualog, Walter enjoys finding solutions for big (and small) problems while keeping the overview and a forward-looking approach, with deep dives in technical subjects when necessary – or possible.