Getting ready to fight the invisible cyber intruder
4 min read
15 Oct 2018
4 min read
15 Oct 2018
The threat of a cyber attack is one of the most prominent business risks to any company’s information and operation systems. With rapid digitalisation of the marine industry and increased use of integrated systems and software on ships and offshore platforms, cyber security is becoming critical, not only for data protection but also for reliable and safe marine operations.
The shipping giant Maersk went public with the information that they had been infected with the NotPetya malware, which destroyed their entire infrastructure. In the aftermath, Maersk had to replace 45,000 computers, 4,000 servers, and re-install 2,500 applications at an estimated cost of USD 300 million.
Trusting an outsider
Companies have to often choose whether to build their own dedicated cyber organisation or team up with a partner.
“It can feel a bit awkward, since data is the most important asset a company has and why would one trust that asset with an outsider,” says the globally recognised security expert Mikko Hyppönen, Chief Research Officer at F-Secure Corporation.
But he compares this with outsourcing the guarding of the company premises to an external security company. “You are outsourcing a critical business function to someone who can do it better than yourself.”
Wärtsilä’s Cyber Security as a Service (CaaS) is a packaged solution that is offered to companies with an approach to embed cyber security into the products and services. “We offer a 360-degree security approach to our customers, with four distinct steps. Together with the customer, we assess their level of cyber security to help them understand the status and most important threats. This approach can include anything from simple surveys to in-depth technical vulnerability assessments,” says Kim Eklund, Director, Cyber as a Service at Wärtsilä.
The next step is to build the foundation for cyber security, i.e. the management structure by setting policies, guidelines, responsibilities, and procedures in place. With the foundation in place, Wärtsilä, as an OEM, can help its customers protect their installations from vulnerabilities, e.g. through technical controls.
“The last stage focuses on maintaining resiliency through lifecycle services including threat or vulnerability advisory services or a patching type of service where we continuously update the systems,” explains Eklund.
Today, every company is a software company
The marine industry has a complex value chain, including shipyards, ship owners, charterers, OEM providers and so on. And the looming question is who is responsible for what? In this scenario, the industry is looking for a leader that can provide them with secure technologies, services and solutions. “As an OEM manufacturer and service provider, we want to raise the awareness and become the thought leader of cyber security in the market. When you know what can happen, you are ready to do something to prevent it from happening,” says Eklund.
One step towards becoming a thought leader is the recent Memorandum of Understanding Wärtsilä signed with Templar Executives to establish a cyber academy which was launched in October.
With significant breaches, intrusions or outbreaks in the world, the need within companies to protect itself is now more pronounced than ever. Isolated systems have gradually evolved into systems that are connected in a smart way (Internet of Things). This has made it harder to keep everybody out, especially in more extensive networks. “Today, we have to assume that there is a breach somewhere in our network at any given time and put the focus on quickly detecting the breach and stopping the intruder. Without detection you are facing a potential disaster,” says