On the Right Tack – Staying Ahead of IMO Regulations, Cyber Threats, and Competitors
LNG Global Shipping Provider | Europe
This LNG global shipping provider based in Europe was looking for a proactive approach to maritime cybersecurity and compliance regulations. They sought to understand the cybersecurity risks on its vessels, improve the cybersecurity protection of its onboard vessel networks, and get aligned with the upcoming IMO 2021 regulation requirements. See how partnering with Mission Secure helped improve their competitive position with oil and gas clients.
The customer is an international owner, operator, and manager of LNG shipping services, providing support to global energy companies as part of their LNG logistics chain. With a consolidated fleet consisting of 35 LNG/FSRU carriers, the customer is focused on consistently delivering operational excellence across their entire fleet. Their main commitment is to protect the value of the cargo so their customers can deliver on their promises and protect their reputations. Thus, safety and cybersecurity are top concerns.
"We are keeping our standards high; environmental standards, quality standards, and safety. And cybersecurity is very much a component of properly ensuring the safety of our vessels, people, and customers’ cargo.”
Knowing that their LNG/FSRU shipping customers now seek to engage with shipping partners that can demonstrate expert safety and cybersecurity results, the customer was compelled to demonstrate an improved cybersecurity infrastructure within its own IT environment and on its vessels.
To get started, the customer looked to baseline their existing cybersecurity posture and partnered with Mission Secure to conduct an in-depth IT / OT systems assessment, which included: vessel network walkdowns, external penetration testing, and an IMO 2021 cybersecurity framework scoring exercise. One key finding of the assessment was that vessel IT and OT networks are relatively flat and intertwined. A lack of internal segmentation and protection control measures can leave essential ship systems vulnerable to malicious actors who aim to penetrate a vessel’s network.
Additionally, the assessment concluded that since the customer’s crews constantly rotated vessels, they lacked onboard cybersecurity controls that offered simple access to views of each vessel’s network, including network assets, number of connections, and potential vulnerabilities that could leave the ship exposed to cyber threats. The customer’s IT and vessel crews lacked the ability to enforce access controls for third-party vendors who could directly access and interface with critical vessel control systems onsite and remotely for upgrades and maintenance. Additionally, those vendors could easily change configurations and might inadvertently disrupt other in progress onboard operations.
The Proactive Solution
After reviewing the IT/OT systems assessment findings, the customer elected to deploy the Mission Secure Platform to:
- More thoroughly harden their vessel’s operational control system networks against cyber threats, and
- Address IMO 2021 security standards to address the urgent need to support safe and secure shipping, which is operationally cyber resilient.
The Mission Secure Console Appliances were designed into the vessel networks as control points for segmentation and to allow the customer’s IT organization to protect onboard control systems.
The customer relied on Mission Secure’s services team to install all Mission Secure Platform components, which included the Mission Secure Console and Console Appliances on each vessel. Following installation, a series of hardware functionality checks and a run-through of all vessel systems were conducted to ensure proper functionality prior to vessels leaving port. Network monitoring was installed and a network segmentation plan was designed and deployed on each vessel. These installations:
- Protect vessel networks from inbound traffic from untrusted, connected third-party networks
- Protect onboard, networked critical control systems from unauthorized or unintended local area network traffic
- Protect external networks from outgoing traffic from a possible vessel network intrusion
After deployment of the new cybersecurity platform, the customer initiated a second penetration testing exercise executed by Mission Secure cybersecurity research personnel. With the Mission Secure Platform in place on vessel networks, all penetration attempts were successfully prevented-even those that were previously used to breach vessel networks during the initial OT assessment.
Customers are putting a lot of trust in us, and I think this is due to our meticulous safety record. Partnering with Mission Secure to assess, plan, and implement improved vessel cybersecurity has us well on our way to demonstrating IMO 2021 compliance.”
How Improved Vessel Cybersecurity and Regulation Alignment Led to a Competitive Advantage
Improved Onboard Vessel CybersecurityWith the Mission Secure Platform deployed on its vessels, the customer’s IT organization and ship’s crews can now ensure the protection of their vessel networks. They can observe and map onboard network connections and activity to determine how devices communicate with each other internally on the vessel’s network, and externally via the onboard satellite communications network for Internet access. They can automatically identify and block unnecessary vessel network activity that can adversely impact network operations, performance, and threaten the onboard critical control systems. Ship’s crews can defend against intrusions through the use of logical security zones and protections configured to block and alert on any and all unauthorized and unknown traffic and/or protocol communications. The customer now realizes the following cybersecurity benefits:
Comprehensive Network Monitoring
Zero Trust Segmentation And Protection Of Onboard Critical Control Systems And Services
Alignment with Industry Regulations, Standards, and FrameworksThe customer is now in much closer alignment with global cybersecurity regulations, specifically IMO 2021, and others such as ISO 27001 and best practices from the NIST Cybersecurity Framework. Additionally, in working with Mission Secure for on-going 24/7 managed services, Mission Secure can work with the customer to maintain compliance as regulations evolve over time.
Safety and cybersecurity are not based on frameworks or checklists; for us, it is a habitual action. We have lower downtime than our competitors due to the preventative maintenance we implement on our vessels. Cybersecurity is a key program in minimizing downtime risk as well. We are extremely pleased with our partnership with Mission Secure to improve our overall operational cybersecurity.”