Data security and IoT
Cybersecurity has always been a paramount issue in shipping. The recent acceleration in digitalization has been met with a 400% increase in attempted hacks since February 2020 alone (1).
Digitalization has brought a lot of attention to IoT and raised questions on how data can be securely transferred between sensors and software, from ship to shore.
A report by Zscaler in 2019 examined 56 million transactions in enterprise networks using 270 different types of IoT devices from 153 different manufacturers over a 30-day period. The results have shown that 41% were communicating over unencrypted channels, which paved the way for being targeted by malware and cyber-attacks.
As the development and employment of IoT devices accelerate, the risk of cyberattacks accelerates with it.
Safeguarding practices are needed to protect IoT data, but ‘traditional IT security techniques will not work for all IoT services, which calls for additional measures.’
To protect data, an IoT service must have an architecture that is built with security in mind, incorporating ‘privacy guardrails, data ownership, and governance including the robust management of data from first receiver to subscriber. (2)
BIMCO’s “Guidelines on Cyber Security Onboard Ships” emphasize the need to assess risks arising from the use of information technology (IT) and operations technology (OT) onboard ships and establish appropriate safeguards against cyber incidents. OT systems differ from traditional IT systems. Its relevance to safety of crew, cargo, environment, and vessel operation is extremely high. Whilst OT systems operate in real-time, controlling the physical world and corresponding processes, IT systems merely manage data. (3)
Securing your IoT Data with KVH Watch
KVH has actively addressed these challenges by introducing KVH Watch – the industry’s first purpose-built stand-alone IoT service, allowing equipment manufacturers, service companies, and digital content providers to connect with installed sensors and systems onboard.
The product provides dedicated and single-use data pathways for IoT systems that do not and cannot be interfered with by other onboard networks. E2E encryption, protected internet egress, gateway firewalls, and DPI, edge device lockdown, and managed security protect data paths. MFA and captain authorization procedures in combination with the above cover all cybersecurity requirements holistically.
Explore the benefits of KVH Watch
KVH Watch is designed to meet the cybersecurity needs of a modern, connected ship:
- Isolates the IoT network from the vessel’s existing IT network by introducing the KVH Watch Terminal with Managed Switch, dedicated LAN, and dedicated Wi-Fi access points
- Supports manufacturer VPNs
- Multi-factor authentication for user identification