Posted

Standardisation central to cyber security


By Serafeim Katsikas,
CTO, METIS Cyberspace Technology

As a leading maritime data provider, METIS Cyberspace Technology is a key stakeholder in the industry’s cyber security drive. The data analytics specialist sees the standardisation of vessel monitoring and control systems as crucial to protecting shipping from digital threats.

The International Association of Classification Societies’ Recommendation on Cyber Resilience includes data providers among the many stakeholders involved in ensuring compliance with the IMO’s latest cyber provisions. According to the Recommendation, it is the responsibility of data providers to preserve the quality of data as well as its safe production, delivery and integration.

Cyber resilience through integration

As one such provider, METIS Cyberspace Technology leverages big data analytics, machine learning and artificial intelligence to empower decision-making on board over 250 ships. Since METIS does not specialise in cyber security, its position as a stakeholder lies in the need for its cloud-based platform and data acquisition, pre-processing, uploading and transmission functions to be fully cyber resilient.

The METIS solution allows data from a range of shipboard and external sources to be collected and stored in a central database. It has been refined to standardise interoperability with leading navigation, cargo control and alarm monitoring systems, as well as with torque meters, flowmeters, steam production, ballast water treatment, power management systems and other onboard machinery equipment.

As security across all data flows is of the highest priority, METIS safeguards its infrastructure using the best of the available cybersecurity technology. The METIS cloud platform is hosted on Microsoft Azure West Europe Datacenter which, in itself, offers a wide variety of controls to protect the METIS platform from cyber-attacks. METIS has received ISO 27001 certification for the infrastructure, development and operational processes that support its products and service.

In addition, METIS deploys the most advanced identity and access management systems available, with regular updates protecting the platform against any new threat. Processing, analysis and service implementation are performed by independent microservices in the cloud, which are interconnected by application programming interface or message bus system, so that no direct access to the main database is necessary to execute SQL queries. Similarly, applications and users can only retrieve vessel information with permission from the administrator.

The cyber security benefits of this approach are clear, but vessels commonly feature diverse digital interfaces and fragmented technologies, with low-quality IT networks unable to unify all systems on board. Vessel control and monitoring systems are accepted as the industry’s most viable route to digitalisation. METIS continuously enhances its security-threat monitoring and detection procedures by updating security software, applying additional security layers and performing penetration tests at regular intervals.

Common solutions for a common goal

Against this background, the International Council on Combustion Engines (CIMAC) has established a ‘System Integration’ working group with a strong focus on cyber security requirements. The group, of which METIS is a member, is deconstructing the shipboard control and monitoring system with the aim of conserving cyber security while advancing interoperability.

Its work so far suggests that opportunities exist to synthesise modules from multiple systems within each category and standardise module or system interfaces to advance interoperability through the sharing of data and services.

While standardisation has not yet been achieved for ship machinery and equipment, ISO standards do offer unified rules for developing machine- and human-readable identifiers and data structures to enable the exchange and processing of sensor data from ships.

They also provide guidelines for the installation of ship communication networks for equipment and systems, meaning that a monitoring system defined as a shipboard data server and sharing information to any other system can already be designed to ISO recommendations.

At a time when cyber security is high on the maritime agenda, METIS believes that the emphasis should be on standardising vessel control and monitoring systems. We will therefore work closely with our partners to realise a vision for a digitalised shipping industry whose common goals are best served by common solutions.