HomeMarine

Alexey Fitiskin writes : Cybersecurity and Disaster Recovery Plan for a vessel data collection system

By :Alexey Fitiskin

One of the most important issues when connecting Marine Digital FOS (fuel optimization system) on a vessel is the issue of the safety of connecting and exchanging information. IT specialists and managers of ship companies always ask us about the Cybersecurity and Disaster Recovery Plan for a vessel data collection system. In this article we have identified the most relevant and frequently asked questions and answers to them:

 ?Have you got a DR Plan

Marine Digital FOS box is not intended to be used as an SVDR or any kind of onboard navigational equipment during the PoC phase (Q3 2020). The only purpose during the PoC phase is to collect the data, related to the position and movement of a vessel, for reconstruction of the voyage details for R&D purposes. So during this phase a DR Plan is not relevant.

 How equipment on board will be protected for unauthorized access from 3rd parties?

This PoC version of the Marine Digital  FOS box consists of a Data Collection Unit (DCU), a power supply, and a GSM modem, all-in-one robust enclosure, interfacing with the sources of input signals via a read-only NMEA connection, that pulls in data integrated sources, encodes and records it to the integrated storage, and then uploads the collected data to the cloud data lake when a GSM connection is available, autonomously from the shipboard systems. So there is no way to access the equipment on board.

 Total and peak bandwidth consumptions required for the device on board?

Marine Digital FOS box complies with the following EU Directives:

  • Electromagnetic Compatibility Directive 2014/30/EU

  • Low Voltage Directive 2014/35/EU

  • RoHS Directive 2011/65/EU

European Conformity; Conformité Européenne (CE)

FOS box is also relevant USA Federal Communications Commission (FCC)

This device complies with part 15 of the FCC Rules. Operation is subject to the following two conditions: (1) this device may not cause harmful interference, and (2) this device must accept any interference received, including any interference that may cause undesired operation of the device.

Australian Communications and Media Authority

This product meets the applicable EMC requirements for Class B, I.T.E equipment and applicable radio equipment requirements

RUSSIA/KAZAKHSTAN/BELARUS Customs Union Technical Regulations

This device complies with the technical regulations of the Customs Union (CU TR).

TAIWAN

Bureau of Standards, Metrology & Inspection (BSMI).This device complies with CNS 13438 (2006) Class B.

 ?How updates for the software will be managed

The PoC v2.0 of the Marine Digital FOS box includes a GSM modem, so it can get updated autonomously from the shipboard systems when a GSM connection is available. The AWS IoT Greengrass Core software is packaged with an agent that can update the core’s software or the agent itself to the latest version. These updates are sent over the air (OTA) by the AWS IoT Device Management service.

 ?How data in the cloud will be protected

AWS IoT Greengrass authenticates and encrypts device data for both local and cloud communications so that data is never exchanged between devices and the cloud without proven identity. We also leverage hardware-secured end-to-end encryption for messages sent between an AWS IoT Greengrass Core and the AWS cloud, and messages between an AWS IoT Greengrass Core and other local devices using the AWS IoT Device SDK.

AWS IoT Core provides automated configuration and authentication upon a device’s first connection to AWS IoT Core, as well as end-to-end encryption throughout all points of connection, so that data is never exchanged between devices and AWS IoT Core without proven identity. In addition, we secure access to our devices and applications by applying policies with granular permissions.

AWS IoT Device Defender audits device-related resources (such as X.509 certificates, IoT policies, and Client IDs) against AWS IoT security best practices (e.g., the principle of least privilege or unique identity per device), continuously monitors our device fleets to detect any abnormal device behavior that may be indicative of a compromise by continuously monitoring high-value security metrics from the device and AWS IoT Core (e.g., the number of listening TCP ports on your devices or authorization failure counts), alerts us about security issues as they arise, and recommends mitigation actions for these security issues such as revoking permissions, rebooting a device, resetting factory defaults, or pushing security fixes.

Show More
Back to top button
error: Content is Protected :)