IT security solutions for shipping with the ITE GmbH from Hamburg

Networked on the high seas

The members of ship's crews are exposed to enormous stress and often isolated from family and friends for months on end. Using a smartphone or notebook, they can surf the Internet via satellite via the ship's network and maintain personal contacts. But these devices are a popular gateway for cyber attacks.

Thanks to modern satellite connections, modern merchant ships usually remain connected to the mainland throughout. The IT infrastructure installed on board ensures that sensitive and important data for operational ship operation is permanently exchanged with the shipping company. On modern ships, more and more components are controlled via ship networks and software. This makes their IT infrastructure vulnerable. Increasing networking increases the risk of cyber attacks.


Digital security as a challenge

The digitisation of shipping is in full swing. For the maritime industry, this will result in new value chains and opportunities to increase efficiency. One reason for this is the importance of the sector: today, 95% of intercontinental trade is carried out by shipping. According to the Federal Ministry of Economics and Energy, the sector generates annual sales of around 50 billion euros in Germany alone. In order to do justice to this, the German Federal Government and the maritime industry have named digitisation as a central field of action in the Maritime Agenda 2025.

As defined in the IT Security Act, shipping companies are among the critical infrastructures.

Operators are obliged to implement IT security measures.

"With the increasing exchange of data between ships, shipping companies, port operations, offshore facilities, authorities and other communication partners on land, the risk of cyber attacks is increasing for all involved. It is important for all players in the maritime industry that the IT systems involved are protected as comprehensively as possible against cyber attacks" (Joint Declaration on Digitisation in the Maritime Industry, Federal Government and the Maritime Industry, Hamburg, 4 April 2017).

In this context, the Maritime Safety Committee declared Cyber Risk Management part of the ISM Code in June 2017. Measures to organise the safe operation of ships and to protect people on board are therefore mandatory for international shipping. Implementation must be completed by 2021.


Cyber pirates on a caper cruise

The importance of IT security on ships and crew protection became clear at the latest with the #NotPetya attack at the end of June 2017. Computers were infected with malware, the attackers encrypted data and demanded a ransom. #NotPetya attacked nearly 80 ports worldwide. Large fleets of container ships were out of action for days. Among the victims of digital extortion were several European shipping companies, including one of the largest container shipping companies in the world. There have also been attacks on the Electronic Chart Display and Information System (ECDIS).

According to the Global Risk Report 2019 of the 14th World Economic Forum, major economic damage is also to be expected in the future from extensive cyber attacks or malware as well as massive incidents of data fraud and data theft.


Baseline situation

Information Technology Engineering (ITE) GmbH provides modern IT infrastructure for shipping companies and seagoing vessels. With "ITE connect", the Hamburg-based company offers customers innovative security solutions for shipping and the maritime industry.

ITE supports the IT infrastructure on around 250 ships worldwide. Its customers include well-known shipping companies from Hamburg and Bremen as well as internationally oriented shipping companies from Asia.

Since early 2018, the company has been using the NextGen UTM firewalls from the German manufacturer Securepoint. This interaction resulted in the security solution ITE connect: the crew can surf safely and the ship's network is comprehensively protected.

"Our project goal was to set up secure, controlled Internet access for the crew members on the one hand and to configure and maintain the ship's network from shore via a VPN gateway on the other", explains Frank Eggert, Managing Director of ITE.

ITE connect, including Securepoint NextGen UTM firewalls, has provided security for 62 Hamburg and Bremen shipping companies to date:

"What convinced us about Securepoint's solutions was the fast setup of the VPN gateway between ships and the mainland. This is certainly partly due to the fact that the firewall image is only 70MB in size. It was also important to us that the solution used complied with the requirements of the European Basic Data Protection Regulation. Securepoint meets all expectations and is guaranteed not to use backdoors. That is a clear statement for us. The professional support of the manufacturer was the icing on the cake," says Frank Eggert.

The high quality of the high-end content filter including zero-hour protection and the integrated one-time password system were also decisive factors in the decision to use the Securepoint NextGen UTM firewall.


Over the oceans with safety

Digital threats from malicious software or malware spread rapidly over the Internet. The time between the emergence of new threats and their arrival at individual users in the shipping company or on the ship is getting shorter and shorter. Traditional methods often do not offer solutions.

 

"ITE connect" is the answer to this challenge. Integrated in "ITE connect", Securepoint's Securepoint NextGen UTM firewall forms the hull for the protection of your maritime fleet and your IT. With all its features, "ITE connect" is the security solution for the maritime industry. It provides shipping companies and ships with secure Internet use, a secure network, secure connectivity and secure communication via e-mail. A central technology of the Securepoint NextGen UTM firewall helps here: the Cyber Defence Cloud. Through machine learning, swarm intelligence, data mining, powerful protocols and the know-how of the analysis team, findings from technical innovations and people are linked together.

Benefit from the value-added service solution, which can be used in combination with professional IT and communication systems such as 3g / 4g (and in the future 5g), FBB or VSAT without being tied to a specific provider. "ITE connect" can be installed or retrofitted on board your maritime fleet at any time. "ITE connect" is also available as a fully integrated part of comprehensive ITE shipping.


"ITE connect" means:

Safe surfing

The high-end content filter is an important security feature of the Cyber Defence Cloud. It convinces on the NextGen UTM firewall integrated in "ITE connect" with high accuracy, speed and low resource consumption. The Threat Intelligent Feed is the most important category of the Cyber Defence Cloud. The IPs and URLs accessed via the ship's network are checked for spare/phishing, ransomware, malware or macro downloads and other threats. Prohibited, dangerous or offensive content is thus blocked. Shipowners can use it to fulfill their duty of care and enforce the desired access restrictions and internal security rules. This also protects them from possible liability claims that can be asserted through misconduct by employees when using company-owned devices.

Secure e-mails

Mail security on a new level: with quarantine of dangerous e-mails directly on the integrated NextGen UTM firewall and a self-developed time lock for suspicious messages. After a defined time, the e-mails are checked again and only delivered when there is no security risk. The result: 99.9% less spam/viruses and a maximum reduced error rate in detection. The scanning of 25 billion e-mails per day in the Cyber Defence Cloud makes this possible. For ship networks and shipping companies, this means the highest level of security. Data can hardly fall into the wrong hands as a result of carelessness or ignorance on the part of users. This minimizes the risk of compromising the entire network.

Secure connections

With VPN-enabled UTM gateways, any number of locations can be securely networked, whether PC workstations in the shipping company or superintendent laptop computers within the ship network. The Securepoint SSL-VPN Client provides mobile employees with encrypted VPN access to the corporate network, including secure Internet use. Dynamically adaptable rules can be assigned to the individual user.

Mail server administration overview

The goal of a simple and at the same time powerful interface for all system administration tasks is fulfilled with "ITE connect" with the Mail Admin. This web-based tool manages the integrated e-mail accounts as well as the entire configuration of the mail server and its components. The ability to be a natively implemented component in a Microsoft Active Directory environment makes it a perfect addition to your ship's network.

Virtual Domain

Any number of virtual domains can be created. All you need to do is specify the domain name for each user's email account. You can also specify aliases for a virtual domain so that sending an email to a virtual domain or to one of its aliases becomes transparent.

Email Filter

The mail server can be configured to use a content filter for messages. To do this, the filter server must receive the message from a specific port and send the result back to another port where the mail server must listen to the reply. You can select a custom e-mail filter or use the built-in e-mail filter that is used by default.

Protocols

Standard protocols such as POP3 (S), IMAP (S) or SMTP as well as CardDAV, CalDAV and SIEVE are supported.

Logging

Mail Admin provides an infrastructure that allows the modules to log all types of events that may be useful to the administrator. These logs are available through the Web interface. Logs are stored in a database (MySQL®), making queries, reports and updates easier and more efficient.

Webmail solution

Share your e-mails, calendars and address books in your corporate network with our webmail solution. It provides a comprehensive AJAX-based web interface and supports multiple native clients with standard protocols such as CalDAV, CardDAV and GroupDAV as well as Microsoft ActiveSync. The component does not come as a simple webmail client, but works as a groupware solution. This is located in the middle of the servers and offers your users a uniform and complete interface for accessing their information. Small enterprise environments with only a few employees and production environments with thousands of users are ideal locations for deployment.

Crew Internet and Dashboard

The Internet is provided by a W-LAN based Internet of the crew on board ships and has adjustable data transmission as well as time and bandwidth restrictions. Hundreds of devices such as smartphones, laptops, tablets and many more are easily accessible. From the central management dashboard, you can monitor networks, devices and individual users, and report and manage events anytime, anywhere.

Captive portal with dynamic logon pages

A captive portal can be described as an access control component of a WLAN network. The captive portal communicates with the server to allow or deny access to the Internet.


IT security solution and specialist trade partner