Cyber security has been a hot topic in the maritime industry for years. Industry wide it is recognised as being important however but what is actually being done?
Earlier this month, we caught up with Michael Attar, CIO at the Future Tech Enterprise, at CMA Shipping in Stamford, Connecticut. We discussed the biggest threats to the maritime industry, the change in the cyber security threat landscape and what technologies are going to show value in the next five years.
Watch/ read the interview below.
Roxy Kashfi: What are the biggest threats to the maritime industry at the moment?
Michael Attar: I believe the maritime industry is suffering from similar issues that a lot of industries are having today. They had closed proprietary interfaces and they now open to the internet. Secure is becoming much larger threat both for commercial reasons, as well as for personal reasons. We have people that actually want to access the internet for their own email and personal use, as well as commercial exchange of data. Both of those data streams are risks to the production networks.
RK: What do you think companies can do to be more prepared for cyber security risks?
MA: It's really about assessing the assets that you have and evaluating how well they're protected. The key there is to rank the criticality of the asset versus the risk and the ability and capability you have to protect that asset. Once that's done, you can then have a plan to it to address your most high-risk areas. From there, you really need a readiness assessment plan where you discuss with stakeholders what happens in various scenarios.
If there's a power outage, if there's a major weather storm, if there's a denial of service attack, what do you do so when those things
happen so you're prepared. Securing, monitoring, and managing your assets is really critical.
We work closely with SecureWorks they offer our SOC services where they'll do 7 by 24 monitoring. They'll do intrusion, detection, and prevention, and they'll validate your infrastructure for you in terms of a proactive approach to security.
RK: How is the cyber security threat landscape going to change in the next 5 years, and what technologies are going to emerge?
MA: I think we all are aware that internet access is becoming more and prevalent. 5G networks are coming out, which is just going to increase access to things. Internet of Things is another intrusive technology and we use them for productive purposes, but they obviously come with risk.
I believe that applying machine learning and AI will be a critical step to securing those types of infrastructures. Human beings can't react fast enough when threats happen. You only have to be right once if you're trying to hack into a network, but you have to write all the time to stop it from happening.
I believe machine learning in AI will be a critical technology to thwart attacks. We partnered with a company called Dark Trace and they have an innovative approach where they monitor what your networks look like on a daily basis, what normal activity looks like, they then flag abnormal issues. This is really a learning process versus the traditional way of security where you have a list.
Antivirus works that way where you have a list of threats and if you see any of those threats you sound off an alarm. The problem is if there's a new threat that comes along you don't know about. You really can't react to it in the correct way and you have to be reactionary to be proactive.
AI will sit there and say, I know things look like this and this is what I'm supposed to see every day. When I see something different from that I then take action. It doesn't need to know what those threats are prior to flagging them as alerts. I think machine learning will be a critical technology.
I also believe that network virtualization will be another key technology to increase segmentation on the network. Right now, you have very physical devices. Companies usually a web service tier, you have an inside tier that employees VPN into, and then you have really a secure tier inside of that. Between each of those tiers you will have firewalls.
Network virtualization will allow you to create additional security devices against workload. If I have a web tier, I have multiple websites and once you get to that website, you can work east, west, and even get across various servers.
Network virtualization will allow you to protect each one of those workloads uniquely and independently. So, you can say a person can only access a certain website versus that whole web tier, or an employee can only access a certain production server versus any production server within that production tier
I think those two technologies will improve security for most enterprises that choose to adopt them.
RK: How is Future Tech enterprises helping this situation? I do you have any products or expertise you can offer?
MA: We are right where any certified facility, including PCI and HIPAA certified. As an organization maintain of secure facility in out New York office, as well as our Virginia offices. We partner with SecureWorks to assess and validate fortune 500 companies’ infrastructure. We have experience, internally ourselves, that we can share with our client base and we leverage you our partner SecureWorks as well as a fortune 500 companies CSIL (Cybersecurity Intelligence Lifecycle) departments to validate best practices in security.