Our Experience
Over the last 11 years, CND has been delivering cyber capability to naval forces, including the European Union Naval Force and the British Royal Navy.
The slow but steady digitisation of the maritime industry has led to vessels becoming increasingly reliant on e-navigation, GPS, AIS, and ECDIS. These are all technologies which are susceptible to a cyber attack. We are now delighted to be able to extend our former 'defence force only' offering to the private sector.
Maritime has been described as the "perfect storm" for a cyber security attack. Each modern vessel is a floating computer network with numerous systems including navigation and the Industrial Control Systems associated with managing the vessel as a connected unit.
Cyber security was not previously an issue as ships were a moving target with minimal external connectivity. This has changed now that vessels are often constantly connected to the Internet, making them a target.
Ships and ports are facing cyber attacks on a regular basis, their every move tracked and some ships have even been taken over remotely.
Maritime Security Services
One of our services which translates really well from traditional cyber to maritime is our Unified Threat Detection Managed Service, where we install a virtual sensor on each vessel which detects and reports on any issues and feeds the results back to our Security Operations Centre (SOC).
Secure by Design
The ideal time for cyber security to be considered is at the vessel design stage, or during refit.
Network Connected Devices
We perform a network mapping exercise and vulnerability assessment to identify connections from control systems to navigation aids and their vulnerabilities.
Penetration Testing
Our consultants will attack your network boundaries as though they were a hacker using the same methods. Where permitted by the service provider, we will ensure that your cloud provisioned services and social media platforms are configured securely.
Wireless Security
We look at fine tuning the Wi-Fi signal so it’s reach is minimised but usable, whilst optimising the security of the Wi-Fi configuration.
Virtual Private Network
We can provide an encrypted tunnel between the vessel and our Isle of Man datacentre, utilising sophisticated monitoring equipment we will look for threats which may suggest compromise.
Security Architecture
For more complex network topologies we will undertake a security architecture review and advise on the use of firewalls, Intrusion Prevention Systems, etc.
Supply Chain Security
It is important to check that your suppliers also meet an appropriate level of cyber security, ensuring that they will not be used as the weak link to attack your vessel or compromise your sensitive information or intellectual property.
-
Secure by Design
The ideal time for cyber security to be considered is at the vessel design stage, or during refit.
-
Network Connected Devices
We perform a network mapping exercise and vulnerability assessment to identify connections from control systems to navigation aids and their vulnerabilities.
-
Penetration Testing
Our consultants will attack your network boundaries as though they were a hacker using the same methods. Where permitted by the service provider, we will ensure that your cloud provisioned services and social media platforms are configured securely.
-
Wireless Security
We look at fine tuning the Wi-Fi signal so it’s reach is minimised but usable, whilst optimising the security of the Wi-Fi configuration.
-
Virtual Private Network
We can provide an encrypted tunnel between the vessel and our Isle of Man datacentre, utilising sophisticated monitoring equipment we will look for threats which may suggest compromise.
-
Security Architecture
For more complex network topologies we will undertake a security architecture review and advise on the use of firewalls, Intrusion Prevention Systems, etc.
-
Supply Chain Security
It is important to check that your suppliers also meet an appropriate level of cyber security, ensuring that they will not be used as the weak link to attack your vessel or compromise your sensitive information or intellectual property.
