New Forescout platform offers maritime operators device visibility, advanced threat detection

Cybersecurity company Forescout Technologies announced a new platform that provides maritime operators with complete device visibility and advanced threat detection for all marine control networks and monitoring applications. The platform also enhances cyber resilience in the maritime sector, since the commercial device visibility and control technology helps maritime organizations meet specific operational technology (OT) security requirements prescribed by the United Nations’ International Maritime Organization (IMO) for maritime cybersecurity.

The Forescout platform supports IMO’s requirements by securing ship automation and control systems. From January this year, maritime operators are required to comply with IMO’s cyber risk guidelines, to address a range of strategic preparedness and technical controls, from evaluating the impact of cyber-attack scenarios to implementing safeguards for bridge, cargo handling, propulsion, the passenger-facing public Internet and other IT and OT systems. 

Shipowners and operators must ensure that maritime operators need to quickly collect and aggregate security and operational data from the entire control and automation systems of the port facilities and ships. This is essential to maintain safety, operational reliability and keep up with an evolving threat landscape. 

Cyber risks are also addressed within IMO regulations and failure to comply with IMO 2021 may result in the denial of port access or even ship detentions. The guidelines can be incorporated into existing risk management processes and are complementary to the safety and security management practices already established by IMO. 

The Forescout platform provides maritime operators with an expansive view of a ship’s entire digital network that helps increase the speed of detecting anomalies and threats while enhancing response and remediation across critical alarms to I/O and IP device networks. With Forescout eyeInspect, operators in port or at sea can mitigate or prevent operational issues before they lead to potentially dangerous incidents.

“Modern ships are floating cities with navigation, propulsion, electric power generation, fuel dissemination, and water treatment as well as other networked systems such as HVAC, video surveillance and automated safety controls,” Kevin O’Leary, Forescout’s chief product officer, said in a press statement. “With these expansive technologies, the damage a cyber incident can cause to critical systems can be far-reaching and difficult to contain due to poor visibility and control of all connected assets.”

There has been a rise in the cyber-attacks that target the maritime industry’s OT systems over the last three years. Ports are also increasingly adapting to digital transformation, but the use of modern technology increases the attack surface, giving hackers more opportunities to exploit vulnerabilities.

The U.S. Coast Guard had warned in a maritime safety information bulletin that, “Legacy OT systems that were not designed to defend against current threats and activities, along with a failure to take necessary actions to protect newer systems and equipment, create opportunities for vulnerabilities and exploitation. The nature of maritime operations lends itself to interactions with multiple actors and touch points for cyber intrusion, necessitating a continually increasing focus on mitigating cyber threats.” 

“Vulnerabilities have been identified in industrial control systems (ICS) and operational technology (OT), such as GPS, alarm systems, satellite communications, automatic identification systems (AIS) and vessel integrated navigation systems (VINS),” wrote Jeffrey Macre, a cybersecurity sector lead for utilities, transportation and critical infrastructure IT/data centers at 1898 & Co. 

When it comes to cyber resilience, Macre thinks it is important to have an incident response program that defines processes for continuous operation of vessels in the event of a cyberattack; it is also important for business continuity, as such attacks also affect employees and customers. “Port authorities and maritime companies must adopt a constant threat monitoring and detection approach that can prevent disturbance to operation, processes and procedures,” he added.

Last month, Cyware aligned with the Maritime Transportation System Information Sharing and Analysis Center (MTS-ISAC) to enhance the maritime community’s ability to collect and share threat intelligence in a timely manner. As part of the partnership, Cyware will enable MTS-ISAC’s community to run more efficient end-to-end security automation, cybersecurity operations, threat hunting and incident response programs.

Anna Ribeiro

Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.