Andrew Tierney: Pen Test Partners
“Workboats remain one of the most risky environments, they have to deal with bad weather and a range of tricky operations,” said Andrew Tierney of Pen Test Partners. “That desensitises people to lesser risks, risks that these days are much more likely. Like cyber attack.”
He added that while last year’s ransomware assault on Maersk should have been a wake-up call to all and sundry, he knows workboat operations might see themselves as too small to bother with. However, he underlined that these days, workboats are more in danger from holes in the IT than holes in the hull, “and criminals will more likely target those that don’t have good defences”.
Mr Tierney himself crossed over to IT security from a background in electronic engineering. However, as internet applications and IoT developed, he found himself in demand by a number of high profile companies before joining Pen Test Partners (no, not a biro shop, it’s short for ‘Penetration Testing’). He explained that his job is to show the gaps in a system before a cyber attack does and find the most practicable ways to close them – which could be simpler than one might imagine. However, his feet have been in the water as a crewman and he’s not naive about the realities.
“Software piracy is common in smaller fleets. Downloading cheap charts and so on seems to save money, but the sources are less than legitimate, and installing software you can’t trust is not a good idea. It exposes the vessels to risk of viruses.”
More, he added nasties can lurk in an apparently innocent email attachment like a spreadsheet or on a memory stick: “The worst thing I’ve so far seen has come from crew members spreading malware via a USB stick. Very easy”.
This is meeting other factors in a perfect storm: “A few years ago vessels were relatively isolated, but now you are asking them to get online... even satellite services aren’t massively well secured: you find quite a few of the routers at exposed on the internet.” He added: “At the same time, support and tug boat crews are getting smaller and smaller, which means they are much more dependent on the software.” And he pointed out that any boat running on dynamic positioning “means there’s a massive reliance on the computer system”.
However, he added there’s probably just as much danger lurking in archaic systems, though he admitted it’s understandable: “Fleet owners often run old, unsupported software like XP or Vista, which can’t be updated and you’re left hoping they don’t break.” Unfortunately he added: “Onboard, you also don’t have unlimited bandwidth, so applying updates is usually left till you’re back at berth. So it’s all left to do in a few hours, and that leaves the machines vulnerable. Updates are a bad time... a compounding problem.”
“Don’t just cross your fingers,” he advised. “The risks - well, it’s the same onboard a vessel as any business. It can stop machines working – it can stop work – full stop.”
By Stevie Knight
Latest Press Releases
Innovative vessel for CEMEX UK is first of next generation of marine aggregate dredgers Read more
MIT deliver Bespoke Exhaust Suspension System by Rubber Design for Sir David Attenborough Research Vessel
MIT has successfully delivered a bespoke exhaust suspension system to Cammell-Laird Shipbuilders in ... Read more
Damen has delivered two of four ASD 3212 tugs to towage and related marine services’ company Smit La... Read more
International equipment supplier Oceanscan has added underwater acoustic positioning technology from... Read more
Welders from Damen Shipyards Galati in Romania recently took part in the 2018 Arc Cup International ... Read more
The 326-metre, 146,000 DWT, cruise ship Norwegian Breakaway arrived in Brest on 28 April for 11 days... Read more