Andrew Tierney: Pen Test Partners
“Workboats remain one of the most risky environments, they have to deal with bad weather and a range of tricky operations,” said Andrew Tierney of Pen Test Partners. “That desensitises people to lesser risks, risks that these days are much more likely. Like cyber attack.”
He added that while last year’s ransomware assault on Maersk should have been a wake-up call to all and sundry, he knows workboat operations might see themselves as too small to bother with. However, he underlined that these days, workboats are more in danger from holes in the IT than holes in the hull, “and criminals will more likely target those that don’t have good defences”.
Mr Tierney himself crossed over to IT security from a background in electronic engineering. However, as internet applications and IoT developed, he found himself in demand by a number of high profile companies before joining Pen Test Partners (no, not a biro shop, it’s short for ‘Penetration Testing’). He explained that his job is to show the gaps in a system before a cyber attack does and find the most practicable ways to close them – which could be simpler than one might imagine. However, his feet have been in the water as a crewman and he’s not naive about the realities.
“Software piracy is common in smaller fleets. Downloading cheap charts and so on seems to save money, but the sources are less than legitimate, and installing software you can’t trust is not a good idea. It exposes the vessels to risk of viruses.”
More, he added nasties can lurk in an apparently innocent email attachment like a spreadsheet or on a memory stick: “The worst thing I’ve so far seen has come from crew members spreading malware via a USB stick. Very easy”.
This is meeting other factors in a perfect storm: “A few years ago vessels were relatively isolated, but now you are asking them to get online... even satellite services aren’t massively well secured: you find quite a few of the routers at exposed on the internet.” He added: “At the same time, support and tug boat crews are getting smaller and smaller, which means they are much more dependent on the software.” And he pointed out that any boat running on dynamic positioning “means there’s a massive reliance on the computer system”.
However, he added there’s probably just as much danger lurking in archaic systems, though he admitted it’s understandable: “Fleet owners often run old, unsupported software like XP or Vista, which can’t be updated and you’re left hoping they don’t break.” Unfortunately he added: “Onboard, you also don’t have unlimited bandwidth, so applying updates is usually left till you’re back at berth. So it’s all left to do in a few hours, and that leaves the machines vulnerable. Updates are a bad time... a compounding problem.”
“Don’t just cross your fingers,” he advised. “The risks - well, it’s the same onboard a vessel as any business. It can stop machines working – it can stop work – full stop.”
By Stevie Knight
Latest Press Releases
In a ceremony held at Damen Shipyards Singapore on 19 April, His Excellency, Dr. Augusto da Silva To... Read more
Always operating ‘bow first’ – a new paradigm in harbour towage Read more
Damen Dredging Equipment has launched a new DOP Dredger Series following the success of the DOP subm... Read more
National Maritime Shipping Company Kazmortransflot LLP, a leader in transportation in the Caspian Se... Read more
The P&O Cruises Grand-class cruise ship Ventura has just completed a two-week docking at Damen Shipr... Read more