Andrew Tierney: Pen Test Partners
“Workboats remain one of the most risky environments, they have to deal with bad weather and a range of tricky operations,” said Andrew Tierney of Pen Test Partners. “That desensitises people to lesser risks, risks that these days are much more likely. Like cyber attack.”
He added that while last year’s ransomware assault on Maersk should have been a wake-up call to all and sundry, he knows workboat operations might see themselves as too small to bother with. However, he underlined that these days, workboats are more in danger from holes in the IT than holes in the hull, “and criminals will more likely target those that don’t have good defences”.
Mr Tierney himself crossed over to IT security from a background in electronic engineering. However, as internet applications and IoT developed, he found himself in demand by a number of high profile companies before joining Pen Test Partners (no, not a biro shop, it’s short for ‘Penetration Testing’). He explained that his job is to show the gaps in a system before a cyber attack does and find the most practicable ways to close them – which could be simpler than one might imagine. However, his feet have been in the water as a crewman and he’s not naive about the realities.
“Software piracy is common in smaller fleets. Downloading cheap charts and so on seems to save money, but the sources are less than legitimate, and installing software you can’t trust is not a good idea. It exposes the vessels to risk of viruses.”
More, he added nasties can lurk in an apparently innocent email attachment like a spreadsheet or on a memory stick: “The worst thing I’ve so far seen has come from crew members spreading malware via a USB stick. Very easy”.
This is meeting other factors in a perfect storm: “A few years ago vessels were relatively isolated, but now you are asking them to get online... even satellite services aren’t massively well secured: you find quite a few of the routers at exposed on the internet.” He added: “At the same time, support and tug boat crews are getting smaller and smaller, which means they are much more dependent on the software.” And he pointed out that any boat running on dynamic positioning “means there’s a massive reliance on the computer system”.
However, he added there’s probably just as much danger lurking in archaic systems, though he admitted it’s understandable: “Fleet owners often run old, unsupported software like XP or Vista, which can’t be updated and you’re left hoping they don’t break.” Unfortunately he added: “Onboard, you also don’t have unlimited bandwidth, so applying updates is usually left till you’re back at berth. So it’s all left to do in a few hours, and that leaves the machines vulnerable. Updates are a bad time... a compounding problem.”
“Don’t just cross your fingers,” he advised. “The risks - well, it’s the same onboard a vessel as any business. It can stop machines working – it can stop work – full stop.”
By Stevie Knight
Latest Press Releases
Contract signed at Abu Dhabi Boat Show 2018 Read more
Damen Shiprepair Oranjewerf receives ISO 9001:2015, ISO 14001:2015 and SCC** 2008/5.1 certifications
Damen Shiprepair Oranjewerf (DSO) has added three new certifications to its existing accreditations.... Read more
UK-based marine services company Stewart Marine has contracted Neptune Marine to build a new EuroCar... Read more
Polish marine electronics integration specialist Navinord has installed a state-of-the-art software ... Read more
Damen Shipyards Galati has made provisional delivery of the 74-metre Fishery Research Vessel Baía Fa... Read more
Damen Maaskant Shipyards Stellendam celebrates 70 years and bids farewell to director Frits van Dongen
On Saturday 13 October a party was held at Damen Maaskant Shipyards Stellendam (DMSS) to mark three ... Read more