How to manage cybersecurity threats in maritime
At KNL Networks, we know that increasing the amount of data flowing on and off ships improve operational efficiency, reduce costs, and provide better overview for maintenance and other tasks. But we also know that there are huge challenges when it comes to properly manage that data. The maritime industry needs no reminders how cybersecurity has become one of the biggest threats to the industry; an attack due to an improperly-managed network can cause month worth of delays and tens of thousands in replacing and updating systems.
In response, we’ve put cybersecurity at the core of our business, and not just because our CEO and fellow founders are former military radio engineers.
But first, some background.
As you may know, KNL Networks uses our proprietary technology HF radio to form a global mesh network with a maximum range of roughly 10,000 kilometers. Ships at sea automatically make a connection with another ship at port with a KNL device making a cellular connection.
With data flying around the world, it’s important to build in security from the ground up and understand, that security is not only encryption, it starts from hardware design and goes through all the layers to application and users.
Securing your device
Simply put, the KNL device is locked down. Starting with a trusted boot chain, every step in the boot process verified from a secret key located in the hardware itself, through the processor’s internal encryption unit. With the software device booted up, data sent over HF use an AES256 based encryption method which has its own key in place. VPN is used for cellular connections.
Should someone get physical access to your device, know that all memory stored on the device is encrypted through the processor’s internal hardware encryption unit. The radio can be only in two states: it is completely powered off or it’s operating in a known state and can be trusted.
Naturally, we keep your device updated automatically to provide security fixes and additional features.
Moving your data securely
Let’s start with your on-board devices. At KNL, we use API keys to manage different applications and users. On-vessel, the communication from a device to the KNL device is TLS / HTTPS encrypted, the same encryption you use when using your online bank.
Once it touches the device, all your data plus the extras we may send like transmission headers, addresses, vessel positions, and so on are encrypted and transmitted using the AES 256 encryption algorithm, tunneled through a VPN until it reaches the KNL Cloud servers, which are hosted on AWS for reliability.
Once there, your office connects to the data again using TLS / HTTPS encryption.
KNL doesn’t process your data, so we can’t directly protect your systems from viruses. But we can take every precaution to ensure that no viruses can get in by sneaking through the network.
Protecting against network attacks
You have to consider that to some hackers, attacking the communication network is just as “valuable” as implanting a virus aboard your ships. To that end, you can see the real power of a global mesh network.
Satellites operate on a many-to-one principle, which poses some risks. If the satellite is jammed from malignant actors (or overloaded from too much demand) you’ll experience network failure.
KNL global network uses HF radio, a wide spectrum that is near impossible to jam. In fact, parts of the HF spectrum are “jammed” all the time, due to other traffic or solar interference, so we’ve built our radios to be cognitive, meaning they can automatically switch to the next best channel.
An attacker jamming the network is a small risk to your business, but it shows how KNL is distributed by nature and has no single point of failure that could disable the network. This is the power of a Mesh Network; each new device helps make the network stronger and more stable, rather than overloading it.
We’ve put a lot of thought in how we can secure our network. On the application side, we do limit the number of HTTPS requests as well as limiting the sending of new files. With these (configurable) parameters we have protection against DoS attacks in the network.
We love to talk about security
We’re junkies for this sort of stuff. If you have any questions, concerns, or would just like to chat you can always reach out to us at email@example.com or you can find our contact information here.
We’re experiencing one of the biggest transformations to come to the shipping industry, but it comes with some costs we need to prepare for through a distributed mesh network.