BlueCORE's cyber security solution was tested by IOActive
Building secure, sustainable and stable IT solutions has long been a priority issue for Sea IT, long before Cyber Security became a popular concept.
Mattias Patriksson, COO Sea IT, says:
"Allowing IOActive, one of the largest players in this area, to quality assure and review our systems, is another step-in building an even more secure solution for our customers."
Sea IT built the first version of BlueCORE's Cyber Security solution in conjunction with an installation of a large VSAT project for its customers as early as 2006. The solution already then contained online virus protection and content filters as well as segmented networks for crew and business. At that time there were many protests from both shipowners and crew, but these safety measures are today, 13 years later, requirements for all vessels.
Today, Sea IT installs the 5th generation of BlueCORE Cyber Security, a system that has been constantly improved and developed based on the experience the company has accumulated throughout the years in the maritime industry together with its long-term customers and partners.
In order to ensure the best and safest solution for its customers, Sea IT engaged the reputed and worldwide company IOActive for a safety analysis test of BlueCORE. IOActive conducted extensive tests of the IT infrastructure of the vessels, the network structure and the support system by simulating real cyberattacks, so-called penetration tests. IOActive looked not only at the infrastructure and the various parts of the solution but also at the resistance to attacks, the ability to detect them and to act to eliminate and harm the threats and attacks.
Mattias Patriksson adds:
"The review that IOActive did of both internal and external risks in our solution was our way to get a solid cyber security picture to assuring that we take the right steps in order to continue our ongoing work to meet todays and tomorrows cyber security risks."
Sea IT realized early on that there are many parts that must interact to create secure, sustainable and stable IT environments and solutions for customers. Working with segmented networks, backups and redundancy is self-evident. Likewise, to work with the permissions of the various parts of the solution so that users can only see and can reach what concerns them. But it's not enough.
Kristian Ryberg, CEO Sea IT, says:
"It is not possible to focus only on hardware and software - it is also important to focus on education and information for those who will use our products. Many people believe that Cyber Security is only about what comes from outside the company and how the company must protect itself against it and they sometimes forget that many of the big threats are on the inside in the form of, for example. users who connect their own devices to the networks, download files and click on links that can pose major security risks."
Sea IT has also worked on visually enhancing security by, for example, locking the computers on board, limiting the possibilities of connecting external devices, plugging out sockets and putting up stickers and signs.
Since BlueCORE is based on standardized solutions that are installed on many vessels, Sea IT often finds risks that the suppliers are not themselves able to detect. This means that risks and problems in most cases can be handled and taken care of before the vessels even notice them or can be removed before they even occur. The only thing the shipowners and crew see is a safe, stable and enduring function that operates 24/7.