For the most recent Futurenautics issue on cyber security we were fortunate to speak to James Collett, Director of Mobility Services at Intelsat. We didn’t have space to include the whole interview in the quarterly magazine, so here’s the full interview – and it’s good stuff.
There have been a raft of warnings recently from BIMCO to the IMB and submissions to IMO from Canada regarding the growing threats to maritime cybersecurity. In terms of the security of the network, what features keep users secure and what additional developments are Intelsat pursuing to keep them that way?
In a maritime network, the satellite operator is responsible for ensuring the availability of the service, or making sure the path between the maritime vessels and the teleport is always available. We break the general security model into how we are protecting the perimeter and how we manage access to the network. For the elements of the system that are responsible for transport that we own, we maintain security measures on those. Integrity of the network carrying customers’ transmissions is of primary concern, and Intelsat is the only satellite operator that has gone through independent auditing firm KPMG and completed a Service Organization Control 3 (SOC3) review of security controls. The successful review process provides commercially accepted validation that our products are offered in an appropriately secure environment.
When security is working correctly, it’s a partnership between the provider and the client. There are certain things the client has to do and certain things that we, as the provider, should do. As the satellite operator, our goal is to gather as much information as possible on what is happening with network traffic in real-time. For example, we have tools integrated into our ground network that allow us to mitigate denial of service attacks very quickly. When a network breach occurs, most likely the cause is users unwittingly introducing security risks using previously-penetrated devices to access the network. This lack of security I.Q. by a consumer often is the weak link in terms of locking-down the shipboard environment.
There is debate on how far the satellite operator should go down the security stack, or the integrated layers of services that provide network security. In certain cases, the satellite operator has an ability to take a larger role in the security management. There are ways to extend security controls all the way to the end point device. Currently, that doesn’t happen a lot, often due to additional cost, and network operators haven’t put a priority on paying for that additional level of service.
Ship operators and their suppliers are being heavily encouraged to digitise their operations,and network operators are set to benefit. Is there an obligation on companies like Intelsat to ensure that users understand the new risks always-on connectivity brings?
Yes, the provider does have an obligation to work with customers in regard to network security. But the customer also has to recognize their responsibilities as well—as I mentioned earlier, it is a partnership. The three core tenets of security are availability, confidentiality and integrity. The network operator is responsible for availability. The enterprise customer is responsible for confidentiality – how the data passing through the network is stored and in what form it is transmitted and managed. This does not usually involve the network provider. The integrity of the transport is a joint effort, ensuring that when a customer’s traffic joins the network, the operator is sending it unimpeded to its destination. Network security is the strongest when all involved parties understand their roles and responsibilities.
The satellite operator often doesn’t deal directly with the end-user, does that mean that the responsibility for keeping the customer secure and aware of the potential dangers rests with the re-seller?
We’re keen to reiterate our own channel and operational structure, which is based on a wholesale partnership with VSAT service providers, which will have a key position in terms of delivering security both to the vessel and ship operator. For example – our partner, Airbus Defence and Space, through their Xchange managed platform, deliver advanced security solutions including machine-to machine authentication, online access controls for network clients, VPN functionality and three levels of firewall. On the vessel, these systems can manage separate networks for business and crew. Our own security focus rests at a different level and does not generally require end-user participation.
As more apps are being used to run ship operations should we begin to focus on certifying and testing those apps, the way we have with hardware? Do Intelsat have any plans to look at this area more closely?
In our role today, we would not have the visibility to provide that type of service. There are things we could do during the software testing life cycle (STLC) in regard to how someone is building and developing an application, but we are not involved in certification.
Many believe that the era of cyber-security is behind us, and what organisations have to become is cyber-resilient. As one of the major connectivity suppliers in an industry which transports 90% of everything does Intelsat have a broader role in helping to build that resilience in the maritime domain?
No; whereas “cyber-resilient” means creating an ecosystem that is not prone to being attacked, in the current era the opposite must be true. We have to build security to address the existing threats. The cyber world is moving so fast that it’s hard to keep up. It’s important to understand the threat environment and put in countermeasures that allow you to react decisively and effectively. But let’s be clear: we have to be able to respond to unknown threats. The network operator has to have the visibility to respond when needed. We’re dealing with an immensely advanced threat landscape today and that’s why we have to be able to react decisively and effectively.
Finally—something we ask everyone we speak to—What was the last piece of technology – consumer, industrial or professional – which made you say “Wow!”?
There might be more high-profile examples, such as the 3D-printed, flat-panel antenna, which highlight amazing technologies in use at the high-end of our own industry and many others. However, what is maybe more revolutionary is the gradual advance in the use of smart devices. It is easy to take this technology for granted, as it has now become established and commonplace, however, on a weekly basis there are new, accessible user apps being distributed which progressively change the way we all lead our lives. And in maritime the bring-your-own-device culture will also will mean that full broadband connectivity of almost every commercial vessel will no longer be optional. This change is happening now before our eyes.
Thanks again to James, and Intelsat for giving such a comprehensive set of answers to questions not many in the industry want to answer.