latest NEWS
BlueCORE’s Cyber Security solution – tested by IOActive

Written by Robert Hansen

Project Manager at Sea IT with +25 years of experience within the Maritime Sector.

News

September 6, 2019

Building secure, sustainable and stable IT solutions has long been a priority issue for Sea IT, long before Cyber ​​Security became a popular concept. Overall thinking when designing systems and solutions is a success factor. But also, to think about security primarily and not just Cyber ​​Security – both external and internal risks must be considered when developing systems and solutions.

– Allowing IOActive, one of the largest players in this area, to quality assure and review our systems, is another step-in building an even more secure solution for our customers, says COO Mattias Patriksson.

BlueCORE Concept
– BlueCORE offers a complete solution for our customers where all parts are customized and developed to create the best and safest solution based on our customers’ needs. From the very beginning, the safety issues are included, not only when we look at the individual products that will be included in the solution, but also how they should work best together, says Kristian Ryberg.

Sea IT built the first version of BlueCORE’s Cyber ​​Security solution in conjunction with an installation of a large VSAT project for its customers as early as 2006. The solution already then contained online virus protection and content filters as well as segmented networks for crew and business. At that time there were many protests from both shipowners and crew, but these safety measures are today, 13 years later, requirements for all vessels. Today, Sea IT installs the 5th generation of BlueCORE Cyber ​​Security, a system that has been constantly improved and developed based on the experience the company has accumulated throughout the years in the maritime industry together with its long-term customers and partners.

We have always been at the forefront and far ahead of the rest of the shipping industry when it comes to safety issues and we want to continue to be a leader in these matters. Therefore, we only work with the best suppliers in the field and try to find leading suppliers outside the shipping industry to ensure the best solutions. These suppliers often have a head start and are more up to date than the specific shipping providers. Today we work, for example. with Fortinet a market leader in network security. Fortinet’s security products effectively monitor and prevent malicious code and unwanted traffic on the network – all in real-time and with complete feedback to Sea IT. Fortinet’s security products also enable invaluable insight into the security situation in BlueCORE.

OActive – Sea IT is committed to Cyber ​​Security
In order to ensure the best and safest solution for its customers, Sea IT engaged the reputed and worldwide company IOActive for a safety analysis test of BlueCORE. IOActive conducted extensive tests of the IT infrastructure of the vessels, the network structure and the support system by simulating real cyberattacks, so-called penetration tests. IOActive looked not only at the infrastructure and the various parts of the solution but also at the resistance to attacks, the ability to detect them and to act to eliminate and harm the threats and attacks.

– The review that IOActive did of both internal and external risks in our solution was our way to get a solid cyber security picture to assuring that we take the right steps in order to continue our ongoing work to meet todays and tomorrows cyber security risks says Mattias Patriksson.

We commend the leadership team at Sea IT for the commitment in bringing in outside vendors like IOActive to provide an hackers point of view and make recommendation to secure the vessels IT infrastructure . said Matt Rahman, COO IOActive.

Cyber ​​Security – not just software and hardware
Sea IT realized early on that there are many parts that must interact to create secure, sustainable and stable IT environments and solutions for customers. Working with segmented networks, backups and redundancy is self-evident. Likewise, to work with the permissions of the various parts of the solution so that users can only see and can reach what concerns them. But it’s not enough.

– It is not possible to focus only on hardware and software – it is also important to focus on education and information for those who will use our products. Many people believe that Cyber ​​Security is only about what comes from outside the company and how the company must protect itself against it and they sometimes forget that many of the big threats are on the inside in the form of, for example. users who connect their own devices to the networks, download files and click on links that can pose major security risks, continues Kristian Ryberg.

Sea IT has also worked on visually enhancing security by, for example, locking the computers on board, limiting the possibilities of connecting external devices, plugging out sockets and putting up stickers and signs.

Standardization and economies of scale provide safe, stable and sustainable solutions for customers
Since BlueCORE is based on standardized solutions that are installed on many vessels, Sea IT often finds risks that the suppliers are not themselves able to detect. This means that risks and problems in most cases can be handled and taken care of before the vessels even notice them or can be removed before they even occur. The only thing the shipowners and crew see is a safe, stable and enduring function that operates 24/7.

– It is important that we always have a risk awareness in the company and that safety issues are included in every development we do. It is a dynamic work that must always be ongoing. That is why we work with standardized processes and routines for development and change management. We constantly monitor our systems, simulate conceivable problems and fix them before they occur. If something still happens, we already have a plan for how to handle it.

About – BlueCORE
BlueCORE™ is a cost efficient, modular platform which supports customers business objectives, designed to fit global marine operations and meet high security standards. It is built to optimize business processes, reduce operational costs and to ensure maximum efficiency by utilizing all available IT resources onboard. It enables a seamless integration between the crew onboard and the office.

The BlueCORE infrastructure enables a close collaboration with 3rd parties and integration of their products to ensure it is an optimal solution. The BlueCORE concept consists of multiple components such as: system design, test and verification, training, policies, documentation, support, monitoring, communication, standardization and logistics planning.

Sea IT collaborates with leading partners in the maritime industry and integrates all 3rd party software and equipment, management of big data, phones, networks, WI-FI, and more. The BlueCORE services are not products and are not dependent of any specific hardware. BlueCORE is a mindset and a concept structure that integrates all software, hardware and communication to a fully functional operating ICT system. Day to day business is monitored – and all critical updates of the programs and content of the vessels – will be performed according to the shipping companies IT- and security policies.

About  – Sea IT
Sea IT, an independent system integrator specialized in the marine sector, offers second-to-none reliable ICT solutions. Sea IT collaborates with leading companies on a global basis to provide the best possible solutions to customers based on their requirements. The company has a strong network and has installed +350 successful projects for the marine industry to date. Sea IT serves its customers from 2 continents, 3 offices and provides dedicated support 24/7/365.

The Sea IT products and services are offered under the brands BlueCORE™, BlueCLOUD™, BlueSAT™, BlueCALL™, BlueTV™, BlueSKY™, BlueCONFERENCE™, BlueCONNECT™ and more. For more information please visit www.seait.se

About –  IOActive
IOActive has been helping to secure the world since 1998. Their unique “attacker’s perspective” is trusted by the Global 1000 to tackle some of their most complex security challenges. IOActive has established offices and research labs around the world and supports a globally diverse team in over 30 countries.

With embedded device and silicon hacking labs in Seattle and Madrid, IOActive’s research has been on the cutting edge of automotive, medical devices, aviation, satellite communications, and more.
IOActive is the only global provider that looks at your entire system.

With our state-of-the-art Full Stack Security assessments, we identify potential gaps throughout your environment. We drill all the way down to the facility and semiconductor level; we go all the way up to strategic impacts of personnel, process, and supply-chain security. We also carefully assess every layer in between.

About – FORTINET
From the start, the Fortinet vision has been to deliver broad, truly integrated, high-performance security across the IT infrastructure. We provide top-rated network and content security, as well as secure access products that share intelligence and work together to form a cooperative fabric. Our unique Security Fabric combines Security Processors, an intuitive operating system, and applied threat intelligence to give you proven security, exceptional performance, and better visibility and control–while providing easier administration. The Fortinet Security Fabric delivers a unified approach that is broad, integrated, and automated. Reduce and manage the attack surface through integrated broad visibility, stop advanced threats through integrated AI-driven breach prevention, and reduce complexity through automated operations and orchestration.

Our flagship enterprise firewall platform, FortiGate, is available in a wide range of sizes and form factors to fit any environment and provides a broad array of next-generation security and networking functions. Complementary products can be deployed with a FortiGate to enable a simplified, end-to-end security infrastructure. Our market position and solution effectiveness have been widely validated by industry analysts, independent testing labs, business organizations, and media outlets worldwide. We are proud to count the majority of Fortune 500 companies among our satisfied customers.

Fortinet is headquartered in Sunnyvale, California, with offices around the globe. Founded in 2000 by Ken Xie, the visionary founder and former president and CEO of NetScreen, Fortinet is led by a strong management team with deep experience in networking and security.

News