By Graham Sutherland, Senior Vulnerability Researcher
Developing and implementing secure remote access solutions can be a challenge in itself. As new threats continue to emerge and existing threats evolve, ensuring both your physical communications infrastructure and your communications operations are secure is vital to the day to day operations of your business. However, when factoring in the challenges of remote communications at sea, things can begin to get even more tricky if you don’t follow the correct procedures for establishing secure methods of remote communication.
At sea, the two main challenges are availability of resources and connectivity. These two factors have over the past decade have been the driving force for continual development of remote access solutions. Whilst today, we are in one of the best positions to defend our assets against ongoing threats, there are still an extensive set of considerations to be made when evaluating an approach or vendor offering.
Below, we will outline 9 key considerations which must be made when implementing remote access communications.
- General application security of the management platform front-end – an attacker who gains access to the front-end may be able to perform unauthorised operations on a ship’s systems.
- General application security of agent software – the agent software on the gateway must not allow unauthorised users to access its features or the services it brokers access to.
- User authentication (two factor auth, active directory integration, etc.) – strong user access controls help prevent password guessing attacks, credential theft and credential stuffing attacks.
- User enrolment and deactivation – adding new users is a security-critical activity that must be closely controlled and monitored, and user deactivation is an often-forgotten procedure when staff leave an organisation.
- Access control (enforcement, permission granularity, etc.) – user rights administration must be granular enough to allow for meaningful separation of user roles, and those rights must be correctly enforced by the solution as to avoid unauthorised access to functionality.
- Auditing and logging – while restrictive security controls are the first line of defence, auditing and logging help quickly identify accounts that have been compromised or misused. An audit trail is an invaluable piece of the puzzle in an incident response scenario.
- Communications between the management platform and agent, in particular resistance to man-in-the middle (MitM) attacks – security controls that validate the identity and authenticity of a user are ultimately invalidated if an attacker can steal credentials as they travel over the network or hijack legitimate user connections, so transport security (e.g. SSL/TLS) is important.
- On-ship communications between the agent and telemetry technologies (if applicable) – care must be taken to avoid allowing access between the general IT network on a ship and the separate network segment used by operational devices and sensors (e.g. GPS, AIS, engine management). This has, in our experience, been a key point of failure in many solutions.
- Ability to update the gateway device and agent software remotely without significant impediment – remote updates must be applied in a timely manner, which can be difficult on ships due to their limited internet connectivity. Software updates must also be appropriately verified for authenticity and integrity, to prevent an attacker from delivering a malicious update. It is important to ensure that each of these items are considered and assessed in order to help reduce the likelihood of security vulnerabilities which enable attackers to gain access to ships’ systems.
So, there you have our 9 advised considerations which should be made when implementing remote access communications. For more information on this, please view our full research report.