Operational Technology (OT) security has affected marine vessel and port operators, since both ships and industrial cranes are being digitalized and automated at a rapid pace, ushering in new types of security challenges.
Ships come to shore every six months on average. Container cranes are mostly automated. Diagnostics, maintenance, upgrade and adjustments to these critical systems are done remotely, often by third-party vendor technicians. This highlights the importance of proper secure remote access management for industrial control systems (ICS).
Learn more in our Buyer's Guide for Secure Remote Access Lifecycle Management.
We at SSH Communications Security (SSH) have been pioneering security solutions that bridge the gap between IT and OT in privileged access management. Let's investigate how we helped two customers solve their critical access control needs with us.
Secure Remote Access Around the Globe to 1000s of Ships
In the maritime industry, ensuring secure and efficient remote access to OT systems is vital for maintaining vessel operations and safety. A prominent marine vessel operator, managing a fleet of advanced ships, faced significant challenges in this area. With operations spanning across the globe and an ever-expanding fleet of ships to manage, the company needed a robust solution to secure remote access for their engineers and vendor technicians.
The Challenge
The customer's existing security measures were inadequate for the complex and dynamic nature of their operations. The connections to ships were always on, it was hard to link an identity to each session, the lack of both granular access controls and comprehensive auditing capabilities posed a risk to both security and compliance, and the customer had scalability challenges with their existing solution.
The Solution: PrivX OT Edition
To overcome these challenges, the company implemented SSH's PrivX OT Edition. This solution provides a centralized, scalable, and user-friendly platform for managing remote access. Key features include:
- Enabling the customer to connect to their customers' 1000s of container ships globally over satellite links to perform maintenance, monitoring and diagnostics.
- Just-in-Time (JIT) and Just Enough Access (JEA): Ensuring that engineers have the appropriate level of access only when needed and only for the duration required.
- Comprehensive auditing: Offering detailed insights into access management.
- Centralized access: Both internal and external technicians log into one centralized gateway regardless of the location of the ship or the technician.
- Automation: The solution was deployed in the AWS cloud for satellite connections and automatic linking of an identity to a role for high performance.
As a result, the customer can now ensure the safety of the crew, prevent unscheduled and costly dock time, mitigate the risk of disruptions to ship operations, and fulfill the requirements and recommendations by the NIS2 Directive and IEC 62442 standards. All this while modernizing their operations to gain a competitive edge in the global maritime industry.
Read more about the case here.
Vendor Technician Access to Industrial Cranes Restricted and Secured
This customer is a leading global manufacturer of industrial equipment, with over a century of experience. Operating in around 50 countries, the company needed a robust solution to secure remote access to automated industrial cranes for their maintenance engineers.
The Challenge
The company's existing point solution based security controls were insufficient. They lacked the necessary granularity, functionality, and transparency, increasing the risk of cyberattacks and data breaches. As an example, the customer had difficulties in restricting access to cranes in a specific port, meaning that a maintenance engineer from Asia could access a port in Europe - and vice versa.
Additionally, the previous solution did not provide adequate auditing capabilities, making compliance and security regulation adherence difficult.
The Solution: PrivX OT Edition
To address these challenges, the company adopted SSH's PrivX OT Edition. This solution offers a centralized, scalable, and user-friendly platform to manage remote access. Key features include:
- Regional restrictions on vendor technicians to access cranes at maritime ports.
- Just-in-Time (JIT) and Just Enough Access (JEA): Ensuring that engineers have the right level of access at the right time for the right crane only.
- Comprehensive Auditing: Audit trail of activities, session monitoring and recording.
- Non-disruptive deployment: Adding granular access control with minimal changes to existing VPN/Firewall/technology infrastructure.
As a result, the customer can now restrict access per region and per crane for proper segregation of duties. Both ad-hoc and scheduled technician access is secure and available within minutes - and with automatic off-boarding. What's more, this more granular access control was achieved with minimal disruption to the existing infrastructure.
Read more about the case here.
Conclusion
With PrivX OT Edition, companies can centralize access to all critical targets in IT and OT, regardless of the location of the user or the target. The solution removes the need for point solutions for access and offers a uniform, scalable, and coherent access for security needs at industrial scale.