On yachts and large ships, securing the IT system has become an important task, which often does not present itself without problems for the owners or shipping companies. The maritime IT environment has changed considerably in recent years.
In the recent past, the captain communicated via fax with the owner's on-board office. In view of the rapid development of IT technology, even the highly qualified and trained ETO / IT managers are partly technically overtaxed today.
The highly complex systems are therefore controlled and monitored almost exclusively via remote access from land. Integrated bridges are the standard, while AV and Comms systems continue to grow. The demands on the network infrastructure are increasing as 24/7 connections of the IT equipment on board must exist to the services on shore, for example to correct errors or to implement updates and upgrades.
As a result, various supporters log into the IT system on board from shore via remote access. Thus, the partly sensitive on-board data is virtually at the free disposal of the mostly unknowns.
There is a risk that unauthorized persons or organizations may infiltrate and misuse the IT system. Unauthorized video or audio recordings via remote control via mobile devices are also a realistic scenario.
Hacking into the systems of ships is a known threat against which numerous protective measures are already available. The work of the external service technician, who logs into the yacht's system for regular maintenance as part of the service contract, remains largely unrestricted and uncontrolled.
Documentation of the personnel checks and controls of the support personnel towards the shipowner is hardly ever carried out. This tolerance seems inappropriate or negligent, especially in view of the economic and social background of many yacht owners.
Even the exact working times in the on-board system are difficult to track during remote access. As the remote support sessions generate significant bills, it is extremely useful for the ETO to be able to verify the actual hours worked ashore. Rest periods and waiting times, e.g. during loading software updates, should ideally be identifiable as such and charged accordingly.
The following questions arise:
How can ship captains control remote access?
How can they determine who gets which authorization in the system?
How can they monitor what the service technician is actually doing?
With VISULOX-RACAM the captain, the ETO or the security office can reliably control and assign system access from outside. It can determine how long the network has been accessed and check exactly what has been done. The transfer of information to and from the system is comprehensively monitored and controlled. Corresponding reports can be created at any level and level of detail. This applies not only to remote log-in sessions, but also to direct on-board sessions.
This is what the specific VISULOX-RACAM modules do:
Secure and reliable access even on low bandwidth and high latency connection role-based
logon via two-factor authentication role-based
application assignment for any type of application or IP service on the ship
(Windows, LINUX, Router, Switches, http-/https-based service, SSH, Telnet, VNC, X11)
Video recording of user interactions within a sessionAccess reportFile transfer control
The following experiences were gained with VISULOX-RACAM:
Companies that have implemented the system report have noticed the following improvements:
Technicians spend less time troubleshooting. Because they know that their work is recorded, they also work more efficiently.
Support is provided by more highly qualified personnel so that the respective tasks can be solved more quickly.
Documentation and ability to allocate errors improves accountability and accuracy of support
The requirements for the implementation of VISULOX-RACAM are rather low. No onshore mounted hardware is required. On the ship only a small 19" rack-mounted LINUX server (physical or virtualized) with internet connection is needed.