Professional Documents
Culture Documents
picture in all
presentations
11/02/2019
Digital Transformation Era
2
Digital Transformation roadmap
3
Digital Applications
Digital
Transformation
Connectivity
Applications
Safety
IT/OT Convergence 5
VESSEL CONNECTIVITY: VSAT PROJECT
22/2/2019
VSAT era- Preliminary investigation (available technologies)
VSAT L Band
VLAN 1: VLAN 2:
Business Crew Wi-Fi
2 Independent VLAN
8
Initial VSAT project plan
Final decision
JUN 2016 OCT 2016 NOE 2016 APR 2017 JAN 2018 DEC 2019
9
Six Months Evaluation Outcome
VSAT satisfaction VSAT online time
100%
90%
80%
70%
60%
50%
40%
30%
20%
10%
0%
MTBF FX
equalreliability
to 1,848 hoursimprovement and SATCOM Policy
reconsideration
Low voice quality through VSAT (randomly appeared)
Communication with
02/2018
Navarino/waiting rectification
Decided Actions
12
VESSELS CONNECTIVITY: VSAT PROJECT
22/2/2019
Tele-assistance Architecture
14
Vessel’s Communication Infrastructure with Tele-assistance
VSAT L Band
15
WLAN Technology- MIMO Beamforming
17
Tele-assistance WLAN Propagation Analysis
d
A(d )[dB] A(d0 ) 10n log X
d0
Bit
MOS
Rate
Sharpness Playback Overall
Noise
smoothness QoE
150 1.4 1.8 1.8 1.6
250 1.8 1.9 2.2 1.9
500 4.2 4.2 4.2 4
Vessel A and Vessel B with similar E/R characteristics tested. Similar weather
conditions.
Vessel A (Ku-Band VSAT) achieved lower uplink bitrates compared with Vessel B
(Ka-Band VSAT)
Remote Assistance applications require such video quality that the displayed
letters, numbers and circuitry details to be clearly readable
Acceptable video quality is perceived for bitrates of 500kbps
19
Tele-Assistance trial
20
Tele-assistance– Propose an application
21
VESSELS CONNECTIVITY: VSAT PROJECT
22/2/2019
OT Cybersecurity
22/02/2019
OT Systems Landscape
22/02/2019
OT Cybersecurity Incidents
22/02/2019
Cybersecurity of Industrial Control Systems (OT)
22/02/2019
Cybersecurity Critical Incident
22/02/2019
Cybersecurity Critical Incident No2
Office personnel
ICS CS Awareness
Seafarers
30
TNM OT Cybersecurity
31
TNM Removable Media Policy
•Dedicated classified removable USB memory stick will be used for ECDIS (as medium to transfer the charts
updates from secondary PC to ECDIS). This USB stick will be kept safely in a locker under the responsibility of
the navigation officer. Attention shall be paid to keep the USB media on the ECDIS or the secondary PC as
long as the update lasts.
•Dedicated classified removable USB memory sticks will be used for the rest critical OT systems as those
have been defined by the existing criticality analysis matrix. More specifically one USB will be dedicated for
the bridge OT systems and it will be kept safely in a locker under the responsibility of the master while a
second USB will be dedicated for the engine OT systems and it will be kept in a locker under the
responsibility of the chief engineer. A third USB stick will be kept at the master’s cabin as a backup in case of
loss or damage of any of the above USB sticks.
32
TNM Removable Media Policy
•Critical OT USB sticks will be formatted in the vessel’s IT LAN server before any usage.
•Stickers will be posted on all critical OT systems equipment that they are equipped with USB or serial ports
and any other type of inputs which the will inform that it is not allowed the connection of unauthorized
devices.
•Physical security controls shall address specific requirements for the safe and secure maintenance of all
other removable media assets that accompany the delivery of the OT systems in the vessel (drivers,
programs etc) and provide specific guidance for transporting, handling, and erasing or destroying these
assets.
•Computers and computerized devices used for ICS functions (such as PLC programming) is not allowed to
leave the ICS area. Laptops, portable engineering workstations and handhelds (e.g., 375 HART
communicator) will be tightly secured and it is not allowed to be used outside the ICS network.
33
TNM OT Password Policy
•The OT systems passwords will have 6 characters length if possible. 2 letters followed by 4 numbers will be
used.
•The passwords shall not be able to be found in a dictionary or contain predictable sequences of numbers or
letters (such as vessel’s name, Hull number and IMO number). Any default passwords will be changed
•Passwords should be used with care on operator interface devices such as control consoles on critical
processes. Using passwords on these consoles could introduce potential safety issues if operators are locked
out or delayed access during critical events. Physical security should supplement operator control consoles
when password protection is not feasible.
34
TNM OT Password Policy
•The keeper of the simple user passwords will be the vessel’s master. Engine systems passwords will be kept
by the chief engineer also. Any copies of those passwords must be stored in a very secure location with
limited access. Official handover procedure for the passwords during the change of command should be in
force.
•The passwords of privileged users (such as network technicians, electrical or electronics technicians and
management, and network designers/operators) should be most secured and will be kept by the vessels
superintendent (technical, marine or electrical).
•Authority to change OT systems passwords will be limited to superintendent. This will be made annually
and the corrected passwords will be given to the master and chief engineer.
35
IT/OT Convergence
36