Let’s use the same

picture in all
presentations

2019 ODESSA FORUM

Digitalization in the Maritime Industry & Thenamaris Developments

11/02/2019
Digital Transformation Era

2
Digital Transformation roadmap

Digitization Digitalization Digital Transformation

3
Digital Applications

Telemetry Systems Crew welfare

Tele- assistance System CBM 4

Digital Transformation Road Map

Digital
Transformation
Connectivity

Applications

Safety
IT/OT Convergence 5
VESSEL CONNECTIVITY: VSAT PROJECT

DIGITAL APPS: TELE-ASSISTANCE PROJECT

DIGITAL SAFETY: OT CYBERSECURITY PROJECT

22/2/2019
 VSAT era- Preliminary investigation (available technologies)

High data allowance & high data rates

C-band VSAT: Ku-band VSAT: Ka-band VSAT:

-Global coverage -Not global coverage -Not yet global system
-Large antenna (VLCC) -Small antenna -Small antenna
-High cost -Lower cost (airtime, -High bandwidth at reduced
equipment) cost
-Minimum blockages -Sensitive in rain fade &
-Business back up blockages
- Multiple SATCOM providers -Backup: FBB unlimited
2017
-Solid network 7
Vessel’s Communication Infrastructure

VSAT L Band

VLAN 1: VLAN 2:
Business Crew Wi-Fi

 VSAT Main unit: Ka-Band or Ku-Band

 L Band back up unit: Up to 432 kbps

 Automatic fail over according SNR

 2 Independent VLAN
8
 Initial VSAT project plan

 Implemented three (3) pilot installations (three months trial )

 Evaluation of the implemented options in all levels (IT,

Telecommunications, crew feedback, cost)

 Final decision

Market search/ Pilot Fleet wide

investigation implementation Pilot free trial implementation

JUN 2016 OCT 2016 NOE 2016 APR 2017 JAN 2018 DEC 2019

Pilot decision Roll out decision 6M evaluation

9
 Six Months Evaluation Outcome
VSAT satisfaction VSAT online time
100%
90%
80%
70%
60%
50%
40%
30%
20%
10%
0%

 83% VSAT online time / Fail over to FBB

 Frequent fail over/ fail back problems

 MTBF FX
equalreliability
to 1,848 hoursimprovement and SATCOM Policy
reconsideration
 Low voice quality through VSAT (randomly appeared)

 Unacceptable quality of voice through FBB

10
 Few cases where the FX is totally out of order due to HW failure -Single point of failure
Updated Project Plan

6M FX/Navarino Evaluation 01/2018

Communication with
02/2018
Navarino/waiting rectification

Decided Actions

FX/Navarino Reliability Ku-Band/ Marlink (15

03/2018
Increase vessels)

Comparative evaluation 02/2019

Provider selection 03/2019

11
Blocking zones

12
VESSELS CONNECTIVITY: VSAT PROJECT

DIGITAL APPS: TELE-ASSISTANCE PROJECT

DIGITAL SAFETY: OT CYBERSECURITY PROJECT

22/2/2019
Tele-assistance Architecture

14
Vessel’s Communication Infrastructure with Tele-assistance

VSAT L Band

VLAN 1: VLAN 2: VLAN 3:

Business Crew Wi-Fi Tele-assistance

 Tele-assistance 3rd VLAN

 Both internal and external spaces will be

covered

 Tele-assistance of higher bandwidth priority

15
WLAN Technology- MIMO Beamforming

 Utilization of both Wi-Fi bands (2.4GHz & 5GHz)

 Beamforming in the E/R multipath propagation

environment

 WLAN software controller/remote configuration

 Roaming between the APs

 APs position determination through predictive,

software based, survey 16
2nd E/R Floor Access Points Positioning and View

2nd E/R AFT AP

2nd E/R FD AP

17
Tele-assistance WLAN Propagation Analysis

d 
A(d )[dB]  A(d0 )  10n log    X 
 d0 

 WLAN robustness verification through a suitable heat mapping software tool

 LOS propagation losses shows high correlation with the Log-distance path loss model
(correlation coefficient 0.857)
 Path loss exponent of 1.56 (E/R behaves as an electromagnetic reverberation
chamber).
 Fading standard deviation σ = 1.63
 11 to 13 dB propagation attenuation through metallic walls with sufficient low
attenuation openings exist
18
Video Streaming Quality of Experience Study

MOS Quality Subhead

5 Excellent Imperceptible
4 Good Perceptible but not annoying
3 Fair Slightly annoying
2 Poor Annoying
1 Bad Very annoying

Bit
MOS
Rate
Sharpness Playback Overall
Noise
smoothness QoE
150 1.4 1.8 1.8 1.6
250 1.8 1.9 2.2 1.9
500 4.2 4.2 4.2 4

 Vessel A and Vessel B with similar E/R characteristics tested. Similar weather
conditions.
 Vessel A (Ku-Band VSAT) achieved lower uplink bitrates compared with Vessel B
(Ka-Band VSAT)
 Remote Assistance applications require such video quality that the displayed
letters, numbers and circuitry details to be clearly readable
 Acceptable video quality is perceived for bitrates of 500kbps
19
Tele-Assistance trial

20
Tele-assistance– Propose an application

21
VESSELS CONNECTIVITY: VSAT PROJECT

DIGITAL APPS: TELE-ASSISTANCE PROJECT

DIGITAL SAFETY: OT CYBERSECURITY PROJECT

22/2/2019
OT Cybersecurity

 Navigation systems (ECDIS, AIS, Radar, GPS)

 Communication (INM-C, VHF, SATCOM)
 Safety systems (VDR, AMS, Fire detection ,BNWAS, Gas detection)
 Ship control systems (Maneuvering & steering)
 Production systems (Cargo management, PMS)
 Information systems (Telemetry, Hermes) 22/02/2019
OT Systems Landscape

22/02/2019
OT Systems Landscape

22/02/2019
OT Cybersecurity Incidents

22/02/2019
Cybersecurity of Industrial Control Systems (OT)

 TMSA and VIQ 7 Requirements

 Critical Systems for the vessel’s operation

 Multiple retrofits and new interconnections

 Uncontrollable Stand-Alone ICS

22/02/2019
Cybersecurity Critical Incident

 Vessel position found to be at land in

ECDIS by port authorities

 The root of cause was a software bug

and an update was required

 The maker never informed Thenamaris

about

 10 more vessels had the same software

version

22/02/2019
 Cybersecurity Critical Incident No2

 Vessel position found to be at land in ECDIS at

Novorossiysk anchorage

 The root of cause was GPS spoofing by military

transmitters

 GPS 1 only affected while GPS 2 not.

 The crew altered the ECDIS GPS source

22/02/2019
TNM OT Cybersecurity

Office personnel
ICS CS Awareness
Seafarers

Cyber Security Plan

OT Systems Reliability Policy
Password policy
ICS CS Administrative
SW Management Policy
Controls
Removable Media Policy
Audit Policy
Wireless LAN Deployment & Access Policy

30
 TNM OT Cybersecurity

IT LAN Assessment- OT Reliability Policy

Rectification Implementation
Telecommunication and Removable Media
On Site Technical
R&N systems Assessment Policy Implementation
Controls
Password Policy ICS Functional
Implementation Description Documents

 Technical controls have been implemented in 12

vessels (all during D/D) except Password and
Removable Media.
 Extensive workload is required (cabling, labeling,
network physical checks, backups reception etc)
 Few actions could be made remotely or implemented
by the crew

31
 TNM Removable Media Policy

•Dedicated classified removable USB memory stick will be used for ECDIS (as medium to transfer the charts
updates from secondary PC to ECDIS). This USB stick will be kept safely in a locker under the responsibility of
the navigation officer. Attention shall be paid to keep the USB media on the ECDIS or the secondary PC as
long as the update lasts.

•Dedicated classified removable USB memory sticks will be used for the rest critical OT systems as those
have been defined by the existing criticality analysis matrix. More specifically one USB will be dedicated for
the bridge OT systems and it will be kept safely in a locker under the responsibility of the master while a
second USB will be dedicated for the engine OT systems and it will be kept in a locker under the
responsibility of the chief engineer. A third USB stick will be kept at the master’s cabin as a backup in case of
loss or damage of any of the above USB sticks.

32
 TNM Removable Media Policy

•Critical OT USB sticks will be formatted in the vessel’s IT LAN server before any usage.

•Stickers will be posted on all critical OT systems equipment that they are equipped with USB or serial ports
and any other type of inputs which the will inform that it is not allowed the connection of unauthorized
devices.

•Physical security controls shall address specific requirements for the safe and secure maintenance of all
other removable media assets that accompany the delivery of the OT systems in the vessel (drivers,
programs etc) and provide specific guidance for transporting, handling, and erasing or destroying these
assets.

•Computers and computerized devices used for ICS functions (such as PLC programming) is not allowed to
leave the ICS area. Laptops, portable engineering workstations and handhelds (e.g., 375 HART
communicator) will be tightly secured and it is not allowed to be used outside the ICS network.

33
 TNM OT Password Policy

•The OT systems passwords will have 6 characters length if possible. 2 letters followed by 4 numbers will be
used.

•The passwords shall not be able to be found in a dictionary or contain predictable sequences of numbers or
letters (such as vessel’s name, Hull number and IMO number). Any default passwords will be changed

•Passwords should be used with care on operator interface devices such as control consoles on critical
processes. Using passwords on these consoles could introduce potential safety issues if operators are locked
out or delayed access during critical events. Physical security should supplement operator control consoles
when password protection is not feasible.

34
 TNM OT Password Policy

•The keeper of the simple user passwords will be the vessel’s master. Engine systems passwords will be kept
by the chief engineer also. Any copies of those passwords must be stored in a very secure location with
limited access. Official handover procedure for the passwords during the change of command should be in
force.

•The passwords of privileged users (such as network technicians, electrical or electronics technicians and
management, and network designers/operators) should be most secured and will be kept by the vessels
superintendent (technical, marine or electrical).

•Authority to change OT systems passwords will be limited to superintendent. This will be made annually
and the corrected passwords will be given to the master and chief engineer.

35
IT/OT Convergence

36