Dan Ng is CEO of CyberOwl, a disruptive startup helping maritime asset operators gain visibility of the cyber risks to their distributed, remote assets. CyberOwl helps fleet operators understand what they have onboard, keep it secure and prove they have secured it. Before building CyberOwl he was Associate Director at KPMG, where he focused on the Defense, Security and Industrial sectors. During that time, he worked extensively developing propositions, market entry and commercial strategies for global security, defense, technology and engineering companies such as Northrop Grumman, Atos and BP. Dan was also Chair of a Working Group at the IoT Security Foundation, Council Member of the Digital Technology Group of the UK Society for Maritime Industries and Steering Committee Member for the Operational Technology Cyber Security Alliance.
We talk about maritime cyber security and the experience of coming into the maritime space as an outsider and building a startup.
Entering the maritime market as outsiders can resemble the five stages of grief. At first, it’s very exciting - you see the potential, and a market that is asking to be disrupted. You throw yourself into it - and find yourself getting frustrated by it, for lots of different reasons. Dan and CyberOwl are now at the stage, since COVID, strangely, where they’ve started to love it. You can fall in love with the maritime sector. It has certain peculiarities but once you understand them, they make it quite fascinating.
One surprising learning was that nearly everyone knows nearly everyone, despite it being such a huge sector in terms of assets under management etc. goods move the value of goods move. The sector is highly competitive, but if you spend time investing, understanding the nuances, and understanding why decisions are made, the sector is also highly supportive. Dan has worked in many sectors and found the maritime sector one of the rare sectors where if you reach out to somebody and ask for help, invariably they will help you in some form to the best of their ability. If you try that in financial services, for example, no chance.
The maritime sector is leap-frogging stages of innovation that other sectors have already gone through. Those sectors have had to try, test, fail, rebuild, retry, retest, re-fail. Maritime innovation can build on this and implement step changes with less risk. However, the sector has not had quite enough time to fully understand the process of innovation itself. Because it's also a very economically astute sector, very financially oriented, it often ends up making decisions based on very operational and very tactical, rather than strategic, choices.
There is also an assumption that you can outsource innovation. Just bring the startup in and the startup innovates and then suddenly everything changes. But of course, you need to guide that innovation and then consume it once it's created. That requires a lot of infrastructure in the organization such as the capacity to properly trial or move things from trial to roll out, to educate internally and change the mindset, and to go against a very established way of working. All of this is crucial and takes longer and costs more than developing the technology itself. Shipping is not fully embracing that yet.
In the context of cyber security, technical and operational challenges abound in the maritime environment - SATCOM blackouts, bandwidth limitations, etc. So you need to enable the crew at the edge, on the vessel, to do the things they need to do. But also to be part of the cyber risk management process. Whereas in lots of other places, where you've got land based systems always connected, always on cloud, you can take away that responsibility or centralize that responsibility somewhat.
There are very high impact, but super low likelihood incidents, like hacking and hijacking an LNG tanker. Then you've got the very, very high frequency incidents that are super low impact, like losing an email. CyberOwl focuses on the middle frequency, middle impact space.
A lot of that middle impact is mainly around business interruption. Like hanging back to get something replaced, not being able to connect to be able to send some instructions or exchange instructions, not being able to do a crew change, and having to redirect something to a different port. If you add all these things together, they become an expensive nightmare for the fleet operator.
CyberOwl focuses on resilience. Anything that changes business continuity, that's worth worrying about. The key question is: If you are attacked, how do you get back on your feet and get operations moving again, as quickly as possible?
Early warnings are one method of protecting continuity. Even better if we can find backdoors that have been left open, so that the customer can close those big backdoors. CyboerOwl aims to continuously make it harder and harder for attackers so that they go to the “next house”, because it's easier.
Overall, it’s a “prevent, protect, respond” approach. Prevent is all about keeping things hidden, out of sight of potential attackers. Protect is about protecting assets from attacks. Respond is how to get back on track after an attack.
Even large shipping companies don’t have the luxury of a dark room with three cybersecurity people constantly scanning the screens. They need simple, easy to understand, solutions. Which vessel, which PC on the vessel, which function is that PC working on? Does it affect any of the key operational technology equipment or safety critical equipment on the vessel? Is that vessel on a critical voyage at the moment? Is it time sensitive? Can I take action now? Or can I sort of leave it for a bit and deal with another fire over there first. By building the solution around such decisions, CyberOwl aims to create unique value for their customers.
Another maritime-specific value is based on the relationship between ports of call and cyber risk of shipboard systems. Different national internet infrastructures have different levels of security in quality. In general, it’s about looking for precursors, right. For example a certain vessel IoT system that is configured and installed in a certain way might be a warning sign for certain security risks.
CyberOwl collects such precursors, building baselines and trends around them. Ways of working, type of cargo, certain voyages, ports of call - all go into analytics to better understand and predict risks. However, AI in cyber security is likely to happen first for high frequency, low impact risks.
A key trend is an increase in attacks on the supply chain as a whole rather than specific vessels. Just a few weeks ago, a fairly large shipping ERP vendor got attacked, which resulted in 10% of their customers being affected.
The SolarWinds case affected 33,000 companies that use SolarWinds as their infrastructure management system. Even some maritime companies were affected by that, which caused them to bec CyberOwl customers.
“It's like the five stages of grief, entering the maritime sector” - Dan Ng.
“The trend we are seeing is attacks on key vendors in the maritime sector, rather than a specific vessel or specific shipping company.” - Dan Ng.