Operational safety technology (OT) has impacted marine vessel and port operators as both ships and industrial cranes are rapidly digitized and automated, creating new types of safety challenges.
Ships come ashore on average every six months. Container cranes are mostly automated. Diagnostics, maintenance, upgrades and tuning of these mission-critical systems are performed remotely, often by third-party technicians. This highlights the importance of proper secure remote access management for industrial control systems (ICS).
Learn more in our Buyer’s Guide to Securely Managing the Remote Access Lifecycle.
We are in SSH connection security (SSH) have been pioneering security solutions that bridge the gap between IT and OT managing privileged access. Let’s find out how we helped two customers solve their critical access control needs with us.
Secure worldwide remote access to 1000’s of ships
In the marine industry, providing secure and efficient remote access to OT systems is vital to maintaining vessel operations and safety. A well-known marine vessel operator that operates a fleet of modern ships has faced significant challenges in this area. A company needs a reliable solution to provide remote access for its engineers and supplier technicians.
Challenge
The customer’s existing security measures were insufficient for the complex and dynamic nature of their operations. Connections to the ships were always on, it was difficult to associate credentials with each session, the lack of granular access control and extensive auditing capabilities created both security and compliance risks, and the client had issues with the scalability of the existing solution.
Solution: PrivX OT Edition
To overcome these problems, the company implemented SSH PrivX OT edition. This solution provides a centralized, scalable and user-friendly platform for managing remote access. Key features include:
- Empowering the customer connect to 1,000 of its customers’ container ships worldwide via satellite communications perform maintenance, monitoring and diagnostics.
- Just-in-Time (JIT) and Just Enough Access (JEA): Ensuring that engineers have the right level of access only when needed and only for the right amount of time.
- Comprehensive audit: Offer detailed information about access control.
- Centralized access: Both internal and external technicians enter one centralized gateway, regardless of the location of the ship or technician.
- Automation: The solution was deployed in the AWS cloud for satellite connections and automatic person-to-role mapping for high performance.
As a result, the customer can now ensure the safety of the crew, prevent unscheduled and costly dockings, reduce the risk of vessel malfunctions and meet the requirements and recommendations of the NIS2 Directive and IEC 62442 standards. All this while modernizing their operations to gain a competitive advantage in the global maritime industry.
More about the case here.
The access of the supplier’s technicians to the industrial cranes is limited and protected
This client is a leading global manufacturer of industrial equipment with over a century of experience. Operating in approximately 50 countries, the company required a reliable solution to provide remote access to automated industrial cranes for their maintenance engineers.
Challenge
The company’s existing security controls based on point solutions were insufficient. They lacked the necessary granularity, functionality, and transparency, increasing the risk of cyberattacks and data breaches. As an example, a customer had difficulty restricting access to cranes in a certain port, meaning that a maintenance engineer in Asia could access a port in Europe – and vice versa.
In addition, the previous solution did not provide adequate auditing capabilities, making it difficult to meet compliance and security regulations.
Solution: PrivX OT Edition
To solve these problems, the company adopted SSH PrivX OT edition. This solution offers a centralized, scalable and user-friendly platform for managing remote access. Key features include:
- Regional restrictions on supplier technicians to access cranes in seaports.
- Just-in-Time (JIT) and Just Enough Access (JEA): Ensuring that engineers have the right level of access at the right time for just the right tap.
- Comprehensive audit: Activity audit trail, session monitoring and recording.
- Deployment without interruption: Adding granular access control with minimal changes to existing VPN infrastructure/firewall/technology.
As a result, the client can now restrict access by region and by tap for proper segregation of duties. Both ad hoc and scheduled access for technical staff are secure and available within minutes – and with automatic shutdown. Moreover, this more granular access control was achieved with minimal disruption to existing infrastructure.
More about the case here.
Conclusion
with PrivX OT editioncompanies can centralize access to all critical IT and OT goals, regardless of user location or purpose. The solution eliminates the need for point access solutions and offers uniform, scalable and consistent access for industrial-scale security needs.
