I was a career Coast Guard Officer until I retired in 2013. Upon retiring from the Coast Guard I joined Gnostech as the chief operating officer and became president in late 2014. The majority of my career was spent in either maritime law enforcement and defense operations or as a specialist in the Coast Guard’s technology community primarily working in and around command, control, communications, intelligence, surveillance and reconnaissance systems development or procurement.
For our readers not familiar, please describe Gnostech in a sentence or two.
We’ve been in business since 1981, primarily as a Department of Defense technology company. Gnostech Inc. is an applied engineering and consulting company with capabilities in the following areas: cyber security and information assurance, secure software development, systems engineering and GPS engineering. We serve customers in the maritime and defense industries, particularly the U.S. Navy, and we are headquartered in the Philadelphia metro area with an office in San Diego.
Cyber security obviously tops many corporate agendas today. When I say “cyber security”, what does that mean to you?
Cyber security is a term being used today to cover a wide variety of functions, but in most communities it primarily means protecting information and systems from major cyber threats, both internal of external.
It is also an emerging issue for the maritime industry. Not only would a maritime cyber attack have serious economic repercussions, but also environmental and national security implications. Many ask why there is an increase. There are many factors, including outdated software, human error, lack of knowledge, increasing sophistication of global cyber attacks, and more highly interconnected systems and a greater reliance on automation.
When you look at the maritime industry, are there any peculiarities which make enacting cyber security more challenging than a land-based facility? Please be specific.
Maritime is diverse to say the least. Many companies in this industry have geographically dispersed facilities and assets in sometimes isolated areas with minimal technical support. These facilities and assets may also have legacy systems with crews that have a lack of cyber knowledge or training. At the other end of the spectrum, you have highly automated and more remotely monitored systems where a cyber breach could put mission critical operations at a standstill. The ultimate challenge is to mitigate risk while ensuring the security and integrity of these systems, assets and facilities.
Gnostech recently introduced VulnX, “Cyber Security with Maritime in Mind”. Can you provide a concise description of VulnX with insights on how it is uniquely capable in the maritime sector?
One of the most proactive steps any organization can take to prevent a cyber breach is to apply published software patches and updates. These patches fill vulnerability holes within systems that hackers would typically exploit. Almost 99 percent of all cyber security breaches are from known vulnerabilities and about 90 percent of these breaches have patches available containing the required security fixes. However, this can prove to be time consuming and labor intensive.
VulnX is an automated, cloud-based solution that deploys published patches and remediates software and system vulnerabilities. Most importantly, it secures systems against cyber attacks without interference to critical systems. You can approve updates for a particular system to be deployed at a certain time. VulnX applies select patches and upgrades to specific systems across an organization’s assets and facilities. VulnX is designed for use in the maritime industry and environment, meaning it has the appropriate mechanisms to account for low bandwidth and connectivity loss. It can be customized to meet a maritime company’s needs and requirements.
Put in perspective your thoughts for the trajectory of Cyber crime and hacking in the coming five to 10 years.
It is certainly going to increase and global cyber attacks will become more hostile and complex. At least in the next five years, [Cybersecurity ventures] estimates that cyber crime will double and reach $6 trillion annually by 2021. Small businesses will be increasingly targeted, as well. Ultimately, the demand for state-of-the-market cyber solutions will continue to grow.
What do you consider to be the biggest challenge to keep a step ahead of those with criminal intent in the cyber space?
Awareness, at least within the maritime industry, is the biggest challenge and the understanding that cyber security is not just a buzzword. It is a real threat. Companies need to incorporate a cyber culture at all organizational levels and need to be trained accordingly. They also need to understand that a holistic approach is needed to tackle cyber security. No single application, tool or methodology will adequately secure your systems, facilities, or assets. Automated solutions and third-party assessments are just a small part of a complete cyber risk mitigation plan.
(As published in the May 2017 edition of Maritime Reporter & Engineering News)