Sensor data from the open sea into a cloud

January 25, 2019 in Education

The article below is from the DIMECC Publications Series no. 22. Read the full pdf-version here.

When a ship is sailing in the open sea, up until now the transfer of large amounts of data has been difficult and costly, as connections have been dependent on radio waves and satellites.

Bandwidth in radio technology in the open sea is low and satellite connections expensive. Now Meyer’s Turku shipyard has been experimenting with transmitting and storing sensor data using the data transfer solution by the Oulu-based KNL Networks. Data can then be stored into Wapice’s IoT-Ticket storage service from all the seas in the world efficiently and affordable.

Cruise ships manufactured by Meyer include tens of thousands of devices that are used during the ship’s operation. Meyer collects various data from the sensors in the ship’s devices that are related to the ship’s operations and performance. “The idea is to utilise the data collected from the ships in real time or later. It is good to be able to collect usage data and analyse it. In the DIMECC D4V program, we have studied how data can be collected easily, securely and cost-efficiently. Another goal is to create a common point of connection for all who need it, which for its part will significantly improve the safety of ships,” says Kari Sil- lanpää, the director responsible for product development and research at Meyer’s Turku shipyard.

The solution by the Oulu-based KNL Networks allows global communication for ships using digital shortwave radio. The application combines HF radio with new innovations. In the open sea, KNL’s radio solution utilises frequencies from under 30 megahertz all the way to 1.5 megahertz. Low frequencies enable very long connections up to 10,000 kilometers. The idea is to have a network where all users transmit data. In fact, the quality of the network developed by KNL Networks improves with every new user, because it is a so-called MESH network where messages can travel along more than one path, and which also utilises several radio frequencies.

“Each ship creates a new potential point of connection, which improves the reliability of data transfer, while the simultaneous use of several bands improves transfer capacity.” KNL’s solution can connect to another ship within 10,000 kilometers which, while in port or close to the coast, acts as an access point for ships sailing further away from the coast and provides a connection to a 3G/4G network. This allows data transfer from almost every corner of the world – even the polar circles that are outside the range of regular data transfer satellites.

“KNL offers a simple and efficient networking solution: data is transmitted from one ship to another, and from there, to a port and into a cloud. This solution is technically secure and safe in many ways.” Wapice’s IoT-Ticket service stores data into a cloud and the measured data can then, for example, be visualized into a format that is easy to understand and utilise.

“We started experimenting with KNL’s system during the early stage of the D4V program. During the program, the system was developed further and Wapice was added in. Now we are able to collect and transmit data securely from a ship sailing in the open sea to an office. Data collection has been made easy. It does not affect the ship’s operation and it cannot be used to hack into the ship’s systems. In information security-related matters, we have also collaborated with F-Secure.”

Pilot tests have already confirmed the functionality of the system, and Meyer’s office can get real-time data about cruise ships.

“Cruise ships are complex systems, and their energy needs change constantly depending on whether the ship is moving, what sort of environment the ship is moving in and what operations are active on the ship. The data we receive allows us to provide even better services to ensure that ships are running as energy-efficiently as possible.”

Since the environment of a ship is constantly changing dynamically, Meyer uses collected data for simulation models, for the ships’ so-called virtual twins. This provides a more accurate picture of the situation on the ship, and ship operations can be adapted to changing environments in real time.

Sillanpää says that in the future, the goal is to develop data collection and use and the ability to utilise virtual models.  “This way, it is easy for an even larger number of device and system providers – or entirely new operators – to join in and start using the data available, both in their own development work and for providing new services.”

This article is from the DIMECC Publications Series no. 22. Read the full pdf-version here.

How to manage cybersecurity threats in maritime

January 15, 2019 in Education

At KNL Networks, we know that increasing the amount of data flowing on and off ships improve operational efficiency, reduce costs, and provide better overview for maintenance and other tasks. But we also know that there are huge challenges when it comes to properly manage that data. The maritime industry needs no reminders how cybersecurity has become one of the biggest threats to the industry; an attack due to an improperly-managed network can cause month worth of delays and tens of thousands in replacing and updating systems.

In response, we’ve put cybersecurity at the core of our business, and not just because our CEO and fellow founders are former military radio engineers.

But first, some background.

As you may know, KNL Networks uses our proprietary technology HF radio to form a global mesh network with a maximum range of roughly 10,000 kilometers. Ships at sea automatically make a connection with another ship at port with a KNL device making a cellular connection.

With data flying around the world, it’s important to build in security from the ground up and understand, that security is not only encryption, it starts from hardware design and goes through all the layers to application and users.

Securing your device

Simply put, the KNL device is locked down. Starting with a trusted boot chain, every step in the boot process verified from a secret key located in the hardware itself, through the processor’s internal encryption unit. With the software device booted up, data sent over HF use an AES256 based encryption method which has its own key in place. VPN is used for cellular connections.

Should someone get physical access to your device, know that all memory stored on the device is encrypted through the processor’s internal hardware encryption unit. The radio can be only in two states: it is completely powered off or it’s operating in a known state and can be trusted.

Naturally, we keep your device updated automatically to provide security fixes and additional features.

Moving your data securely

Let’s start with your on-board devices. At KNL, we use API keys to manage different applications and users. On-vessel, the communication from a device to the KNL device is TLS / HTTPS encrypted, the same encryption you use when using your online bank.

Once it touches the device, all your data plus the extras we may send like transmission headers, addresses, vessel positions, and so on are encrypted and transmitted using the AES 256 encryption algorithm, tunneled through a VPN until it reaches the KNL Cloud servers, which are hosted on AWS for reliability.

Once there, your office connects to the data again using TLS / HTTPS encryption.

KNL doesn’t process your data, so we can’t directly protect your systems from viruses. But we can take every precaution to ensure that no viruses can get in by sneaking through the network.

Protecting against network attacks

You have to consider that to some hackers, attacking the communication network is just as “valuable” as implanting a virus aboard your ships. To that end, you can see the real power of a global mesh network.

Satellites operate on a many-to-one principle, which poses some risks. If the satellite is jammed from malignant actors (or overloaded from too much demand) you’ll experience network failure.

KNL global network uses HF radio, a wide spectrum that is near impossible to jam. In fact, parts of the HF spectrum are “jammed” all the time, due to other traffic or solar interference, so we’ve built our radios to be cognitive, meaning they can automatically switch to the next best channel.

An attacker jamming the network is a small risk to your business, but it shows how KNL is distributed by nature and has no single point of failure that could disable the network. This is the power of a Mesh Network; each new device helps make the network stronger and more stable, rather than overloading it.

We’ve put a lot of thought in how we can secure our network. On the application side, we do limit the number of HTTPS requests as well as limiting the sending of new files. With these (configurable) parameters we have protection against DoS attacks in the network.

We love to talk about security

We’re junkies for this sort of stuff. If you have any questions, concerns, or would just like to chat you can always reach out to us at or you can find our contact information here.

We’re experiencing one of the biggest transformations to come to the shipping industry, but it comes with some costs we need to prepare for through a distributed mesh network.