Sensor data from the open sea into a cloud

January 25, 2019 in Education

The article below is from the DIMECC Publications Series no. 22. Read the full pdf-version here.

When a ship is sailing in the open sea, up until now the transfer of large amounts of data has been difficult and costly, as connections have been dependent on radio waves and satellites.

Bandwidth in radio technology in the open sea is low and satellite connections expensive. Now Meyer’s Turku shipyard has been experimenting with transmitting and storing sensor data using the data transfer solution by the Oulu-based KNL Networks. Data can then be stored into Wapice’s IoT-Ticket storage service from all the seas in the world efficiently and affordable.

Cruise ships manufactured by Meyer include tens of thousands of devices that are used during the ship’s operation. Meyer collects various data from the sensors in the ship’s devices that are related to the ship’s operations and performance. “The idea is to utilise the data collected from the ships in real time or later. It is good to be able to collect usage data and analyse it. In the DIMECC D4V program, we have studied how data can be collected easily, securely and cost-efficiently. Another goal is to create a common point of connection for all who need it, which for its part will significantly improve the safety of ships,” says Kari Sil- lanpää, the director responsible for product development and research at Meyer’s Turku shipyard.

The solution by the Oulu-based KNL Networks allows global communication for ships using digital shortwave radio. The application combines HF radio with new innovations. In the open sea, KNL’s radio solution utilises frequencies from under 30 megahertz all the way to 1.5 megahertz. Low frequencies enable very long connections up to 10,000 kilometers. The idea is to have a network where all users transmit data. In fact, the quality of the network developed by KNL Networks improves with every new user, because it is a so-called MESH network where messages can travel along more than one path, and which also utilises several radio frequencies.

“Each ship creates a new potential point of connection, which improves the reliability of data transfer, while the simultaneous use of several bands improves transfer capacity.” KNL’s solution can connect to another ship within 10,000 kilometers which, while in port or close to the coast, acts as an access point for ships sailing further away from the coast and provides a connection to a 3G/4G network. This allows data transfer from almost every corner of the world – even the polar circles that are outside the range of regular data transfer satellites.

“KNL offers a simple and efficient networking solution: data is transmitted from one ship to another, and from there, to a port and into a cloud. This solution is technically secure and safe in many ways.” Wapice’s IoT-Ticket service stores data into a cloud and the measured data can then, for example, be visualized into a format that is easy to understand and utilise.

“We started experimenting with KNL’s system during the early stage of the D4V program. During the program, the system was developed further and Wapice was added in. Now we are able to collect and transmit data securely from a ship sailing in the open sea to an office. Data collection has been made easy. It does not affect the ship’s operation and it cannot be used to hack into the ship’s systems. In information security-related matters, we have also collaborated with F-Secure.”

Pilot tests have already confirmed the functionality of the system, and Meyer’s office can get real-time data about cruise ships.

“Cruise ships are complex systems, and their energy needs change constantly depending on whether the ship is moving, what sort of environment the ship is moving in and what operations are active on the ship. The data we receive allows us to provide even better services to ensure that ships are running as energy-efficiently as possible.”

Since the environment of a ship is constantly changing dynamically, Meyer uses collected data for simulation models, for the ships’ so-called virtual twins. This provides a more accurate picture of the situation on the ship, and ship operations can be adapted to changing environments in real time.

Sillanpää says that in the future, the goal is to develop data collection and use and the ability to utilise virtual models.  “This way, it is easy for an even larger number of device and system providers – or entirely new operators – to join in and start using the data available, both in their own development work and for providing new services.”

This article is from the DIMECC Publications Series no. 22. Read the full pdf-version here.

How to manage cybersecurity threats in maritime

January 15, 2019 in Education

At KNL Networks, we know that increasing the amount of data flowing on and off ships improve operational efficiency, reduce costs, and provide better overview for maintenance and other tasks. But we also know that there are huge challenges when it comes to properly manage that data. The maritime industry needs no reminders how cybersecurity has become one of the biggest threats to the industry; an attack due to an improperly-managed network can cause month worth of delays and tens of thousands in replacing and updating systems.

In response, we’ve put cybersecurity at the core of our business, and not just because our CEO and fellow founders are former military radio engineers.

But first, some background.

As you may know, KNL Networks uses our proprietary technology HF radio to form a global mesh network with a maximum range of roughly 10,000 kilometers. Ships at sea automatically make a connection with another ship at port with a KNL device making a cellular connection.

With data flying around the world, it’s important to build in security from the ground up and understand, that security is not only encryption, it starts from hardware design and goes through all the layers to application and users.

Securing your device

Simply put, the KNL device is locked down. Starting with a trusted boot chain, every step in the boot process verified from a secret key located in the hardware itself, through the processor’s internal encryption unit. With the software device booted up, data sent over HF use an AES256 based encryption method which has its own key in place. VPN is used for cellular connections.

Should someone get physical access to your device, know that all memory stored on the device is encrypted through the processor’s internal hardware encryption unit. The radio can be only in two states: it is completely powered off or it’s operating in a known state and can be trusted.

Naturally, we keep your device updated automatically to provide security fixes and additional features.

Moving your data securely

Let’s start with your on-board devices. At KNL, we use API keys to manage different applications and users. On-vessel, the communication from a device to the KNL device is TLS / HTTPS encrypted, the same encryption you use when using your online bank.

Once it touches the device, all your data plus the extras we may send like transmission headers, addresses, vessel positions, and so on are encrypted and transmitted using the AES 256 encryption algorithm, tunneled through a VPN until it reaches the KNL Cloud servers, which are hosted on AWS for reliability.

Once there, your office connects to the data again using TLS / HTTPS encryption.

KNL doesn’t process your data, so we can’t directly protect your systems from viruses. But we can take every precaution to ensure that no viruses can get in by sneaking through the network.

Protecting against network attacks

You have to consider that to some hackers, attacking the communication network is just as “valuable” as implanting a virus aboard your ships. To that end, you can see the real power of a global mesh network.

Satellites operate on a many-to-one principle, which poses some risks. If the satellite is jammed from malignant actors (or overloaded from too much demand) you’ll experience network failure.

KNL global network uses HF radio, a wide spectrum that is near impossible to jam. In fact, parts of the HF spectrum are “jammed” all the time, due to other traffic or solar interference, so we’ve built our radios to be cognitive, meaning they can automatically switch to the next best channel.

An attacker jamming the network is a small risk to your business, but it shows how KNL is distributed by nature and has no single point of failure that could disable the network. This is the power of a Mesh Network; each new device helps make the network stronger and more stable, rather than overloading it.

We’ve put a lot of thought in how we can secure our network. On the application side, we do limit the number of HTTPS requests as well as limiting the sending of new files. With these (configurable) parameters we have protection against DoS attacks in the network.

We love to talk about security

We’re junkies for this sort of stuff. If you have any questions, concerns, or would just like to chat you can always reach out to us at info@knlnetworks.com or you can find our contact information here.

We’re experiencing one of the biggest transformations to come to the shipping industry, but it comes with some costs we need to prepare for through a distributed mesh network.

Make it scalable: Implementing IoT in Maritime

September 25, 2018 in Education

Digitalization in the maritime industry is taking off. At the very least, most companies now have a strategy and plan for the data they would like to have available onshore to perform vessel optimization during its voyage. But when it comes to third-party equipment onboard the strategy becomes less clear. How do you handle billing? How do you handle security? How do you put together the needs of dozens of different vendors?

The clock is ticking, however, as more and more equipment suppliers are asking for data access from their equipment onboard vessels. Just like when you build a house, if you don’t get the foundation right from the start you will never have the desired result. The strategy then becomes looking for workarounds.

Looking into data strategies

Getting data from vessel to shore can be done in different ways. The examples are:

  • Satcom
  • Data via dedicated network, e.g. data over HF

With all-you-can-eat packages for VSAT it is very tempting just to give third-party vendors access via your business network run over the VSAT. It is already paid for, so you have no obvious additional cost by letting them use your network. Large amount of data can be sent real-time from the vessel to satisfy the need of the equipment manufactures. However, there are some important considerations that are essential to consider.

  • Crew welfare eats up bandwidth and creates congestions in hot spots, leading to the backup system being used. It will limit what you can do.
  • Weather has an impact on the performance of the VSAT system again leading to use of backup system.
  • VSAT coverage is not 100% global and there are zones you will have no connection.

But these are just minor challenges, the real challenges lie in security. When you allow third party access to your main business network, there are a variety of solutions to protect yourself against getting your system infected and potentially hacked. Here there are hidden costs:

  • Setup costs: Integrating the third-party products takes time and can be complicated due to firewall restrictions, ports that are closed, IP addresses that cannot be used and so on. A lot of support is needed to get the solution running.
  • Maintaining the network: When changes are made to the firewall, or if the cybersecurity solution is updated, the typical result is that your third-party vendors will lose their connection. Troubleshooting then starts on both sides which takes time and money.
  • Customization: Not every vessel in a fleet has the same communication systems and set up, which again make it cumbersome to pull and connect vendor data from your vessels.

These issues might be manageable to start with when you only have a few vendors connected, but it’s not a solid foundation– it’s not scalable in any way. What happens when a few years later you have +50 vendors requiring data from the vessel? The task of supporting this is not manageable and costs will explode for support, and will require time and effort again to set up a well-managed system.

Truly managing your data needs.

An alternative to using SatCom for data connectivity is using HF radio network which gives a lot of clear advantages. The most important pain points data via HF addresses are:

  • Cyber Security
  • Integration issues
  • Scalability

KNL Networks offers a unique Data Network which is secure by nature and operates completely autonomous from the vessel’s satellite Business Network. Using KNL’s Network for your third-party vendors makes the task much easier and reduces the support cost to a minimum.

As an added benefit, as an independent communication channel, it provides a backup possibility for critical emails when out of satcom service. We have seen a few examples of already where the email service from KNL Networks was the only mean of communication that worked for vessels for a period of up to 2 weeks!

Here are a few of the benefits:

Pole to Pole coverage, our secure mesh network finds a connection anywhere between Antarctica and the North Pole. Our mesh network also means no congestion: the more vessels in the network, the better service we provide.

Only integrate once to KNL as a one-day installation. This makes the system scalable and fast deployable.

Managed service, freeing up your IT department to work on business critical issues, not playing catch-up with vendors. KNL Radios are integrated to Kognifai, Mindsphere, Cognite, M.A.C. Solutions and many more.

Better security practices for your vendor network as we tunnel data over a VPN and don’t allow TCP/IP traffic over the HF connection. This reduces risks for cyber-attacks and viruses to an absolute minimum.

Better security for your business network. When making changes to your firewall and other security settings you do not have to think twice about your third-party vendor connections.

Reliable backup comms, as KNL works independently from SatCom system. KNL also can include an KNL Track, a vessel tracking solution that operates on our independent network and does not rely on AIS.

In short, KNL Networks is the industry leader in scalable IoT data connectivity and can help you to get it right from the start.