Photo: Marlink Cyber
In a major strategic move in April, Marlink announced that it was creating Marlink Cyber a dedicated cyber security company to address growth of cyber threats and the increasing need for compliance. Marlink is a well-known name in the satellite sector and provides in managed services for business-critical IT solutions. It has a big presence in the maritime and energy sectors and works with government customers also.
The creation of Marlink Cyber is an interesting move because it shows company leadership felt it needed to go beyond just having cybersecurity capabilities to have a dedicated cyber operation. The new company aims to provide a number of customer benefits including multiple security operations centers (SOCs) in strategic global locations. S3 interviewed Nicolas Furge, president of Marlink Cyber, about why a well-known company in satellite to create a dedicated cyber company.
S3: Why did Marlink feel the need to create Marlink Cyber? What is the rationale behind such a decision?
Furge: Market demand for professional cyber services and solutions has been growing rapidly in recent years. This is after an extended period in which maritime, energy and enterprise users operated not just remotely but also at lower bandwidths and throughput.
The increase in throughput and traffic levels, driven by increased use of Low-Earth Orbit (LEO) and 4G/5G connectivity has made these sectors more vulnerable to cyber threats. As a result, we took the decision to concentrate the acquired resources of Diverto and Port-IT into a single operating company with our existing expertise. This means we can combine our expertise, develop, and provide enhanced additional services.
S3: Will it function like a separate business? What are the revenue goals for the first 12 months?
Furge: Marlink Cyber will be fully integrated to support the market verticals we serve – maritime, energy, superyachts, humanitarian and enterprise users. Our goals are to increase our share of the cybersecurity market.
Marlink Cyber will deliver services and solutions across three principal areas of operation – Cybersecurity Professional Services, Infrastructure and Endpoint Security and Cybersecurity Defence Centre. Together they will provide a complete portfolio of managed cybersecurity solutions, detection and response services, vulnerability assessments, penetration testing, phishing and awareness programs, compliance and gap assessments and risk management.
S3: Marlink called out a number of user segments — maritime, energy, humanitarian. Which of these segments offers the most opportunities for Marlink Cyber in the first two years?
Furge: Each has a need to improve their cybersecurity posture, though they have different needs and levels of sophistication. The growth in the value and volume of data used in maritime, energy and enterprise means that more operators are recognizing the potential impact of a cyber attack on their operations. There is a growing need for both proactive and reactive cyber solutions that build awareness of potential threats and help customers defend against them.
S3: What kind of cyber threats do you see companies in these sectors facing? Are they now more at risk of cyber attacks than ever before? How do you analyze the threats for these types of companies?
Furge: Marlink observes that users across maritime, energy and enterprise are more at risk from hackers and attackers as bandwidth increases. The greater use of social media by remote personnel and business users alike is a well-understood attack vector.
The most recent maritime cyber threat report produced by the Marlink Security Operations Centre (SOC) demonstrated the changing tactics of cyber criminals, who are increasingly attempting to bypass previously effective security controls using new tools.
Analysts observed a continued rise in common threats using command and control (C&C) infrastructure to create botnet threats, which are growing in number and complexity.
Phishing continues to be the leading tactic used by attackers in maritime to gain access to corporate networks, though the SOC also detected an increase in blacklisted malicious traffic. This highlights the importance of maintaining up-to-date threat intelligence feeds and applying strict security policies to prevent unauthorized connections to high-risk sites.
S3: Will Marlink Cyber have extended capabilities compared to what Marlink was previously able to offer in terms of cyber?
Furge: Yes; the acquisition of Port IT and Diverto brings expansion to all the cyber solutions we offer. The combined Marlink Cyber offers enhanced expertise, richer resources and will provide more certifications to sites verified by Marlink to international standards. The increased footprint enables Marlink to serve more markets with high quality services, including adding multiple SOCs to Marlink’s global network to provide proactive intelligence gathering capabilities as well as reactive/recovery expertise.
S3: Will you be looking to hire more people with a cyber background? Is there a skills shortage in this area?
Furge: Marlink Cyber includes the combined resources of 150 people and we may look to add further expertise as demand grows and business expands. By combining our expertise in cybersecurity with in-depth knowledge of maritime, energy and enterprise markets enables us to remotely support operations and provide security solutions.
S3: Do you believe Marlink Cyber will give Marlink a competitive advantage over other service providers targeting the energy and maritime segments, for example?
Furge: There is a clear need for enhanced managed cybersecurity solutions across maritime, EEG and enterprise user groups. The common element in these markets is that they require expertise in accessing remote assets and users, providing support, updates, installations and applications support. With a leading market share in maritime, energy and humanitarian verticals, we are ideally placed to provide cybersecurity solutions.
S3: What do you see as the biggest cybersecurity threat for these companies, ransomware, for example, or something else?
Furge: Malicious actors are evolving their attack patterns and launching fraudulent campaigns that bypass previously effective security controls, such as two-factor authentication, forcing defenders to react and raise the security level to ensure operations are safeguarded.
Phishing continues to be the leading tactic used by attackers to gain access to corporate networks, though the SOC also detected an increase in blacklisted malicious traffic. This highlights the importance of maintaining up-to-date threat intelligence feeds and applying strict security policies to prevent unauthorized connections to high-risk sites.
Increased visibility into events from endpoint protection solutions (EDR), firewalls and e-mail security, along with the context provided by intelligence capabilities, has allowed SOC analysts to gain deeper insight into the evolving threat landscape.
S3: Do you believe the satellite industry is now a high profile target for cyber attacks? Do you think the industry has prepared well enough for this as a whole?
Furge: The industries that our hybrid networks serve are becoming increasingly visible after decades of relative isolation, the value of data is increasing, social traffic is expanding, so each market vertical presents as a tempting target. Has the industry prepared well enough for this evolving landscape? In part yes, and there is growing awareness of the impact of a major attack or outage on critical infrastructure. Our task is to continue our work with users to ensure they are as prepared as possible for attacks and can take the appropriate steps to protect themselves.
S3: What do you see as the key trends in satellite and cybersecurity over the next few years?
Furge: Regulation will strongly drive corporate behaviors, new international and regional rules are coming in for maritime users, while regional ones will impact enterprise and energy users. Of these, new EU rules on security will have costly consequences for non-compliance.
Global standards already exist in the form of IEC certification and ISO standards – Marlink works to the established NIST Framework of identify, protect, detect, respond, recover and govern.
In the maritime space, IACS Unified Requirement E26 aims to provide a minimum mandatory set of requirements for cyber resilience of ships, intended for the design, construction, commissioning and operational life of the vessel.
Despite UR E26 being required only for newbuildings, Marlink believes that shipowners will increasingly seek to apply its principles and standards to existing ships, providing risk mitigation for highly valuable assets and cargoes. Conversations with shipowners indicate that they will progressively apply the regulation to their fleets, using UR26 as the baseline for cyber security on floating assets.
Companies operating with remote assets and their users have a strategy in place for business continuity and compliance, or will have to do so. The risk of not doing so and leaving their reputation to chance is too great.
S3: Finally, what do you see as the biggest challenge for Marlink Cyber to be successful?
Furge: With momentum building and demand growing, the timing of this initiative is good for our customers, their assets and users. Marlink cyber creates a platform which we can leverage to spread a positive message about managing cyber risk across all our customer groups. Customers will always move at different speeds in understanding the threat and some for whom the process of adoption might be longer, but in general we are pushing at an open door.
