Enhancing maritime security and connectivity: The critical role of OTA updates in fleet management

In the modern connected world, today’s infrastructure communicates digitally. While many people only consider prominent players like computers and telecommunication devices when thinking about connectivity, almost everything we interact with today requires this same connectivity, including general IoT devices across essential industries like automotive, aviation, maritime, defense, energy, housing infrastructure, and healthcare. Connected devices play a critical role in our daily lives, ultimately empowering the reliability, safety, and usability of machines, communication, and how we interact with the physical world.

Independent of device application, every smart IoT device comprises software and hardware components to fulfill its purpose. With IoT devices spanning the globe, the organizations creating these products face increased competition to manage and improve their products throughout the device's lifecycle. Organizations must manage their products from design to decommission to remain competitive while ensuring a device and its users' safety and security are upheld to the highest quality.

Why OTA updates on-board are vital in the maritime industry

OTA updates are essential for the maritime industry to maintain safety, compliance, performance, and cybersecurity resilience as fleets navigate an increasingly interconnected and digitally driven environment.

By nature, maritime vessels usually operate in remote locations at sea or undergo long voyages without access to physical infrastructure or on-site technicians. Connecting access to OTA updates allows ship operators to remotely deploy improvements or patches to firmware and software or deploy configuration changes to onboard systems. Deploying secure and robust OTA updates ensures optimum functionality and interconnectivity of a vessel, including:

1. Navigation equipment: Ensuring the navigation equipment receives the latest map information and software enhancements, improving real-time accuracy and safety.

2. Communication systems: Deploying the latest software fixes, protocols, and encryption standards, ensuring reliable and secure maritime communication. 

3. Engine controls: With real-time engine performance optimization, ensuring increased compliance and reduced operational issues. 

4. Safety systems: Guaranteeing fleets remain current with the latest protocols and technologies, improving response times and overall vessel safety. 

5. Security systems: Releasing the latest security patches and threat detection algorithms, protecting maritime vessels from evolving cyber threats and unauthorized access. 

Since maritime operations take place in the most remote corners of the world's oceans, with countless essential systems requiring necessary firmware and software updates, outages can derail daily operations, putting safety and even lives at risk. The immense scale and cost of maritime operations require continuous uptime to ensure fleets remain functional throughout their lifecycle. A 2023 survey from the ABB group regarding downtime found that, on average, over two-thirds of industrial businesses experience outages monthly, and at scale, these outages cost upwards of US$125,000 per hour.¹ Despite these costs, 21% of businesses surveyed still rely on run-to-fail maintenance,¹ a costly strategy that is unfeasible in the maritime industry considering the immense risk associated with mishaps.

Leveraging an enterprise-grade OTA infrastructure enables safety-critical updates and compliance enhancements to combat costly and dangerous incidents, meet regulatory requirements or industry best practices, and fulfill overall satisfaction standards. Failure to maintain uptime and deploy timely remote OTA updates can result in operational expenses, security breaches, and supply-chain failures, impacting public brand image and potentially incurring millions of dollars in costs. For example, the NotPetya cyber attack in 2017 allowed access to the Maersk global network through outdated machines, using stolen data to attack the entire system, including up-to-date machines. Stemming from out-of-date software, this breach decommissioned Maersk’s fleets, comprising nearly a fifth of the world's shipping capacity. The attack cost Maersk upwards of US$300 million while causing supply chain mishaps worldwide – further underscoring the necessity of continual updates and secure policies to safeguard the modern world’s infrastructure.²

Additional benefits of OTA updates

Beyond the critical aspects of ensuring optimal functionality through OTA updates, there are additional benefits that enhance overall fleet management and resilience. OTA updates offer operational efficiencies through:

1. Streamlining fleet management

Aside from timeliness, compliance, and safety, OTA updates enable centralized practices for fleet management and monitoring. Utilizing the OTA infrastructure, ship operators can simultaneously deploy updates across multiple vessels from a centralized platform, ultimately ensuring uniform modernization and compliance throughout the entire fleet. Ship operators can also optimize resource allocation and minimize administrative overhead by centralizing OTA update deployment and management processes. Improved efficiencies, uniformity, and proactive management of software lifecycle activities fully at scale – from a centralized control point, operations are streamlined toward a secure, updated, and compliant fleet.

2. Ensuring cybersecurity resilience

In today’s digital world lies the unfortunate possibility of new threats to integrated vessels. Ships must be adequately equipped to handle cybersecurity concerns, both known and novel. Remote cyberattacks can target onboard systems and networks, potentially gaining access to data or impacting the vessel’s control systems. The use of IoT devices in fleets accompanies the need for continuous updates to maintain cybersecurity resilience. Timely OTA updates ensure scalable deployment of security patches, intelligence updates, and vulnerability fixes in real-time. In turn, leveraging a secure and robust OTA system proactively shields threats and ensures vessels stay up-to-date and secure. Furthermore, the ability of IoT devices to continually offer software patches is essential for compliance with ever-changing cybersecurity guidelines. As the need for compliance and safety continues to increase, managing and maintaining fleets from a centralized entity is necessary for both the crew's safety and the company's success.

KVH Industries: Delivering secure connectivity at sea

In the maritime industry, remaining securely connected is more crucial than ever as ships navigate across remote waters. KVH Industries is a global leader in mobile connectivity, content, and value-added services within the maritime sector, ultimately integrating end-to-end solutions to ensure mariners are continually connected and secure. Offering scalable solutions from entertainment and reliable access for commercial and military users, KVH ensures fast data speeds, global coverage, and reliable professional service to ensure customer satisfaction and success. 

With over 7,000 service subscribers in over 95 countries and upwards of 230,000 mobile satellite antennas worldwide, KVH provides vessels with hybrid connectivity through a multi-orbit, multi-channel grid with intelligent enterprise-grade network and bandwidth management. Through integrated solutions from KVH, fleets enjoy a robust, affordable, and versatile maritime communication solution, ensuring enhanced and continuous connectivity.

By definition, the maritime industry spends most of its time on the water, relying on technology to remain updated and securely connected to the mainland. To stay secure, users need up-to-date software directly when available; waiting until arrival in port for essential software updates is hazardous, threatening the crew's connectivity to the greater fleet and outside world. In the event of a time-sensitive update for security or new functionality, requiring in-port updating can be detrimental for a fleet attempting to remain connected and current while at sea.

Reliable over-the-air (OTA) firmware and software update capabilities are critical to the entire fleet's success both in port and at sea. The ability to deploy OTA firmware and software updates at scale to KVH products ensures fleets continue to enjoy KVH’s reliable connectivity, robust security, and secure data management. 

The Mender - KVH partnership

As an industry leader in its vertical, KVH followed suit and adopted a best-of-breed approach by selecting Mender, the OTA industry leader, as its partner for OTA firmware and software updates. By leveraging Mender’s extensive update capabilities, KVH can deploy updates to their software across all channels, including low-connectivity VSAT, an essential requirement for maritime OTA. Here’s how Mender enables KVH to stay at the front of the industry, keeping their software current and secure: 

1. With Mender, KVH can update the entire root filesystem within the antenna control component for satellite communications, using a read-only root filesystem to facilitate incremental updates and reduce bandwidth expenses.

2. Mender satisfied KVH’s strict security and regulatory requirements by providing support during low connectivity. With a security-by-design approach, KVH seamlessly integrated Mender and its OTA infrastructure into its robust multi-level cybersecurity program.

3. Due to its fail-safe, robust design and support via cellular and Wi-Fi, Mender minimizes the risk of bricked devices and operational outages. Devices are never partially updated or left inoperable.

4. KVH required an easy OTA solution to set up, deploy, and integrate into existing operations. With Mender, KVH was able to provide customers the capacity to update terminals at will. KVH customers can self-serve through a portal to deploy necessary changes and check service status.

Securing the future of maritime connectivity

In today’s rapidly evolving connected world, remaining secure and up-to-date is non-negotiable across all verticals operating with IoT devices. KVH’s partnership with Mender showcases the transformative power of managing OTA updates from a trusted industry leader. Maintaining compliance, efficiency, and resilience amidst ever-changing challenges, with Mender’s security-by-design approach, KVH can harness the full potential of OTA updates while ensuring security at scale at every step. Partnering with Mender allows KVH to seamlessly deploy security updates, ultimately enhancing operational efficiency. With Mender, KVH can meet current demands while supporting new and emerging business requirements, such as machine-to-machine communication. By embracing OTA updates, KVH continues to innovate and operate its next-generation products, delivering unparalleled service, security, and always-on connectivity to its global user base. 

Read the full case study for more information on how KVH leverages Mender to improve its connectivity products - https://mender.io/resources/case-studies/kvh-case-study

Resources

1. ^{ABB. Survey Report 2023. Foreword by Virve Viitanen, Head of Global Customer Care and Support at ABB Motion Services. ABB, 2023. https://library.e.abb.com/public/458b324e7f9f43769c6731126cec9284/ABB_Survey%20Report%202023_1920x1080_20231010_JL_final_edits.pdf.}
2. ^{Greenberg, Andy. "The Untold Story of NotPetya, the Most Devastating Cyberattack in History." Wired, August 22, 2018. https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/.}
3. "KVH Industries, Inc. Reports Fourth Quarter and Full Year 2022 Results." KVH Industries, Inc. Accessed September 5, 2024. https://ir.kvh.com/static-files/57fe42c9-a56a-4532-9c4e-1d2b55e3858e.