Delivering Reliable Connectivity And Cybersecurity On The High Seas: Inside MSP Marlink’s Approach

Providing connectivity and cybersecurity to oceangoing vessels is a complex process, made more challenging not only by the movement of ships all over the world but by the fact that ship owners’ security budgets are typically under $300 a month. Marlink, an MSP focused on the maritime connectivity and cybersecurity business, explains how it does so in an exclusive interview with CRN.

Managed services providers must be prepared to bring the latest technology to customers with IT infrastructures that can stretch across data centers, cities, states, or even international borders. Few, however, have to deal with connectivity and cybersecurity across seagoing vessels around the world.

Marlink does. The MSP, with headquarters in Paris, France and Oslo, Norway, and offices around the globe, specializes in the unique challenges of providing reliable connectivity and robust cybersecurity for oceangoing vessels.

Youri Hart (pictured), vice president of products and solutions at Marlink and the former CEO of Port-IT, a Netherlands-based cybersecurity MSP acquired by Marlink in late 2024, told CRN in an exclusive conversation that the task of delivering these services to ships that constantly traverse international waters is anything but straightforward.

“On land, you get your fiber optic or your telephone, whatever, 5G signal from a provider that has the certifications needed,” Hart (pictured) said. “But for vessels, not every country allows every type of connection. As an example, Starlink will not work yet in India or in China, meaning that if you have a vessel, you always need to have multiple connectivity options. Adding to that, it also depends on the customers’ budgets because satellite connectivity is still expensive.”

And while ship owners tend to skimp on their cybersecurity budgets, having the right security technologies in place is increasingly important, Hart said.

“The advantage that older vessels have is that their steering systems are still disconnected. But for new engines, like from Rolls Royce or Wartsila, the engine manufacturers want to remotely review the engines’ RPM, for example, or they want to be able remotely log into the system to see if the engine is still performing well,” he said. “So the technology of those newer engines actually enables potential attacks because there's a connectivity option, and that's where the security comes into play.”

Ship owners face unique difficulties but hesitate to invest more than the bare minimum in connectivity and cybersecurity technology, Hart said. To learn more about the challenges an MSP like Marlink faces, read CRN’s complete conversation with Hart, which has been lightly edited for clarity.

How do you define Marlink?

Marlink actually goes back, I don't know, they're about 80 years old. It came from the radio telecommunication industry and evolved during the years into satellite communications. Marlink was a France Telecom partner. It was acquired by Airbus and then sold by Airbus. It's now owned by Providence Equity Partners and delivers connectivity and cybersecurity for remote operations critical infrastructures.

We have an office in Houston. We also have offices in Singapore, Japan, Hong Kong, U.K., Norway, Sweden, Germany, and Netherlands. We operate globally. I think we have over 60 offices. We also have security operations centers in Uruguay; Palma, Spain; Zagreb, Croatia; Rotterdam, Netherlands; and Thailand.

What does Marlink do?

The primary focus was always connectivity for sea vessels. Later on, they also decided to start working on enterprise and government services and delivering to them connectivity solutions before Starlink. Starlink connectivity is expensive, but it was even more expensive before. It was difficult to deploy. Starlink made a lot possible both for customers and for Marlink. Along with that, we deliver cybersecurity solutions from standard antivirus to full-blown network monitoring and security. And with our SOCs [security operations centers] and all the products and services that we have around that, along with IT management as well, we can deploy an IT infrastructure for customers and then maintain and manage it as well.

So your specialty is connecting ships at sea?

That's 80 [percent] or 90 percent of the work that we do. For vessels all over the world, we provide good connectivity and security.

Connectivity for ships at sea is a different challenge than typical networking, right?

Yes, because the connectivity of a vessel has to be compliant with different states and regulations. On land, you get your fiber optic or your telephone, whatever, 5G signal from a provider that has the certifications needed. But for vessels, not every country allows every type of connection. As an example, Starlink will not work yet in India or in China, meaning that if you have a vessel, you always need to have multiple connectivity options.

Adding to that, it also depends on the customers’ budgets because satellite connectivity is still expensive. It has become cheaper with the arrival of Starlink, but it's still quite hefty. So if you're talking about a traditional VSAT system, you're talking about an antenna system of $25,000 plus the monthly subscription on top of that. So, yeah, those are big chunks of money. Many people think, oh, an oil tanker or container vessel earns a lot of money, and that's partially true. But they also literally burn a lot of money based on the fuel consumption and the crew on the vessel. So the budgets are quite small. With a vessel that might cost $80 million, excluding the cargo, often their security budget is only $100 or $200 a month if they have any. And that's a challenge for your security.

And then the connectivity budget, they always try to cut down the price because those are the small things that they can actually control the costs. Fuel is a given, employee cost is a given, and all that kind of stuff. But the connectivity, the IT, that's where there's a variable that they can actually steer a bit on. And that makes it quite difficult financially to deploy it. And if you look to larger infrastructures, it's also more difficult. You need to drill into and weld to steel beams, all that kind of stuff. So yeah, delivering connectivity is a challenge.

What are some of the solutions and technologies Marlink uses?

For the connectivity, we use Inmarsat systems. We use OneWeb. We use Starlink, SES, and Iridium. Those are all satellite providers that we use, and we combine them together in our, what we call, an exchange platform. An exchange basically is a load balancer between multiple satellite connections. It does not mean that customers have all the connections. If they want that, they can, but it will be quite pricey. So those are vendors that we use for delivering the connectivity. And that connectivity should also work with our cybersecurity products, of course.

Which cybersecurity solutions are good for remote ships?

That has become a more critical question, especially with a new regulation for new-build vessels since July 1, 2024, focused on OT [operational technology] security. OT security is basically making sure that an engine control system or a voyage data recorder or an active mapping system remain operational during the sailing.

What type of applications do we use for that? That goes from your basic EDR [endpoint detection and response] solution, which is still very, very important because the tasks are being carried out on machines, but also to NDR [network detection and response] systems to actually see what types of behavior are in the network. And that's also one of the mandatory requirements of that new regulation so that ship owners are able to see how data travels through the network from one machine to another machine. That's where AI and NDR helps.

And on top of that, we deploy our SOC, which basically watches to see, ‘Is everything is going well on a vessel?’ Or do we need to take action on certain attacks? And that's where, if you're talking about specific vendors, we use Stellar Cyber for the AI and for our SOC to manage that part. But the primary focus of that company is its NDR capabilities. We also use vendors such as ESET and Fortinet that assist us by delivering the basic building blocks of security.

How big of a role does Stellar Cyber play with what you're doing?

They play a big role in the deployment of our NDR capabilities. Before I started working with Marlink. I was the owner of Port-IT, which I sold to Marlink. Marlink was a bigger player. And financially, it was also attractive. To be honest, I'm still a businessman. I had already chosen Stellar Cyber at that point because they were very flexible in delivering their solutions. Often you might see with vendors that you need to make a big commitment to start that can be quite hefty, especially with cybersecurity solutions that can be very expensive. If you want to evaluate a vendor’s capabilities, you don't want to go full all-in at first. You want to do it much slower, which is what we did with them. They were very patient. They assisted my team with how to operate and deploy their systems on our customers’ premises. And with that, we were able to sign a deal with a customer, a big customer, 100-plus vessels, to deploy their solution on our first go. And we have a couple of other POCs [proofs of concept] running. So they are our go-to partner in delivering NDR capabilities to our customers and enabling our SOCs to get a better overview of what's happening in the customers’ networks.

You talked about all the expenses related to setting up connectivity and cybersecurity, and yet you said ships have a budget of $100 to $200 a month. How do you get all that work done within that budget?

Well, some of them don't have any budget. Some have $100 or $200, and some actually have a budget of $1,000, so it's quite diverse what they have. That budget is variable per customer or per vessel. But they always try to save cost on it, and that makes it quite difficult. We see customers deploying the cheapest antivirus solution that we have because they can say, ‘Hey, at least I have something.’ Then they get struck by ransomware because they played games on the internet, they didn't apply the updates every day like you normally should do, they didn't have proper configurations. And then they complain, saying, ‘Hey, I got a ransomware attack, but I have a solution from you.’ Yeah, but the solution was never intended for how you're using it. It's like going into a Formula One race with a tractor. You probably will lose that race. And that makes it difficult. Cybersecurity, especially in the maritime industry, is still a difficult subject. Not difficult in that it is hard to understand. It's technology. People still think, ‘OK, antivirus is enough.’ So you need to convince people why they actually need it, and that's where the difficulty lies.

With the war going on in the Middle East right now, has that changed? Any conversations with your customers yet about it?

Yes, we are already advising our customers to step up because we do see an increase in potential attacks. We have seen, of course, the bombarding of vessels over there. We haven’t seen direct cyberattacks on vessels yet. But what we did see is that customers are suddenly out of connectivity. So we arranged options to get more connectivity via enabling communication channels on the satellite systems they have so that they can do at least some communication. But for the cybersecurity part, we do inform them about what could happen. We have a cyber threat intelligence team. We generate our own CTI [cyber threat intelligence] that we get either from vendors or that we find ourselves in the dark web. And with that, we try to convince them that they need to spend more and invest more in cybersecurity because a lot could happen, such as their vessel runs aground.

I always talk about two prime examples. You had the Baltimore incident where a ship crashed into the bridge. That wasn't a cybersecurity incident. But just imagine if you are a vessel sailing and then suddenly somebody takes over the engine control, gives a bit of extra thrust, and you're hitting a bridge. Or in the Suez Canal a few years ago, the vessel Ever Given was stuck because of a steering fault. If that was because of a cyber incident, you could potentially be liable for billions of dollars because you just saved $200 a month on cybersecurity. And that's the reality that still needs to sink in with customers. So the war, although wars are never good, it helps to bring more awareness, that's for sure. But there’s still a long way to go.

Have there been any incidents where a ship's steering or engine was taken over and caused damage?

No, not that we are aware of. The advantage that older vessels have is that their steering systems are still disconnected, but for new engines, like from Rolls Royce or Wartsila, the engine manufacturers want to remotely review the engines’ RPM, for example, or they want to be able remotely log into the system to see if the engine is still performing well. So the technology of those newer engines actually enables potential attacks because there's a connectivity option, and that's where the security comes into play. So yeah, new technology is not always better, because you also introduce additional risk.

Is there anything else you think we need to know about what you're doing with remote networking and cybersecurity?

I think in the end, customers need to know that the investment in cybersecurity leads to a return on investment. It's not a cost. And that's one of the issues that's still being seen and that they should be aware of. It's not of question of, ‘Oh, I have not been hit yet, so it will never happen.’ In due time, everybody will basically have an issue, get a ransomware action, or experience a data leak or whatever. And that can potentially be prevented because of a small investment, by looking into the future and saying, ‘OK, where do we want to go as a company, and do we actually want to protect our data?’ In the end, it's a management decision. Regulations are there to help. But some companies—they need to be more forward looking.