Digitalization has revolutionised most industries. But when every system is online, companies become more vulnerable to cyberattacks.
Through DNV GL’s summer project, eight students have helped develop a tool to easier identify security holes – and it is fully automated.
“It is very rewarding working with cyber security, since it affects us all, both in large companies and in our everyday life. Today, mostly cyber experts are searching for security holes. But with our “health check” tool, Scanning Artificial Intelligence (SCAI), companies can find out in a much simpler way if their system is healthy or if it needs any sort of treatment”, says Anders Bergfjord Fjellvikås, student summer project manager and final year Master of Science in Economics and Business at the Norwegian School of Economics.
Together with seven other students, he has been part of the team that has developed SCAI. SCAI uses artificial intelligence to carry out risk analysis for online systems. The diagnosis set will identify potential security threats such as software that needs updating, and unknown units that are connected to the network.
“Security holes are often a result of lack of knowledge or carelessness among employees that use the IT-systems. One example could be connecting your cell phone to an unsecured network, and then charging it through a computer connected to a secure network. This could threaten the integrity of the secure network. That is why cyber security also affects us in our day to day life”, Fjellvikås explains.
Employees become cyber-detectives
SCAI conducts a full scan of a company’s IT-systems, resulting in a report showing which vulnerabilities exist within the network. The tool will identify errors and security holes so that the user’s own IT personnel can close the security gap themselves or consult DNV GL’s help desk directly.
DNV GL assists a whole range of clients with IT-security measures. According to Elisabet Line Haugsbø, DNV GL cyber security engineer and summer project manager, SCAI will also improve how DNV GL and its clients can collaborate.
“We believe SCAI will make our clients feel safer through closer dialogue with us and more frequent check-ups. The automated reports will mean money saved, because the SCAI-users are doing more of the risk analysis themselves”, Haugsbø says.
Haugsbø normally works with ethical hacking, where she helps shipping companies find security holes before unwanted guests get the chance to do the same.
“The technology is getting more advanced, but by involving the employees in finding security holes, we hope to increase awareness about secure use of the employer’s IT-systems”, Haugsbø explains.
The SCAI concept: download brochure below.
Guides the ships safely to shore
In the summer of 2017, the world’s largest container shipping company, Danish AP Moller-Maersk, was hit by a cyberattack that cost the company between 200 and 300 million dollars. While SCAI is designed for use in all types of sectors, there’s a particular urgency for a product like this in the maritime sector, according to Haugsbø.
“The oil, gas and energy industry has lead the way with digitalisation, while the maritime sector is lagging a bit behind. But if you manage to enter the IT-systems of a shipping company, you could potentially access both control systems and confidential information. A victim of this could end up with repair costs in the million dollar range”, Haugsbø says.
Her regular job often includes visiting the actual ships to make sure the systems are secure. But new threats are continuously arising, and therefore she appreciates the possibility SCAI provides the employees.
“The saying goes “if it isn’t broken, don’t fix it”, but that is not true when it comes to cybersecurity. If security is not taken seriously, computers and systems seemingly working just fine could hide large security holes”, Haugsbø explains.
The executives are listening
“Everything” with an online connection could be remotely accessed, which opens a whole set of entryways into a system. Because of the vulnerability this creates, it is high on the agenda for many businesses. DNV GL is an active part in developing standards and recommendations for different types of sectors to avoid cyberattacks.
“The top executives are held responsible for this. Therefore, it is not just something for the IT-department to work on, but also for the board and the management to pay attention to”, Head of Section Cyber & Risk, Erling Hessvik, says.
DNV GL has offices in over 100 countries worldwide, and on Wednesday August 8th, employees and others from all over the world will watch the students present SCAI for the first time, both in real life, or via live-streaming.
DNV GL’s Chief HR Officer, Gro Gotteberg is excited about this year’s summer project: “DNV GL’s summer project has become one of the most sought after summer programs in Norway over the years. Students can bring several benefits to our business, including a fresh perspective, technological savvy and new ideas that inspire the whole company. It is fantastic to see our own employees crowd into our largest auditorium at DNV GL’s headquarters at Høvik, Oslo, when the students present the summer project. We also see a lot of interest from employees located outside Norway, and others. With the speed the field of cyber security is developing, these students are of the utmost importance to us. Now it will be up to us to take SCAI to the next level.”
Summer project 2018: fast facts
- This year’s topic is based on the increasing security threat represented by cyber attacks. Digitalisation and new technology can give companies an advantage, but it also comes with increased risk of hacking.
- The hackers are becoming smarter, and security holes could be hard to find and identify before it is too late. DNV GL assists companies with testing and advice concerning cyber security, and helps increase awareness of risks and how to establish good routines among all employees.
- SCAI uses artificial intelligence to prevent cyberattacks. The tool identifies security holes in IT-systems, so that the IT-department can close the security gap, or consult with a specialist at DNV GL for closer inspection.
- DNV GL’S Summer Project is organised for the 11th time this year.
- This year’s team is made up of eight master students from Norwegian University of Science and technology (NTNU), Norwegian School of Economics (NHH) and the University of Tromsø (UiT).
- The project started on June 27th, and the final presentation for management, colleagues and externals was held on August 8th at DNV GL’s office in Høvik, Oslo.
About DNV GL
DNV GL is a global quality assurance and risk management company. Driven by our purpose of safeguarding life, property and the environment, we enable our customers to advance the safety and sustainability of their business. We provide classification, technical assurance, software and independent expert advisory services to the maritime, oil & gas, power and renewables industries. We also provide certification, supply chain and data management services to customers across a wide range of industries. Operating in more than 100 countries, our experts are dedicated to helping customers make the world safer, smarter and greener.