Skip to main content



Thursday, April 22, 2021 

A comprehensive methodology, said to quickly and cost-effectively assess the security posture of a vessel even while it is underway, has been launched by Cyprus-based cyber security specialist Epsco-Ra Security Systems.

Known as RASP (Rapid Attack Simulation PenTest), the process provides a deep dive into an IT infrastructure's critical security measures to test and expose deficiencies. It very quickly highlights critical areas in a vessel’s networks and recommends ways to improve and fix the faults. Results are normally produced within 24 hours providing full reporting through quantitative scoring, threat matrix, endpoint configuration analysis, firewall and network assessments as well as malware and command and control simulation.

Andreas Ioannou (pictured), MD Epsco-ra, said: “The beauty of the system is that it is carried out remotely and is based on the observation we have made that people spend a lot of money on pen testing before they have their core controls optimised or are even off their system’s default settings. So, we said let’s test those first and give the whole process a lot of value.”

Executing a RASP is very straightforward and can be finished in a day if a vessel has good connectivity. This is needed for the network scanning portion of the process.

Ioannou added: “So when you execute a RASP you download it from us and we work with someone onboard and start to test how well your firewall functions and how well it is configured. We test the anti-virus software to see how up to date and functional it is and then we do a vulnerability assessment scan on the bridge network. With all that data we can assess how well the vulnerability management process is doing? How is your configuration management doing? How is your core  control configuration doing? And then we wrap that up into a quantitative score and outline where you can improve, what areas you performed well in and areas not so.”

Gideon Lenkey, Director of Technology, Epsco-Ra, said: “People buy pentests and get a lot of information they don’t necessarily need. It is not so much about unrealistic attack scenarios but how your security controls and processes are performing onboard your ship that matters. It is also remotely actioned which is a big selling factor.”

Reader Comments (0)

There are currently no comments on this article. Why not be the first and leave your thoughts below.

Leave Your Comment

Please keep your comment on topic, any inappropriate comments may be removed.

Return to index