HACKING ON THE HIGH SEAS
A hacker gaining access via a malicious email is a risk for the entire network, from audiovisual systems to navigation.
NO ONE IS EXEMPT hackers are not picky. But while the yachting industry isn’t singled out per se, the increased amount of digital technology on board, which has been specifically designed to make it easier for owners, guests, and crew to stay connected anywhere at any time, can expose a yacht’s systems and its passengers to the growing threat of a cyber-related breach.
Most onboard systems are interconnected and managed by VLAN, often via the same Internet entry/exit point. This means all traffic goes through the same portal, so a hacker gaining access via a malicious email is a risk for the entire network, from audiovisual systems to navigation. While the hacking of a vessel’s controls is alarming, the safety of personal data, such as email addresses, passwords, and bank-account details, are also vulnerable to malware and phishing. And the risk can come from anyone using the Internet.
“Most of the cybercrime in yachting takes advantage of something from the inside; somebody has forgotten to do something, and the hacker is opportunistic enough to wait for somebody to make a mistake,” says Will Faimatea, founder and director of technology management firm Bond TM (bondtm .com). “It’s not just implementation of hardware that’s needed. It’s having processes and policies in place, and this is a mind-set which I think the yacht industry has to want to change.”
Firewalls and antivirus systems are paramount, ideally those that have been tailored by an experienced integrator to the yacht’s individual performance and security needs. All devices that sign onto the onboard wireless network must be vetted, including those belonging to crew and guests, and a best-practice manual should be in place that includes how to manage passwords, use of USBs, and email management. All-in-one threat and connection managers, such as Kerio Control from Kerio technologies, can protect the yacht’s server via an intrusion prevention system that monitors both entering and exiting net communications. But if the crew isn’t trained on best practices, any system is relatively useless.
“Most superyachts have a navigation system that is detached and isolated from the main network and therefore can’t be interfered with,” says Dr. Paul Hunton, founder of Maritime Cyber Solutions (which recently became part of the Bond TM Group). “However, these systems are updated by being connected to the main network via a cable, which itself isn’t a problem, but if the crew has shared the Wi-Fi password with neighboring vessels, then anyone in the port could have had a go at playing with the navigation. Educating those on board is paramount. There is a distinct lack of standardization in the yachting market, and that’s why we’re putting together cybersecurity-awareness courses for crew to help mitigate the security risk by making it much harder for hackers to penetrate the network.” Julia Zaltzman