HACK­ING ON THE HIGH SEAS

Robb Report (USA) - - DREAM MACHINES -

A hacker gain­ing ac­cess via a ma­li­cious email is a risk for the en­tire net­work, from au­dio­vi­sual sys­tems to nav­i­ga­tion.

from cy­ber­crime;

NO ONE IS EX­EMPT hack­ers are not picky. But while the yacht­ing in­dus­try isn’t sin­gled out per se, the in­creased amount of dig­i­tal tech­nol­ogy on board, which has been specif­i­cally de­signed to make it eas­ier for own­ers, guests, and crew to stay con­nected any­where at any time, can ex­pose a yacht’s sys­tems and its pas­sen­gers to the grow­ing threat of a cy­ber-re­lated breach.

Most on­board sys­tems are in­ter­con­nected and man­aged by VLAN, often via the same In­ter­net en­try/exit point. This means all traf­fic goes through the same por­tal, so a hacker gain­ing ac­cess via a ma­li­cious email is a risk for the en­tire net­work, from au­dio­vi­sual sys­tems to nav­i­ga­tion. While the hack­ing of a ves­sel’s con­trols is alarm­ing, the safety of per­sonal data, such as email ad­dresses, pass­words, and bank-ac­count de­tails, are also vul­ner­a­ble to mal­ware and phish­ing. And the risk can come from any­one us­ing the In­ter­net.

“Most of the cy­ber­crime in yacht­ing takes ad­van­tage of some­thing from the in­side; some­body has for­got­ten to do some­thing, and the hacker is op­por­tunis­tic enough to wait for some­body to make a mis­take,” says Will Fai­matea, founder and di­rec­tor of tech­nol­ogy man­age­ment firm Bond TM (bondtm .com). “It’s not just im­ple­men­ta­tion of hard­ware that’s needed. It’s hav­ing pro­cesses and poli­cies in place, and this is a mind-set which I think the yacht in­dus­try has to want to change.”

Fire­walls and an­tivirus sys­tems are para­mount, ide­ally those that have been tai­lored by an ex­pe­ri­enced in­te­gra­tor to the yacht’s in­di­vid­ual per­for­mance and se­cu­rity needs. All de­vices that sign onto the on­board wire­less net­work must be vet­ted, in­clud­ing those be­long­ing to crew and guests, and a best-prac­tice man­ual should be in place that in­cludes how to man­age pass­words, use of USBs, and email man­age­ment. All-in-one threat and con­nec­tion man­agers, such as Ke­rio Con­trol from Ke­rio tech­nolo­gies, can pro­tect the yacht’s server via an in­tru­sion pre­ven­tion sys­tem that mon­i­tors both en­ter­ing and ex­it­ing net com­mu­ni­ca­tions. But if the crew isn’t trained on best prac­tices, any sys­tem is rel­a­tively use­less.

“Most su­pery­achts have a nav­i­ga­tion sys­tem that is de­tached and iso­lated from the main net­work and there­fore can’t be in­ter­fered with,” says Dr. Paul Hun­ton, founder of Mar­itime Cy­ber So­lu­tions (which re­cently be­came part of the Bond TM Group). “How­ever, th­ese sys­tems are up­dated by be­ing con­nected to the main net­work via a ca­ble, which it­self isn’t a prob­lem, but if the crew has shared the Wi-Fi pass­word with neigh­bor­ing ves­sels, then any­one in the port could have had a go at play­ing with the nav­i­ga­tion. Ed­u­cat­ing those on board is para­mount. There is a dis­tinct lack of stan­dard­iza­tion in the yacht­ing mar­ket, and that’s why we’re putting to­gether cy­ber­se­cu­rity-aware­ness cour­ses for crew to help mit­i­gate the se­cu­rity risk by mak­ing it much harder for hack­ers to pen­e­trate the net­work.” Ju­lia Zaltz­man

Newspapers in English

Newspapers from USA

© PressReader. All rights reserved.