Superyacht Cybersecurity: Protect your yacht from cyberattacks

Mar 2, 2022 | Blog

Cybercrime continues to rise globally, with Microsoft recently reporting a 1,070% increase in ransomware attacks between 2020 and 2021. The superyacht industry is no exception to this trend, with the number of maritime attacks alone rising by 400% in the first few months of the pandemic. As a result superyacht cybersecurity is a growing topic in the industry.

The acceleration of smart technology, along with the complexity of on board networks, means superyachts are increasingly vulnerable to cyberattacks, and those not taking appropriate steps to mitigate cyber risks are essentially ‘sitting ducks’ for cybercriminals to prey on.

The threat of cyberattacks at sea

A cyberattack can be defined as ‘an attempt to damage, disrupt or gain unauthorised access to a computer, computer system, or electronic communications network.’ Maritime cyberattacks (such as hacking or the introduction of malware) are often the result of exploited vulnerabilities such as outdated software, ineffective firewalls, and unmaintained networks.

With hackers using sophisticated techniques to identify network vulnerabilities, yachts’ communication and navigation systems are at risk of being compromised, impacting both security and safety. Superyachts are unique in that they are owned and occupied by High-Net-Worth Individuals (and often high-profile) – prime targets for hackers with the intent of obtaining sensitive information for extortion or reputational damage.

To understand your threat level, you must have a thorough understanding of the internet technology (IT) and operational technology (OT) systems on the vessel. Do you know where all the access points are? When was your software last updated? Are passwords deleted when crew members leave? These are some of the many questions captains should be able to answer.

It is not only the hardware and software that is vulnerable, but human interference, which has been identified as a cybersecurity weakness, particularly on charter yachts when crew and guests are rotational. A lack of awareness or training can mean crew members are susceptible to phishing and are less likely to recognise and report any security breaches. Additionally, the personal devices of crew and guests such as mobile devices and USBs are common malware infection points.

These cyber risks have prompted the industry to take appropriate action and establish a framework to address and mitigate this industry threat.

The IMO’s cybersecurity guidelines

The International Maritime Organizations (IMO’s) (MSC.428(98) resolution has now been in effect for over a year. Introduced in January 2021, the document states every vessel (in excess of 500 gross tons) must have cybersecurity mitigation built into their Safety Management System (SMS) to become IMO-compliant and secure flag state approval. The resolution is designed to standardise and document processes that will reduce cyber incidents. Compliance is monitored through internal and external audits.

Cybersecurity: How to protect your yacht from the growing cyber threat

We’re not suggesting all superyachts take a Fort Knox approach, it is instead about identifying vulnerabilities and taking a pragmatic approach to cyber risk management.

At OceanWeb, our cybersecurity solutions are aligned with internationally recognised best practise frameworks including the NIST and CIS. Our cybersecurity solution takes a 3-phase approach: assessment, response, and monitoring.

OceanWeb cyber response

Superyacht cybersecurity assessment

The first step is to conduct a full assessment of the yacht, surveying all the IT and OT systems, documentation, policies, and processes to determine the existing cyber security posture. We then review this against best practice cybersecurity controls and processes to identify any potential vulnerabilities. This process can be carried out onboard or remotely through interviews with key personnel and gathering supporting documentation.

Next, we determine and prioritise the risks based on the vulnerabilities found and the most commonly occurring cyber threats. For example, what is the likelihood of a threat acting on a vulnerability? What is the potential impact of this vulnerability being attacked? The answers to these questions determine the level of risk.

Response: mitigating the risk

The assessment results presented in the report can then be used to establish an appropriate response plan based on the existing risks and ensure compliance with applicable regulations and company policy. Some vulnerabilities don’t necessarily pose a significant risk. For example, a non-password protected printer is a vulnerability, but the potential impact of a cyber attack is generally low.

Examples of mitigation methods include the deployment of technological controls such as password management, access control systems and network segregation. Crew cyber awareness training is another essential tool. Without mitigating the risk of human error, all the best cybersecurity processes and policies in the world will not be effective against a cyber threat.

Below are just a few examples of the mitigation methods that OceanWeb provides:

  • Password management
  • Patch management
  • Email security, backup and anti-phishing
  • Remote IT support
  • Business continuity and disaster recovery planning
  • Crew cyber awareness training

Monitoring cyber risk

The third and final step of effective risk management is continuous monitoring of systems and the effectiveness of mitigation methods. Through correspondence with the yachts dedicated cyber officer, we will identify any changes to the system or processes that may impact risk.

Our 3-phase cyber risk management approach is circular and continuous. As technological advancements continue to accelerate, the nature of attacks will become more sophisticated, and new methods may require advanced defences. Therefore, it is essential that yachts continuously assess the risk level for their growing list of devices, and mitigate human risk with a frequent, up-to-date training schedule.

At OceanWeb we can assist you at any level, whether this is a cyber risk assessment, the implementation of mitigation methods, or a full-comprehensive cyber security solution.

To learn more about our cybersecurity services contact