Benjamin Dynkin discusses the real threats superyachts can face on the open seas and how to protect those all important assets
The yachting industry has always been a leading figure in the development and implementation of new technologies.
The average yacht features an incredibly robust network infrastructure, IT (Information Technology) network, and OT (Operational Technology) network. Hundreds of network connected assets, dozens of remote connections to third-party vendors, a constantly changing set of guests and crew members, and constant
connectivity through an amalgam of shoreline, 4G, 5G, and VSAT services, lead to a level of convenience, efficiency, and luxury that are unparalleled anywhere on land and sea. However, those very same features open yachts up to a wide array of cyber risks. While we have not yet publicly seen cyber-criminals take control over a yacht’s OT network, we have seen an increasing trend in attacks designed to steal money and even blackmail owners. While building a cybersecurity program generally requires trade-offs and compromises, the nature of the yachting creates a unique opportunity to develop a cybersecurity program without compromise.
The core of any good cybersecurity program is about managing and mitigating the risks associated with the implementation and usage of technology. By engaging in cyber risk management, yachts can set their agenda by identifying, managing, and mitigating risk effectively on the yacht. The process of cyber risk management is not purely a technical question, but rather must include business process and industry knowledge in determining the most serious risks to the yacht.
A moderate vulnerability on a critical system can pose a significantly higher risk than a serious vulnerability on an unimportant system. While defining the exact contours of cyber risk management can be difficult, it cannot a one-time occurrence, but rather it must be a constantly evolving and iterative process that should be refined and strengthened by folding in new knowledge, evolving threats, and changing security tactics.
Traditional defenses, such as firewalls and antivirus, generally fall into the ‘Protect’ function, and are designed to keep the criminal out, but yachts need a defense-in¬depth approach that not only keeps criminals at bay, but can catch and respond to them if a criminal breaks through before he can do any real damage. Ensuring security controls are well balanced between the functions is critical to enabling the cybersecurity to effectively, prevent, detect, and respond to any threat.
Yachts exist in a much broader ecosystem, including builders, suppliers, managers, crew, and countless other companies. In order to effectively control for the broader landscape of cyber threats, yachts must practice third-party vendor risk management, to ensure that the ecosystem supporting yachts is safe, secure, and doesn’t pose a risk to the yacht.
Cybersecurity is a difficult but winnable battle. Whether driven by compliance under the IMO, or by the threat landscape more generally, cybersecurity will be coming to the industry. Owners, builders and management must welcome these developments and turn the yachting industry into an exemplar of cybersecurity. While we do not know which path the industry will take, we do know that yachts have never lived by the creed of ‘good enough’.
Benjamin Dynkin
For more details Tel: +1 516 545 0161
or visit www.atlas-cybersecurity.com