Microsoft recently reported more than 1,000% increase in ransomware attacks between 2020 and 2021. The superyacht industry is no exception to this trend, with the number of maritime attacks alone increasing 400% in early 2000.
Consequently, the cybersecurity of superyachts is a topic of great interest to the sector. The acceleration of smart technology, coupled with the complexity of onboard networks, means that superyachts are increasingly vulnerable to cyber attacks, and those who fail to take adequate measures to control cyber risks are easy prey for cybercriminals.
The cyber attack represents an attempt to damage, interrupt or obtain unauthorized access to a computer, a computer system or an electronic communications network. Marine cyber attacks (such as hacking or introducing malware) are often the result of vulnerabilities such as outdated software, ineffective firewalls, and unmaintained networks.
Hackers use increasingly sophisticated techniques to identify vulnerabilities in a network, and therefore the communication and navigation systems of yachts risk being compromised, with security repercussions. The very characteristics of superyacht owners make them a coveted prey for hackers to obtain sensitive information or for extortion.
It is not only the hardware and software that are vulnerable: human interference as well, has been identified as a cybersecurity weakness, particularly on charters when crew and guests are on rotation. A lack of awareness or training can mean crew members are susceptible to phishing and less likely to recognize and report any security breaches. Additionally, personal crew and guest devices such as mobile and USB devices are common points of malware infection.
These cyber risks have prompted the industry to take appropriate action and establish a framework to address and mitigate this industry threat.
The IMO Cybersecurity Guidelines
In 2021 an IMO resolution has been introduced (MSC.428 98): the document states that every ship over 500 gross tons must have a cybersecurity mitigation system built into its own Security Management System (SMS) will become IMO compliant and ensure flag state approval. This resolution is designed to standardize and document processes that will reduce cyber incidents; compliance is monitored through internal and external audits.
To protect the yacht, vulnerabilities must be discovered taking a pragmatic approach to managing cyber risk, examining all IT and OT systems, determining the existing cybersecurity level and identifying any potential vulnerabilities.
Once the risks have been assessed, appropriate responses must be defined how to implement the technological controls. First of all the human factor, that is the training of the crew, and then the password, access control systems and network segregation.
IMO guidelines say, first of all, find out what you have connected on board. Many yachts don’t know this. Who has access to your passwords and security, who has access to the files on your computers on board, in the cloud, etc., who issues those passwords, the passwords are removed when the crew members leave… everyone these general pragmatic steps that don’t take too long and don’t cost much. But it takes you to a higher level of security. Immarsat runs a staff training course and provides a low-cost tool called Fleet Secure Endpoint security, which monitors networks, including all connected devices, for detection and reporting. any changes in patterns and isolate malicious activity.Peter Broadhurst, Senior Vice President Safety and Regulatory Inmarsat Maritime
Vesper Marine Cortex V1
Today, technology is everywhere. The connected vessel is one of the great trends of the future; remote vessel monitoringtechnology is essential and, in its most basic form, has been available on boats for over a decade. It is usually a black box mounted below deck, with several sensors placed inside the boat that can be both wired and/or wireless.
A widely used system is the Vesper Marine Cortex V1, an advanced multi-station VHF, AIS transceiver, DSC, GPS, Wifi connectivity, NMEA Gateway and much more. It is controlled through an intelligent device which consists of a 4″, anti-reflective color touch display.
The display connects to a blackbox which processes and provides all the data. You can remotely monitor (from the smartphone) all the data that have been integrated into the system and possibly set specific alarms. Some functions have been optimized in the years such as anchor watch, anti-collision system and MOB man overboard mode. Like all Vesper models, it can be automatically updated via WiFi, with updated data and new features.
With two-way communication established, the boat will alert you that it has problems and the on-board systems can be interrogated.
We are on the Internet of Things. Everything from load sensors to sail transponders, sea cocks and furnaces could in principle be reported back into the system electronically. Interacting with the boat via remote control has been a reality for some time now, but only at a basic level: the more elaborate scenarios are still in the future.
The benefit is being able to track boats and diagnose and troubleshoot the boat’s systems. Beneteau, in partnership with Seanapp Marine, has developed “Seanapps“, an intelligent application that allows boaters, dealers and charter companies to own their boat or fleet in any application.
By 2025, all 9,000 boats built each year by Benetau will be equipped with Sentinel’s BM-40 box as standard equipment.
Piracy is not just information technology: gangs of thieves act internationally, especially in the Mediterranean. To counter them, effective satellite surveillance is certainly the best method.
Introduced for the first time at Tecno Marathon 2021 conference hosted by Ameryacht, Permare Group, at the Genoa International Boat Show, ARGOS is a research and development project co-funded by EUSPA, the European Union Agency for the Space Programme. The project is led by Modis as part of the Fundamental Elements program and is formed by a consortium consisting of Permare Group, GEA Space, ChipCraft and Aria United,
The aim is to create a highly technological solution to help users protect their yachts from both theft and hacking attempts as well as from the risks of undocking. This solution is based on the implementation of new features of Galileo, the European Global Navigation Satellite System.
Thanks to the development of cutting-edge vehicle positioning technology, such as the upcoming Open Service Navigation Message Authentication (OSNMA), based on artificial intelligence, ARGOS is able to provide users with a solution that is reliable, safe and fast, ensuring superior performance and a greater number of features at a lower cost than similar devices: protects the vessel in the event of theft, tracks the vehicle position more accurately, even in the absence of GNSS signals, monitors the status of a moored boat (in roadstead or in port), defends the system from cyber attacks and tampering
OSNMA is a data authentication function for global users of Galileo Open Service, freely accessible to all. Provides receivers with the guarantee that the Galileo navigation message received comes from the system itself and has not been modified. The OSNMA authenticates the data for the geolocation information coming from the Open Service through the navigation message (I / NAV) transmitted on the signal component E1-B. This is done by transmitting specific data for authentication in previously reserved fields of the E1 I / NAV message. By using these previously reserved fields, the OSNMA does not introduce any overlay into the system and therefore the navigation performance of the operating system remains unaltered.
The Project Consortium is working to create the software platform that will enable information such as position, alarms, commands and messages to be sent and received.
A card/device will also be created to be installed on board, capable of communicating with: the ARGOS control centre, mobile app, web portal. The ARGOS control center provides a position monitoring and alarm generation in the event of theft/disanchoring, plus a surveillance and messaging system to update owners on the status of their vehicles. In this way, users will monitor the position of the vessel and manage the alarm system thanks to the ARGOS Web Portal and the Mobile App for easy and immediate access, via a mobile device, to the system’s features.