Cyber Security for Superyachts
Superyachts face very similar cyber security threats to any modern business, however, additional vulnerabilities can come from the way systems communicate on-board and essentially how this technology is often insecurely transmitted. Vessels are usually managed from one central management system that controls the navigation, engine management, entertainment system, lighting, air conditioning and what’s most worrying is that it can also be wirelessly controlled from iPads and other devices. This set-up, whilst very convenient can open up the super yacht to a multitude of internal and external cyber security threats. Where there has historically been separated networks for navigation and entertainment systems (IT & OT systems), they are now frequently combined with some level of access between the two, if there is access for a level of functionality, there is also access for an attacker to attempt to access both networks
The primary goal of cyber-criminals is that they want to make money, and lots of it. Given that motivation, superyacht owners’ and their guests’ affluence is an undeniable lure. Through no fault of their own, they are prime targets for this type of crime; and quite often the levels of security that protect their corporate assets is not routinely extended out to protect all aspects of their digital lives. Their biggest threats are therefore theft of assets, of private and personal information for sale or blackmail, and also sensitive corporate information such as business dealings and commercial copyright. There have been numerous cases where individuals have lost millions of pounds and very private, personal and family related information. The impact of this can be truly devastating, both financially and emotionally.
Worryingly, all too frequently there are stories in the press about high profile individuals that have had their systems attacked or their reputation tarnished.
Until now, there has been no single source of protection for individuals.
As a leading cyber security consultancy and cyber security managed services provider, we can protect individuals from cyber exploits and attacks, as well as being able to offer the type of security advice and services that are equal to or superior to security measures used by most global companies.
SUPERYACHT CYBER SECURITY
The International Maritime Organization has outlined that by 2020, all vessels over 500gt will be required to demonstrate they have addressed the cyber security threat.
Our team of cyber security experts concentrate on securing both the virtual and physical landscape by building assurance, awareness and most importantly by protecting the vessel and its personnel. Our superyacht cyber security analysis covers both information technology (IT) and operational technology (OT) to provide comprehensive cyber security protection to the vessel, the crew, the owner and their guests.
Our comprehensive super yacht cyber security risk assessment is completed from both an internal and external network and this detailed analysis enables us to highlight security weaknesses in both IT and OT systems on-board.Home, Family Office, The IOT (Internet of Things), Wifi and network-enabled devices, including physical access points, controls and camera systems, are all observed and assessed to provide a summary of findings. Client’s confidentiality is preserved through the secure and forensic storage of all client data and test results, consultants are all trained in cyber forensics to guarantee the security of data stored but also to enable them to be able to conduct forensic investigations and prepare evidence for law enforcement in the event of a suspected crime or civil offence.
As well as providing an integrated fabric of controls that provides advanced Superyacht Cyber Security threat protection – we provide:
- Training and awareness for crew and land-based staff
- Crisis management plans
- Breach scenario planning an rehearsed response protocols
- Phishing and attack simulation tests.
CYBER SECURITY AWARENESS TRAINING
A majority of cyber security related attacks are attributed to human involvement. We address this with our bespoke cyber security awareness training programme for all crew. Our training has been proven to be very effective in stopping staff from inadvertently causing costly cyber security incidents.Our in-depth maritime cyber security training covers relevant and current cyber security threats and subsequent threats to information including: negligence, phishing, insider threat, malware, technical surveillance etc. In addition we cover other security threats including Email, Web (includes strong passwords and safe internet browsing), Mobile Communications, Wi-Fi, Handling Sensitive Information, Best Practice and the steps to take if you think you’ve been a victim of an attack.
CYBER SECURITY MONITORING
Cyber security monitoring and subsequent reviews are carried out throughout the year based on the vessel’s activity. Our primary goal is to effectively manage the cyber security of the vessel and maintain its security. Working closely with the captain, crew and land based management, every factor of the yacht’s operation is considered including schedules, personnel and the integration of IT & OT systems.
Our Monitoring Service Provides:
- 24/7 security monitoring and threat analytics designed specifically to look for threats to the vessel
- Bespoke intrusion alerts
- Deception and decoy technology, marine focused with immediate alert of activity
- Internet and dark web monitoring of clients, names, routes and targets
- Geolocation monitoring for social and web posts
CYBER INCIDENT RESPONSE
The speed at which incidents are identified and dealt with makes a significant difference in controlling the associated risks, cost, exposure and damage to reputation. Effective Cyber Incident Response (CIR) management reduces the risk of incidents occurring, helps detect incidents early and develops a more robust defence against future attacks that can potentially save millions.
Expert cyber incident response and decision making in a crisis is available within 1 hour 24/7. First responders provide cyber forensics and crisis management along with technical response and remediation decisions, which includes containment and identification of the root cause for all cyber incident alerts.