Surprisingly, for many yachtsmen the word “cybersecurity” is still unfamiliar. Interparus will talk about how important cybersecurity is in yachting and what you should be prepared for.
Digitalization of yachting
Many yachtsmen can no longer imagine their life without modern technology. It's no joke, even fairly ascetic yachting enthusiasts will prefer to go to sea with AIS and radar. And GPS and chart plotter have become de facto part of the standard set. However, it is unlikely that the set of electronics on board is limited only to navigation equipment.
Every year more and more products appear on the market that help automate processes on your yacht. Some devices will work locally - for example, control the electrical system of a boat. And other devices will be linked to global systems and cloud storage (including navigation).
All this brings us yachtsmen to a classic problem that is much more familiar to programmers. Cybersecurity today is no longer some distant, incomprehensible and exotic word. Cybersecurity is a pillar and one of the pillars of safe yachting.
However, not everything is under our control. There are several levels of working with cybersecurity, which we will talk about in this material.
Origins of the problem
In fact, cybersecurity is not really about computers and computer systems. The main problem of information security is... the person himself! Yes, yes, the key problem of cybersecurity is the good old human factor. There is a joke among programmers that if you remove humans from programming, there will be no need for cybersecurity.
And this is the honest truth. Fortunately or unfortunately, a person is not a machine or a computer. We cannot, purely physically, come up with a system that would be resistant to everything. First of all, the stability of the system is checked by the end user of the software. That is, by the user.
The program or service you use to navigate may itself be safe in principle. But how you use them determines the safety and security of your data.
The same applies to yacht security systems that can be controlled from your phone. Leave a loophole for a potential attacker, and he will take advantage of it. An important task that a yachtsman faces, and which many ignore, is self-education.
A sailor is a versatile person. A sailor is a person with a broad outlook and extensive knowledge. And first of all, the seafarer’s knowledge is based on the principles of his own safety and the safety of the entire crew. A basic understanding of how computer systems work is important, so don't miss this opportunity to learn!
In fact, it won't take you long to get to the bottom of the problem. You can listen to several videos on YouTube about the basic principles of cybersecurity in the background and already have a general idea of what and how attackers can do.
Problems of superyacht owners
Large yachts are usually at risk when it comes to cybersecurity. There is a huge amount of valuable equipment on board superyachts, which simply will not work without a central control unit. In turn, this control node comes with software that makes the entire system work together.
Any part of such a system that has direct or indirect access to the Internet is at risk of hacking. The consequences of such a hack can have a wide range: from a banal problem with lighting on board to shutting down the vital systems of the yacht.
Owners of small yachts can sarcastically rub their palms and remain in a deceptive sense of security. However, there are two points that such “lucky ones” should pay attention to:
1. Technologies in the maritime industry “migrate” - what was successfully tested in the merchant fleet is transferred to the civilian fleet and vice versa. What yesterday was the prerogative of huge motor yachts can already be found today on boats 10-12 meters long (the same complex systems for monitoring and controlling energy systems). Moreover, what’s funny is that technologies “migrate” along with all their vulnerabilities. Vulnerability migration is likely a key challenge. This problem is well known to programmers when a program is ported to a new device, and as a result, along with the updated interface, old problems of the program appear, which were embedded ten years ago in the first version.
2. Considering that you are completely safe just because your yacht is smaller than a superyacht and belongs to the mid-budget class is just as pointless as a statement in the style: “My neighbor has a bigger house, which means he will definitely be robbed, but from me -what should I take?” Yes, a neighbor with a larger house is more likely to be robbed. But who said that after your neighbor, your house won’t be the next target? In matters of one’s own safety, it is necessary to assess risks, compare and analyze, but the priority should be to ensure one’s own safety without regard to how things are going with the “neighbor.”
Take these aspects into account, because they can play a cruel joke on you, instilling in you excessive confidence in your own safety. For an attacker, there is no more desirable “client” than one who is completely confident in his security and does nothing to improve its level.
Real threats
Now let's briefly go over the main vulnerabilities of any information and electronic system on board any yacht. So, one of the types of vulnerabilities is the dependence of your yacht on digital systems. Today, almost any new yacht is equipped with a decent set of equipment, which is controlled by some kind of sophisticated computer system.
The more of your yacht's systems are tied to one or more control nodes, the more vulnerable your yacht becomes to a cyber attack. Pay attention to the management systems for your batteries, chargers and any device that has direct access to the Internet.
Indeed, if you are the owner of a large superyacht, then you should be wary of attacks aimed specifically at you and your yacht. Famous and wealthy individuals can become targets for hackers even if they have not done anything illegal. This is a fact that you just have to live with and be prepared for.
For us, ordinary yachtsmen, there is an equally unpleasant misfortune - “blind” and indiscriminate cyber attacks that are not aimed at anyone in particular. These attacks are similar to classic email viruses. Their organizers simply “throw” viruses into the network in the hope that someone will inadvertently pick them up. Sometimes the consequences of such attacks are even more catastrophic.
Special Mention: Internet of Things
Unfortunately, the extremely convenient Internet of Things (or IoT) is also a potentially unsafe tool. According to Nordic Seminductor, “The Internet of Things lags significantly behind other IT industries in providing adequate levels of security.”
This problem is much closer to the ordinary yachtsman. Many sailors like to upgrade their yachts with microcomputers such as a Raspberry PI 4 and a set of boards, or buy ready-made systems.
However, using IoT on board a yacht needs to be done carefully. In the IoT paradigm, each device is connected to a common network and, if it does not have direct access to the Internet, then at least the IoT control nodes are directly connected. This makes it possible to take control of individual parts of the system, disrupt the system, steal data, etc. Therefore, you should carefully choose the manufacturer of your IoT system (if you are purchasing a ready-made system) or strengthen your skills and knowledge in cybersecurity (if you are assembling the system manually).
In any case, there is always the opportunity to request help from experts in such systems. There will always be enthusiasts who will be happy to help protect your yacht and confidential data from intruders. Never hesitate to ask questions.
The most insidious problem
The most unpleasant problem related to cybersecurity is the problem of protecting the cloud services of your websites and programs. The insidiousness of the problem is that hackers can, at the behest of a pike, decide to take down the site or servers of a conditional mapping application, as a result of which sailors may be left without the necessary maps. This, by the way, has already happened last year.
Only fortune and forethought can protect you from such problems. Have multiple navigation apps, multiple sets of electronic navigation charts, multiple weather tracking sites, etc.
It’s unlikely that hackers will have enough power to “cut down” several large sites at once, but one or two will do. However, the recent rather ambiguous situation with the Ukrainian operator Kyivstar is very indicative. The main mobile operator went down for almost a week, and people were left without communication.
The bottom line is that you, as a boater, always have several backup options for obtaining vital navigational information.
How to protect yourself?
Fortunately, there are not so many cases of hacking, hacker attacks, and data theft in the yachting industry. However, we assure you that the more digitalized yachting becomes, the more real this problem will become. Once upon a time, fiberglass in the hull of a yacht was fantastic.
You should not neglect your own cybersecurity. Yes, it is more likely that your email will be hacked, you will get a Trojan on your computer or a virus miner, than something will happen to your yacht. However, this does not mean that you should not at least think about protecting your yacht.
Shortlist of things to look out for (potentially subject to hacks):
- systems with direct Internet access;
- yacht warning and security systems that can send notifications to a smartphone;
- yacht power system management systems with “smart control” functions;
- all types of “smart home” (IoT) systems, provided that you were not involved in setting up and creating the system;
- chartplotters, modern radars, AIS;
- cloud services to which your devices are connected on board.
What steps should you take to protect yourself? If we are talking about purchased ready-made equipment, then keep track of what networks you connect to and what files you install/download to these devices. If you yourself have created an IoT system on board, then take care of proper protection of the system at the protocol level.
Otherwise, the rules are standard for any Internet user. Accuracy, vigilance and calm are our main friends in any situation.
Don't forget to rate the content! You can find other interesting articles on the links below or in the "News" section!
13.01.2024
News and articles
The battery is an indispensable thing on any yacht. Intersail will tell you about the five best compact batteries for your boat!
Read more…Malta's Minister of Transport, Infrastructure and Capital Projects, Jan Borg, announced that they currently own the world's largest superyacht roster.
Read more…The Italian Maritime Industry Association recently hosted a conference where reports for 2020 and 2021 were presented. Considering that Italy is one of the most important European maritime arteries in the Mediterranean, it can be said that much of the situation in Italy can be transferred to the entire European coast. What should be expected and what are the prospects?
Read more…