Physical security has always been a primary consideration on-board yachts as they are prime targets for thieves. This has not been the case with cyber security, but given the increasing availability of technology and a growing awareness of its vulnerabilities, this could be subject to change.
In 2017, it was reported in the Guardian that a cybercrime expert had managed to hack into a superyachts navigation system within a few hours, taking full control of the multi-million pound yacht and all on-board.
The hacker achieved this armed only with a laptop and being physically located in a nearby café. Although this was just for research and the 'attacker' meant no harm, a combination of similar tactics and capabilities from the wrong people could have resulted in disaster for those on-board or individuals linked to the yacht, such as the owner. So whilst physical security has rightly always been considered important and will continue to be so, it is concerning that little is being done to raise awareness around these alarming cyber-threats to yachts.
Our maritime report (To read our full report click here) introduced the cyber security risks facing shipping communities today; most of which both threaten to cease operations, cause huge financial losses and possibly cause risk to human life. Surprisingly to some, yachts are considered prime targets in this emerging trend – mostly likely considered 'easy targets' because they don't have large crisis, IT and information security functions backing them like the companies that own commercial and container vessels.
In our report we highlighted that yachts are and contain high-value assets: this also includes the rich and super-rich individuals who own and operate them. Main scenarios involve cyber-attacks that might facilitate hijacking and piracy.
Piracy is an ongoing concern in many parts of the world and most pirates would seize an opportunity to capture and ransom a high-value target, such as a super yacht and, even better, one with high-profile individuals on-board. This sudden control of power in remote locations can support with the group's financial or sometimes idealistic objectives. Subversion of navigation systems and security systems to facilitate the capture of passengers is entirely possible. As part of our conversations with researchers in this space, attacks could be combined with setting false AIS locations so that response ships are sent to the wrong locations – leaving more time for an attack to be undertaken.
Considering the same vulnerabilities, pirates will be able to launch cyber-attacks which could either take remote control of a yacht, or to force a yacht off course into vulnerable waters. This might occur via the transmission of false GPS signals designed to guide a ship off course. This would likely be accompanied by attacks on communications, leading to the conclusion that yachts require high levels of security and resilience in their communications and navigation systems. This last point is arguably not something high up on one's wish list when kitting their luxury homes on water.
Third party trust
There is a requirement for each yacht builder/broker to interact with hundreds of third parties when building or refurnishing these boats. That means realistically that there will be hundreds of digital interactions with these parties, as well as multiple specialists physically on-board the yacht fitting the desired goods. This is prime opportunity for cyber criminals to pose as third parties and attempt invoice fraud convincingly by hijacking communications, and if successful, taking huge payments. It also raises the question about the confidence in due-diligence and security of products, as it is impossible to vouch 100% for who and what is coming on-board.
In sum, whilst security shouldn’t take the fun out of sailing, it's important to take it seriously - especially as the costs involved in chartering or owning a yacht are so large.