beachouse cybersecurity
12th February 2021

CYBERSECURITY FOR YACHTS: WHAT YOU NEED TO KNOW

The private oasis of a yacht provides welcome relief from many of life’s stresses. But even when cruising remote atolls, owners, guests and crew should be prepared for a scenario when cyber crime may try to inch its way on board. Social media platforms, online banking sites, email accounts, mobile applications, and third-party programs present the same risks at sea as they do on land. In the current environment where many individuals are working remotely, often with sensitive information, cyber awareness is key. This is highlighted by a recent report from IBM, which estimates that cyber threats increased by as much as 600% during the Covid-19 pandemic.

Heidi Wachs, vice president at Stroz Friedberg, a cybersecurity risk management firm that specialises in digital forensics and incident response, says, “The types of cybersecurity considerations people make in their daily lives largely apply to yacht owners.” She recommends owners be particularly vigilant around how they use technology on board and what type of online activities they engage in. She also endorses identifying onboard systems that can be controlled via a network, especially those that interact with the Internet, such as heating, cooling, and security systems that can be operated via Wi-Fi or mobile applications.

“If systems like these are compromised, it may lead to the disclosure of personal information or, in the worst case, malfunctioning yacht systems,” advises Wachs.

Many individuals on board a yacht feel secure as they are physically distant from others, but it is important to remain alert whenever using the Internet, regardless of location. “When at sea, it can seem that no one is close enough to ‘listen’ to Internet traffic coming from the yacht. However, if you click on a malicious link, provide your personal information to an illegitimate site, or fall victim to a phishing scam it doesn’t matter whether you are on land or at sea.”

‘Phishing’ refers to a technique that entices users to click on a malicious link while using email or surfing the web. It’s a common method of tricking people into revealing private information, and according to Stroz Friedberg, these types of attacks are increasing by almost 150% year-on-year.

Should anyone on board a yacht suspect or realize that the security system has been compromised, it is paramount that the incident responder and specialized cybersecurity counsel be contacted at the earliest opportunity, says Wachs. All usernames and passwords that relate to the compromised system should be immediately changed, and ideally law enforcement should be contacted.

“If you notice that a technical system or device is not operating as expected, you may want to consider engaging both the vendor and a digital forensics expert who can review available evidence to attempt to identify what may have happened,” adds Wachs.

In addition to the personal safety assurances that cybersecurity can bring, the International Maritime Organisation (IMO) has introduced a resolution that came into force on 1 January, 2021, whereby yachts that adhere to the ISM Code – including commercial operations, vessels with more than 12 passengers, and yachts over 500GT – must now formally incorporate “an appropriate level of awareness of cyber risks” into their onboard safety and security. Further IMO guidance states that an ongoing training and awareness programme is a crucial element of onboard and shoreside cyber risk management. Simultaneously, the United States Coast Guard has announced that from January 1, 2021, it will begin enforcing the universal requirement for a cybersecurity plan for all commercial yachts and ships over 500GT visiting US ports, regardless of flag.

In the modern age, it is important to assess the yacht’s system and equipment to determine whether a yacht is vulnerable to cyber threats. The IYC management team works closely with cybersecurity experts and can advise both owners and crew on how to ensure their vessel is as secure as possible. From providing a Ship Security Assessment (including evaluation of onboard remote accessible equipment, key shipboard operations, current security measures and the identification of possible security threats) to implementing a comprehensive cybersecurity plan in the yacht’s safety management system, there are many efficient steps that IYC can help yachts to take to prevent malicious cyberattacks on board and enable owners and guests to relax and enjoy the finer pleasures of life aboard a superyacht.

What are the effective strategies for strong cybersecurity? Noah Rubin, Manager at Stroz Friedberg, offers his advice:

There are several steps you can take to improve your cybersecurity systems and mitigate the risk of cyber attacks:

  • Use good judgment and critical thinking when interacting online. Don’t click on links in emails or texts from unknown senders. Don’t accept friend requests or follow requests from users you don’t know. Don’t disclose personal information, including your whereabouts, on social media, or other public forums.
  • Use strong, complex passwords or passphrases and rotate them every 60 or 90 days. Consider using a password manager to generate strong, unique passwords for each website or app, especially financial accounts.
  • Always change default passwords for devices or systems on a yacht, including Wi-Fi networks. Refrain from logging in to any sensitive or financial accounts when using public Wi-Fi – for example at the marina.
  • Use multi-factor authentication (MFA) where available. MFA is a combination of something you have or are and something you know. For example, you would know your password, but you would also receive a text message or use an authenticator app for a secondary code to enter before you can access an account.
  • Practice a ‘need to know’ philosophy for disclosing sensitive or personal information, such as social security numbers and financial accounts.
  • Minimise the number of people who have the credentials to any systems that control the yacht’s operations and know how to reset them when the crew changes.
  • Be selective in websites or apps you grant permission to track your location or interact with your accounts on other sites.
  • Update software when it becomes available. This not only applies to personal devices like cell phones, tablets, and computers, but also to the software used to control yacht systems.

For more information on implementing a comprehensive cybersecurity plan on board, contact the IYC team today.

We use cookies in order to ensure the best possible navigation experience for you in our website, as well as to make our website better. Please read our cookies policy to find out more. You can either go on to “customize cookies”, by choosing the relevant link, where all cookies’ categories are described in detail or you can continue browsing our website, by accepting all cookies’ types that are used for its function.

Privacy Preference Center

  • Consent Management
  • Cookie Settings

Consent Management

Strictly Necessary Cookies

Performance Cookies

Functionality Cookies

Targeting/Advertising Cookies

Cookies Policy

Strictly Necessary Cookies

These cookies are absolutely necessary in order to provide you the requested services through the Website. These are essential to enable you to visit our Website and use its features properly. Basic functions such as the following rely on these key cookies:

  • staying logged into our Website;
  • remembering any personal information, you insert at the Website to contact us through our site or to execute online payment of insurance premiums
  • in general, providing services and information to you upon your request.

Performance Cookies

These cookies collect information on how users use the Website, in order to enable us to update and improve our Website and visitor experience. These cookies do not collect information that identifies a visitor. Such cookies collect information, in respect of:

  • pages that users visit more often;
  • products and services which are of more interest;
  • advertisements or offers that users have viewed;
  • links that users have followed;
  • error messages that users may receive while browsing the Website, etc.

Functionality Cookies

These cookies enable us to personalize our content for you, greet you by name, and remember your preferences (for example, your choice of language or region). If you choose to delete/disable these functionality cookies, any preferences/settings you selected will not be retained for subsequent visits to our Website.

Targeting/Advertising Cookies

These Cookies record your online activities, including your visits to our Website, the pages you have visited, and the links and advertisements you have clicked. One purpose of this is to help make the content displayed on our Websitemore relevant to you. Another purpose is to allow delivery of advertisements or other communications to you that are designed to be more relevant to your apparent interests. Delivery of interest-based advertising may involve us, our service providers and partners such as publishers, data management platforms, and demand side platforms. For example, if you look at a page on one of our Website, we may cause an advertisement to be delivered to you, on our Websiteor on other websites, for products referenced on that page or for similar products and services. We and our service providers and partners may also append other data to information collected by these Cookies, including information obtained from third parties, and share this information with third parties for the purpose of delivering ads to you.