Risky Business
Your many connected devices can put more than your personal data at risk.
For every boat sitting peacefully in its slip there’s a thief waiting to extract its MFDs with a surgeon’s precision. Or a thug wielding a crow bar with his co-conspirators a few lagoons over, trailer and truck at the ready. Both are formidable foes. However, they’re no match for the havoc a cybercriminal can wreak while cloaked in the darkness of cyberspace.
A few years back at an international yacht investor conference, a “white hat”—a hacker hired to crack a network to evaluate security systems—took only 30 minutes to hack into a yacht’s myriad digital networks, including satcoms, navigation data and the personal information of every guest who signed into the WiFi network. And late last year I read a report of a superyacht’s navigation systems being hacked while underway, with thieves threatening to steer the yacht into a reef unless a ransom was paid immediately via untraceable cryptocurrency. The vessel’s name was withheld, for obvious reasons.
In both cases, the vessel’s WiFi network was the path of least resistance, generally due to an easy-to-guess password; you’d be surprised how many people use their vessel name and its registration numbers as the password, or never change the generic username/password set up for them by the electronics installer. “When we set up a security network, there’s only so much we can do to encourage the client to update,” said Brian Kane, chief technology officer at Global Ocean Security Technologies (GOST), a leading maritime security outfit that provides everything from wireless security and satellite tracking to acoustic deterrents and cloaking systems.
Kane had a suggestion regarding the use of personal WiFi at your home marina or while traveling: Don’t. “Take any steps you can to make yourself private,” he told me. “Use the marina service or [your phone’s] 4G.” If you want to use your own WiFi, Kane suggests disabling the settings that broadcast your network and setting up a Virtual Private Network (VPN) for the highest level of encryption and total web anonymity.
As the market leader in satcom sales in the marine industry, KVH employs a six-level cyber approach that includes multi-level security features on their satellite and terrestrial networks, hardware and robust network configurations. “[We] provide vessel and network edge-based firewalls to block inbound connections and … also block malicious communications detected using the network edge firewalls,” Vice President of Satellite Services Rick Driscoll told me. Sounds techy, but in short it means that all connections from the internet are blocked by default, making them difficult to hack. KVH also has a network operation center that’s continually monitoring threats and supplies an informational -video for customers and crew called “Cybersecurity at Sea” intended to help clients mitigate the risk of a cyberattack.
But the satcom provider can only protect its own systems. Driscoll mentioned that with the massive increase of connected devices on board, owners and crew need to assure that the phones, tablets, etc., used to connect to a vessel’s network are also secure and have updated software. “The biggest thing in reducing cyber risk … is training people,” said KVH Media Relations Manager Jill Connors. “Cyber threats often start with someone [on board] downloading something or even plugging in a USB that’s been infected.”
It’s not the captain a few slips over using your unsecured or default password network to download movies that you have to worry about. (It is time, however, to update your system username and password from “admin” and “password.”) It comes down to the level of connectivity, as each IoT device added to your vessel is another vulnerability. The threat is real: Let’s not be victims of our own technology. Because every minute the hacker hides in the shadows, he gets stronger.
