Carole Plessy, Head of Maritime Product Development at OneWeb, explores best practice for superyachts concerned with cybersecurity
The digitalisation of the superyacht industry is key to its enduring success. While other maritime sectors spent some time debating the benefits against the costs and pitfalls, superyacht owners immediately recognised that greater connectivity and technology would improve both the safety and luxury of the on-board experience.
The industry was ahead of the curve. The International Maritime Organisation’s stance on cybersecurity begins: “Cybertechnologies have become essential to the operation and management of numerous systems critical to the safety and security of shipping and protection of the marine environment.”
For the superyacht industry, privacy, security on a personal and corporate level are paramount. High net worth individuals and their families are prime targets for cyber ransomware and data theft. Superyacht navigation, real-time maintenance, and regulation compliance are equally important.
Exciting upcoming innovation, like increasing automation and predictive maintenance of the superyachts components will require high speed (greater than 50Mbps) and low latency (100 milliseconds or lower) connectivity, as decisions have to be made in real time based on context. Terrestrial grade connectivity means that guest and crew are connected on shore and at sea. It also means that on-line gaming platforms will be added to the entertainment options on-board.
While increasing connected devices and entertainment has solved many problems, it has made one new problem increasingly common – superyachts are prime targets for cyber-attacks. They are of high value and often have influential passengers on board. On long trips, superyacht passengers frequently have to conduct business, all of which is enticing for cybercriminals.
Only high-profile attacks make it into the public conversation. They can be devastating: at The Superyacht Forum in 2019, an anecdote of a superyacht owner losing $11 million from a single phishing e-mail attack was shared on stage. But the large attacks are not the only ones. At the conference, the audience reacted with stories of their own: one captain had lost €100,000 on what he thought was a fuel payment.
While cybercrime is appropriately feared, its mitigation is still underestimated. While many are aware of the risks, they are unaware of the many challenges that arise in successfully implementing best practices. Captains must not be fooled by a simple firewall masquerading as a ‘cyber solution’: the virus-like nature of cybercrime means it is always mutating and does not have a static cure. There is not, and will not be, a silver bullet.
Fortunately, there is a general recipe for success. At OneWeb, the connectivity network is built on cybersecurity principles combined with a layered, multi-pronged approach that authenticates and monitors the systems, platform, applications and users. Across industries, research has indicated that 90 per cent of data breaches are down to human error. A rigidly vigilant operating principle is the only way to minimise such errors.
OneWeb follows three core cybersecurity principles to build its network. The first principle is zero trust: all human and systems data exchange require authentication before any transaction or communication can take place. It means that access through one system is short-lived and does not grant access to any other part of OneWeb’s network.
Secondly, zero-day attack prevention entails using the best of AI and Machine Learning tools to detect anomalous systems or human behaviours before any breach is acted and before any known vulnerability is published or damage done. These techniques allow you to spot malicious behaviour before they cause damage and shed light on vulnerabilities before they are exploited – possibly the most powerful shield against cyber risks.
Thirdly real-time compliance monitoring and system auditing is key, software packages, without the benefit of ad-hoc security patches, are susceptible to these attacks. Auditing is the only recourse against the ‘silent’ attacks which aim to steal data. Though the software may be obsolete, the packages frequently still store sensitive data that makes it a target. At sea, connectivity is especially vital: 41 per cent of all maritime software updates are received by satellites, while the remainder is coming from a memory stick brought onboard,
Lastly, the orchestration of the interactions between automated tooling, 24/7 Security Operations Centre and IT staff provides the ultimate defence against a constant and mutating set of cyber threats.
It is also important to keep in mind that ensuring safety requires internal accountability. One stakeholder must be accountable for the overall cybersecurity of the vessel. In superyachts, that responsibility may lie with the captain. But too much pressure on the captain can endanger everyone. A well-connected yacht, with a solid cyber policy framework is the best possible starting place. There are no one-stop-shop solutions to a multi-layered cyber risk. Each supplier in the ecosystem should challenge to demonstrate its credentials and its approach to cyber risks.
A high-speed enterprise grade connectivity provider like OneWeb can become the trusted backbone of a superyacht’s cybersecurity. With fully separate networks for crew, owner and IT systems, and a government-grade best practice and 24/7 manned and machine-driven System and Organisation Controls, OneWeb’s service ensures that a superyacht captain and Electrical Technical Officer do not have to face this daunting task alone.
Digitalisation, driven by high speed connectivity, will continue to drive innovation for superyachts. Many of the applications, like automation and entertainment, will be complicated and exciting. But perhaps the greatest benefit of ubiquitous connectivity will be the knowledge that however you use it, you can trust that it is secure.v
If you like reading our Editors' premium quality journalism on SuperyachtNews.com, you'll love their amazing and insightful opinions and comments in The Superyacht Report. If you’ve never read it, click here to request a sample copy - it's 'A Report Worth Reading'. If you know how good it is, click here to subscribe - it's 'A Report Worth Paying For'.