Rise in cyberattacks on yachts leads to new legislation
Superyachts and motor yachts are increasingly under attack from cyber criminals who sense rich pickings, according to cybersecurity company C3IA Solutions. The company says attacks in the maritime sector shot up by 40 per cent in just 12 months pre-Covid and continued to rise through the pandemic.
In reaction to the trend, new regulations came into force on 1st January 2022 and require vessels to prove they have cyber security resilience. This International Maritime Organisation (IMO) code currently relates to vessels in excess of 500 gross tons but all yachts with computer systems are at risk.
Jim Hawkins from C3IA Solutions says: “We have been particularly busy working on motor yachts and superyachts across the world but also in the UK. With attacks having increased dramatically in recent years owners and operators are much more aware of the risks. While the new IMO code relates to large vessels, it might in future be amended to encompass much smaller boats and it is always best to be prepared.
“Superyachts’ systems require updating and protecting just like any other system in a home or office. But there are added risks on yachts which makes them more vulnerable. These include the rotation of crews and stays in boatyards. Charter boats also have a rotation of those using them and the more people going on and off boats necessarily means more opportunities for criminals to take advantage and plant listening devices or computer malware.
“Our teams are experienced in technical surveillance counter-measures (TSCM) - known as bug-sweeping - and are doing more work on yachts in order to provide assurance to the owners. Other teams carry out penetration testing – something we can do remotely – to test the security of onboard IT systems.
“Obviously with the rich and famous owning and using the yachts they are a high value targets for hackers. The data and information contained on them could be extremely valuable. The new code is now being enforced and will help burst the myth that by being at sea you are somehow less vulnerable to attack.
“Insurers too are becoming more concerned and often now demand proof of cyber resilience before offering cover. Testing should be a routine activity for all yachts and it is extremely positive that the maritime sector is catching up with cyber security requirements,” he adds.
