London saw cyberattacks increase five-fold and with internet fraud and hostile software attacks ramping up at such a rapid rate, the burning question is why the superyacht industry is not taking this potentially devastating issue more seriously.
It’s an area which will come under the spotlight at this year’s Caribbean Charter Yacht Show, with IGY’s strategic partner Pelion Consulting offering free cyber audits to some of the yachts registered at the show, exploring weaknesses in their digital footprint and highlighting the importance of cyber security.
The cyber audits will check the main vessel network for vulnerabilities, check how insecure their WIFI is and what information is leaking as well as carrying out dark web searches for any information on the vessel itself that has reached the public domain.
In all cases, Pelion Consulting will provide solutions on how to improve network security and minimise the yacht’s digital footprint. CCYS attendees will be able to visit the ‘hacker magicians’ as they hack a mobile phone, turning on the camera and microphone, and the experts will check the personal digital footprints of willing volunteers.
"Cybercrime doesn’t only affect the yachts themselves, who are a target of criminals and hackers, it also affects the wider supply chain," explains Pelion’s CEO and co-founder Richard Hodder. "Teaming up with the CCYS demonstrates our commitment to the whole yacht and maritime sector, both sea and shore based.
"One of the questions we ask is “are you aware of your digital footprint?” This applies to us as individuals as well as the yacht itself, which will have a combined digital footprint.
"We’ll be demonstrating the ease of accessing personal information and onboard systems such as WIFI and the operational technology as well as providing free cyber health checks for yachts and individuals. Apart from demonstrating how easy it is to access information and data, more importantly we will show how simple it is to prevent and protect access to systems and data."
Pelion has engaged Mike Jones, a master hacker turned security consultant, as one of the experts who will be giving demos on how cyber fraud is committed – and what steps you can take to bolster protection on board.
"Cyber fraud and hacking are super easy if you know what you’re doing," says Mike. "I can infiltrate someone’s cell phone in less than 30 seconds and once I’ve gained access, I can monitor where they go, pole their phone for their geolocation latitude and longitude every 30 seconds and follow them. Lots of people buy IoT devices like Alexa and Ring doorbells that have access externally. I use those systems to get in."
Mike became fascinated by computers and technology at a young age and after leaving the US military in 2003, he helped to establish international activist/hacker movement Anonymous before working with the FBI as well as UK police forces as a cyber security consultant.
It is precisely these skills and his colourful background that made Mike the optimum authority in cyber security to give demonstrations and advice at CCYS in Richard’s eyes.
"Mike thinks outside the box when it comes to security issues," says Richard. "Someone who has worked on both sides of the law can demonstrate from experience just how easy it is to listen into conversations and hack anything.
"Mike will also analyse the extent of our digital footprints and how fraud is committed against targets. He brings a realism to the situation and having that first-hand account always impresses people who listen to him."
Despite new IMO regulations being put into place this year, Mike is concerned that superyachts are still not taking cyber security seriously. "When people get out into international waters, they think they are isolated," he explains. "They operate as if they’re isolated but if you have an internet connection going into that superyacht - whether it be from a satellite connection, a tower-based tech connection or a cellular connection – that makes you vulnerable and a potential target.
"A lot of things on superyachts are there for convenience and luxury and that overshadows the need for security. You have Wi-FI, Bluetooth and all the luxuries you’d see in a $20m mansion on a floating vessel and when they go out into international waters and start making business transactions, they are highly vulnerable."
Richard agrees, adding: "The yachting community is gradually coming round to the fact something needs to be done. Regulations that started this year have helped but there’s still a tick box mentality among crew and yachting companies.
"Security is an evolving threat landscape which requires constant overview. Raising awareness and developing a cyber aware culture is key to changing this tick-box mentality."
So what are the crucial tips for improving cyber security that yacht crew and owners can invoke fairly painlessly - and what should they do to create a robust protective barrier to deter hackers?
"First of all, you should secure any kind of wireless communication whether it be cell phones or Wi-FI," says Mike. "Do the basics, make sure it’s encrypted, use strong passwords and ensure there’s some sort of gap between the critical infrastructure systems on the ship like navigation and the engine room and the guest and crew internet access. There should be no connection there.
"The biggest flaw most networks have is very little to no encryption or security standards when it comes to anything wireless, as well as allowing guests to access critical parts of the network. If you mimic a system that requires a wireless connection, you can take over. Anything emitting radio frequency emissions like radios, Wi-FI, GSM and satellite navigation can be hacked or broken into from the outside."
The strategic partnership between IGY and Pelion Consulting and their presence at CCYS should go a long way to reassuring the yachting community that much can be done to protect privacy and systems with the right advice.
"We hope to provide information and assurance to everyone concerned and be there to answer any queries people may have on this subject," adds Richard.
"As independent cyber security and digital protection consultants, focusing on yacht cybersecurity, we want to give the industry peace of mind. With all the different products on the market, we can advise what the best solution is, cutting through sales jargon. Having Mike on board helps us analyse and identify the best and most cost-effective solutions.
"Developing relationships with yacht crew and providing assurance that they have someone to turn to when it comes to any aspect of cyber security is very important to us and CCYS is the perfect event to help us get this crucial message across."