The Triton


Secure at Sea: Cybersecurity laws lacking when it comes to yachts


Secure at Sea: by Corey Ranslem

It is hard to realistically determine the number of cyberattacks that take place within a given time period. Many cyber experts believe the maritime industry has suffered eight to 10 major cyberattacks since the start of 2018. If you look at all cyber-related issues, that number moves into the thousands.

What are the International Maritime Organization and the respective world governments planning to push forward when it comes to cybersecurity laws and regulations for the maritime industry? Very little. Industry organizations seem to be taking the lead when it comes to guidance and industry-specific best practices. Unfortunately, regulatory compliance does not always align with industry-best practices. Those best practices sometimes vary by industry and location. What is good for a large cruise ship might not always work well within the large yacht industry and vice versa.

Currently the IMO has issued Guidelines on Cyber Risk Management (MSC-FAL.1/Circ.3), and the Maritime Safety Committee, in their 98th session last year (June 2017), adopted Maritime Cyber Risk Management in Safety Management Systems (Resolution MSC.428(98)). This resolution encourages flag administrations to ensure that cyber risks are “appropriately addressed” as part of existing safety management systems (ISM code). This is set to take place by the first annual verification of the company’s Document of Compliance after Jan. 1, 2021, according to the IMO website. A lot can happen between now and then.

I attended a recent conference with IMO officials. Several participants asked about changes to the ISPS codes to incorporate cybersecurity. The IMO said there are no such plans. They felt the existing code, in broad terms, provides the framework to address a number of threats, including cybersecurity.

Flag states and some class societies have put forward some guidance documents regarding cybersecurity. The U.S. Coast Guard published cybersecurity guidelines in 2017 for MTSA-regulated facilities as part of an overall critical infrastructure cybersecurity plan. Nothing within this strategy mentions vessels. The MCA published “Cyber Security for Ships, Code of Practice,” a 73-page document with some good guidelines. However, there are no major regulations proposed regarding cybersecurity specifically for the maritime industry.

Governments have put forward laws and regulations regarding cybersecurity, but they are more specific to handling data, not cybersecurity in general. I believe maritime industry regulations are not being proposed because of potential problems with enforcement of those regulations, along with several potential jurisdictional issues.

There are several maritime industry-related organizations (within the cargo and cruise industry) that have provided guidance to their respective industries on cybersecurity. These documents mirror a document on cybersecurity put together in the U.S. by the National Institute of Standards and Technology. Published initially in February 2014 and revised in April, this 55-page document is not specific to any industry or organization, but critical infrastructure in general. Many of the principles, in theory, can be adapted to the maritime industry.

Insurance companies aren’t moving at lighting speed in producing cybersecurity coverage for the maritime industry and, specifically, vessel operations. There are several cyber-related products for companies and critical infrastructure, but at this point, most large insurers haven’t worked through the risk model for cyberattacks against large yachts, cargo vessels or cruise lines. Cyber-risk insurance for ships will start in the cargo industry, then move to cruise lines and large yachts. Insurance companies still need to collect data to determine how to best price that risk.

I recommend one simple principle: If you have a company managing your cybersecurity infrastructure, it is a good practice to have another trusted company try to penetrate your network, testing the resilience and security of that infrastructure. I haven’t seen many vessels – whether large yachts, cargo lines or cruise lines – with cybersecurity standards even close to that of the healthcare and financials industries. As an industry, we have a long way to go.

Corey Ranslem, CEO at International Maritime Security Associates (, has more than 24 years of combined Coast Guard and maritime industry experience. Comments are welcome below.

Click for this month’s Triton cover article: Hacker hijacks email, steals $100,000 charter deposit

Related Articles

Sea  Sick: When stroke signs appear, fast action is critical

Sea Sick: When stroke signs appear, fast action is critical

Sea Sick: by Keith Murray Earlier this year, American actor Luke Perry died from a stroke at the age of 52. Here are some other famous people who also died from a stroke: Bill Paxton,  age …

The more things change the more we look the same

The Triton turns 10 years old this month. Like most yacht crew, we’ve been a lot of places, a bunch of them over and over again, and had some memorable experiences, most of them good. We feel as …

Sometimes simple symptoms can be signs of something worse

Recently, my friend Capt. Rob noticed he was feeling tired earlier in the day. He was also sweating more than usual but, being out in the hot Florida sun working, that did not raise any …

Behind the scenes: Derecktor

Behind the scenes: Derecktor

Three best friends who have worked collectively for almost a century at Derecktor Shipyard in Dania Beach, Florida chatted with The Triton during their lunch break on March 9. Painters …

10th annual World Superyacht Award finalists

10th annual World Superyacht Award finalists

Boat International Media has announced the finalists for its 10th annual World Superyacht Awards, which will take place on May 9 in Amsterdam. Finalists include: For displacement motoryachts …

Unbridled talent takes Table Top Challenge award

Unbridled talent takes Table Top Challenge award

Interior crew were recognized yesterday in a Table Top Challenge that pitted the styling of the stews on a dozen yachts in the show. The winner is the interior department of M/Y Unbridled, a …


Leave a comment

Your email address will not be published. Required fields are marked *

Please answer the question below to leave a comment. * Time limit is exhausted. Please reload CAPTCHA.

This site uses Akismet to reduce spam. Learn how your comment data is processed.