The Triton


Secure at Sea: Yachts, yards may be liable for inadequate network security


Secure@Sea: by Corey D. Ranslem

Cyber security issues are a dominant part of world headlines on an hourly basis. Attacks continue in almost every industry and location of the world with an internet connection. Initially, I was surprised by the lack of network infrastructure security I saw, but I am no longer surprised – I expect it whenever we look at a vessel or facility’s network. 

Throughout the past year in this column we’ve discussed various aspects of cyber security, threats and vulnerabilities. Nearly everyone in the large-yacht industry knows of someone who has been the victim of a breach, attack, incident or issue. 

Through my company’s operations, we are involved in some aspect of cyber security daily. We are constantly assessing different types of threats, attack vectors and protection mechanisms, along with the design of networks and their security components. The demands of networks continue to grow as more IoT (Internet of Things) and OoT (Ocean of Things) devices become connected. Risks to networks become more exaggerated through the technological demands and the rapid growth of these devices. 

There is a clear obligation on the part of the network owner/provider, whether shipboard or shoreside, to provide basic network security for their users. However, it is disturbing to see the lack of security on supposedly secure networks. 

We’ve had the opportunity to interact with several networks, both on board ships and at various shoreside maritime facilities. Throughout our work on various networks, we’ve been a part of vulnerability and penetration testing. When it comes to security, most networks are significantly lacking, and many don’t provide the basic security protections for the end user. 

For example, there was a network we were on at a facility while we were working on a problem for a yacht client. Through this marina’s network, we were able to see almost all the other vessels that were using that network, which opens those vessels up to a direct attack. 

This type of vulnerability along with network security failures are unfortunately common – whether it is a public network, marina network or even the network on board a vessel. There are hundreds of large yachts whose critical information, like their global IP addresses and onboard systems, are compromised and out on the open internet. This information can be used to penetrate a vessel’s network, launch an attack and cause major issues.  

There are potential legal liabilities for the owners and operators of networks if basic security protections are not undertaken. Currently existing legislation, in some form or another, addresses a data breach and who is held responsible for that data breach. This legal liability can include the owners and operators of the network infrastructure if that is identified as the point of failure. 

Businesses that own and operate networks for client use need to make sure they have network security designed into that network. If I own a restaurant that serves bad food and people get sick, I am responsible. Similarly, if I provide a service to a client and the failure of that services causes harm to that client, I am liable for that failure – especially if I don’t follow standard industry best practices to try to prevent that failure. That does include the basic network infrastructure security.

So how do you protect your network with some of the basic security best practices? First, make sure your network is designed with security as part of the network infrastructure. It does make it more difficult to complete some tasks, but in the end, it will save you time and money. 

You have enough to worry about as a captain or crew member, so find a trusted outside partner who can work with you on designing your network(s) with security in mind. 

That partner should also be able to monitor your network to look for vulnerabilities and issues in real time. Network design is Step 1, monitoring the network for threats and vulnerabilities is Step 2, and mitigation is Step 3. 

In summary, a yacht, marina or yard is not exempt from liability. You must do everything in your power to provide a secure environment to your users (including guests, crew and employees). 

Corey Ranslem, CEO at International Maritime Security Associates (, has more than 24 years of combined Coast Guard and maritime industry experience. Comments are welcome below.

Related Posts...
Secure@Sea: by Corey D. Ranslem The hurricane season this year Read more...
Secure@Sea: by Corey D. Ranslem Considering the adventurous nature of Read more...
Secure@Sea: by Corey D. Ranslem “What is that annoying buzzing Read more...
Secure@Sea: by Corey Ranslem Our daily underway routine was constant Read more...
Secure@Sea: by Corey Ranslem Theft of materials from a yacht Read more...

Share This Post

Leave a comment

Your email address will not be published. Required fields are marked *

Please answer the question below to leave a comment. * Time limit is exhausted. Please reload CAPTCHA.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Editor’s Picks

From the Bridge: Yachts mix it up with cash, cards, wires, apps

From the Bridge: Yachts mix it up with cash, cards, wires, apps

From the Bridge: by Dorie Cox It’s the same on every boat: Money makes the yacht go ’round. Yet, surprisingly, the way money is …

Next up: Triton Networking with Baglietto

Next up: Triton Networking with Baglietto

Triton Networking is excited to visit the offices of one of our newest advertisers, Italian yacht builder Baglietto, on the third …

Crew’s Mess: Poutine de Poulet

Crew’s Mess: Poutine de Poulet

Crew's Mess: by Capt. John Wampler Oh, November. In the pastoral world of the North, the cord wood has been stacked by the door. Smoke …

Triton Networking with Ronnie’s at UMC

Triton Networking with Ronnie’s at UMC

Just days after the Fort Lauderdale International Boat Show, more than 200 yacht captains, crew and business professionals gathered for …