The Triton


Secure at Sea: Yachts, yards may be liable for inadequate network security


Secure@Sea: by Corey D. Ranslem

Cyber security issues are a dominant part of world headlines on an hourly basis. Attacks continue in almost every industry and location of the world with an internet connection. Initially, I was surprised by the lack of network infrastructure security I saw, but I am no longer surprised – I expect it whenever we look at a vessel or facility’s network. 

Throughout the past year in this column we’ve discussed various aspects of cyber security, threats and vulnerabilities. Nearly everyone in the large-yacht industry knows of someone who has been the victim of a breach, attack, incident or issue. 

Through my company’s operations, we are involved in some aspect of cyber security daily. We are constantly assessing different types of threats, attack vectors and protection mechanisms, along with the design of networks and their security components. The demands of networks continue to grow as more IoT (Internet of Things) and OoT (Ocean of Things) devices become connected. Risks to networks become more exaggerated through the technological demands and the rapid growth of these devices. 

There is a clear obligation on the part of the network owner/provider, whether shipboard or shoreside, to provide basic network security for their users. However, it is disturbing to see the lack of security on supposedly secure networks. 

We’ve had the opportunity to interact with several networks, both on board ships and at various shoreside maritime facilities. Throughout our work on various networks, we’ve been a part of vulnerability and penetration testing. When it comes to security, most networks are significantly lacking, and many don’t provide the basic security protections for the end user. 

For example, there was a network we were on at a facility while we were working on a problem for a yacht client. Through this marina’s network, we were able to see almost all the other vessels that were using that network, which opens those vessels up to a direct attack. 

This type of vulnerability along with network security failures are unfortunately common – whether it is a public network, marina network or even the network on board a vessel. There are hundreds of large yachts whose critical information, like their global IP addresses and onboard systems, are compromised and out on the open internet. This information can be used to penetrate a vessel’s network, launch an attack and cause major issues.  

There are potential legal liabilities for the owners and operators of networks if basic security protections are not undertaken. Currently existing legislation, in some form or another, addresses a data breach and who is held responsible for that data breach. This legal liability can include the owners and operators of the network infrastructure if that is identified as the point of failure. 

Businesses that own and operate networks for client use need to make sure they have network security designed into that network. If I own a restaurant that serves bad food and people get sick, I am responsible. Similarly, if I provide a service to a client and the failure of that services causes harm to that client, I am liable for that failure – especially if I don’t follow standard industry best practices to try to prevent that failure. That does include the basic network infrastructure security.

So how do you protect your network with some of the basic security best practices? First, make sure your network is designed with security as part of the network infrastructure. It does make it more difficult to complete some tasks, but in the end, it will save you time and money. 

You have enough to worry about as a captain or crew member, so find a trusted outside partner who can work with you on designing your network(s) with security in mind. 

That partner should also be able to monitor your network to look for vulnerabilities and issues in real time. Network design is Step 1, monitoring the network for threats and vulnerabilities is Step 2, and mitigation is Step 3. 

In summary, a yacht, marina or yard is not exempt from liability. You must do everything in your power to provide a secure environment to your users (including guests, crew and employees). 

Corey Ranslem, CEO at International Maritime Security Associates (, has more than 24 years of combined Coast Guard and maritime industry experience. Comments are welcome below.

Share This Post

Leave a comment

Your email address will not be published. Required fields are marked *

Please answer the question below to leave a comment. * Time limit is exhausted. Please reload CAPTCHA.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Editor’s Picks

Crew use COVID downtime to make a difference

Crew use COVID downtime to make a difference

By Lucy Chabot Reed Yacht crew all over the world have found interesting and creative ways to make a difference during the COVID-19 …

Owner’s View: Not the recommended procedure for captain, crew career in yachting

Owner’s View: Not the recommended procedure for captain, crew career in yachting

Owner’s View: by Melvyn Miller Decades ago, I was berthed in Cape May, New Jersey, next to a flush-deck motoryacht run by a mature …

FLIBS19: Show’s economic impact jumps 50 percent

FLIBS19: Show’s economic impact jumps 50 percent

The 60th annual Fort Lauderdale International Boat Show, held Oct. 30-Nov. 3, 2019, generated $1.3 billion in economic impact in the state …

Yacht bosun chooses to think like an owner, not spend like one

Yacht bosun chooses to think like an owner, not spend like one

By Bosun Alex Kempin I know, yet another article about personal finance and someone telling you to do something you will never do. I …