The Triton

Deck

Secure at Sea: Yachts, yards may be liable for inadequate network security

ADVERTISEMENT

Secure@Sea: by Corey D. Ranslem

Cyber security issues are a dominant part of world headlines on an hourly basis. Attacks continue in almost every industry and location of the world with an internet connection. Initially, I was surprised by the lack of network infrastructure security I saw, but I am no longer surprised – I expect it whenever we look at a vessel or facility’s network. 

Throughout the past year in this column we’ve discussed various aspects of cyber security, threats and vulnerabilities. Nearly everyone in the large-yacht industry knows of someone who has been the victim of a breach, attack, incident or issue. 

Through my company’s operations, we are involved in some aspect of cyber security daily. We are constantly assessing different types of threats, attack vectors and protection mechanisms, along with the design of networks and their security components. The demands of networks continue to grow as more IoT (Internet of Things) and OoT (Ocean of Things) devices become connected. Risks to networks become more exaggerated through the technological demands and the rapid growth of these devices. 

There is a clear obligation on the part of the network owner/provider, whether shipboard or shoreside, to provide basic network security for their users. However, it is disturbing to see the lack of security on supposedly secure networks. 

We’ve had the opportunity to interact with several networks, both on board ships and at various shoreside maritime facilities. Throughout our work on various networks, we’ve been a part of vulnerability and penetration testing. When it comes to security, most networks are significantly lacking, and many don’t provide the basic security protections for the end user. 

For example, there was a network we were on at a facility while we were working on a problem for a yacht client. Through this marina’s network, we were able to see almost all the other vessels that were using that network, which opens those vessels up to a direct attack. 

This type of vulnerability along with network security failures are unfortunately common – whether it is a public network, marina network or even the network on board a vessel. There are hundreds of large yachts whose critical information, like their global IP addresses and onboard systems, are compromised and out on the open internet. This information can be used to penetrate a vessel’s network, launch an attack and cause major issues.  

There are potential legal liabilities for the owners and operators of networks if basic security protections are not undertaken. Currently existing legislation, in some form or another, addresses a data breach and who is held responsible for that data breach. This legal liability can include the owners and operators of the network infrastructure if that is identified as the point of failure. 

Businesses that own and operate networks for client use need to make sure they have network security designed into that network. If I own a restaurant that serves bad food and people get sick, I am responsible. Similarly, if I provide a service to a client and the failure of that services causes harm to that client, I am liable for that failure – especially if I don’t follow standard industry best practices to try to prevent that failure. That does include the basic network infrastructure security.

So how do you protect your network with some of the basic security best practices? First, make sure your network is designed with security as part of the network infrastructure. It does make it more difficult to complete some tasks, but in the end, it will save you time and money. 

You have enough to worry about as a captain or crew member, so find a trusted outside partner who can work with you on designing your network(s) with security in mind. 

That partner should also be able to monitor your network to look for vulnerabilities and issues in real time. Network design is Step 1, monitoring the network for threats and vulnerabilities is Step 2, and mitigation is Step 3. 

In summary, a yacht, marina or yard is not exempt from liability. You must do everything in your power to provide a secure environment to your users (including guests, crew and employees). 

Corey Ranslem, CEO at International Maritime Security Associates (www.imsa.global), has more than 24 years of combined Coast Guard and maritime industry experience. Comments are welcome below.

Related Articles

Secure at Sea: Solid plan can mitigate cyber-security issues

Secure at Sea: Solid plan can mitigate cyber-security issues

Secure@Sea: by Corey D. Ranslem Cyber security for the global maritime industry continues to be a concern that most seem to be ignoring. Over the past few weeks, I have read several news articles …

Secure at Sea: Coronavirus poses security risk to yachts

Secure at Sea: Coronavirus poses security risk to yachts

Secure@Sea: by Corey D. Ranslem It isn’t typical for a security columnist to write about the outbreak of a virus or disease. However, this column is called Secure@Sea, and understanding the …

Secure at Sea: Guide helps set up cyber security plan

Secure at Sea: Guide helps set up cyber security plan

Secure@Sea: by Corey Ranslem Cyber security is a hot topic. It’s  become one of the most dominant and expanding threats to the maritime industry, and it’s increasing at rapid rates. A day …

Secure at Sea: Is your vessel ready for IMO’s Cyber Security compliance?

Secure at Sea: Is your vessel ready for IMO’s Cyber Security compliance?

Secure@Sea: by Corey D. Ranslem Cyber security threats continue to be one of the top threats facing governments, businesses, and private individuals around the globe with attacks increasing …

Secure at Sea: Disaster response calls for extra steps

Secure at Sea: Disaster response calls for extra steps

Secure@Sea: by Corey D. Ranslem The hurricane season this year hasn’t been particularly busy when it comes to the number of storms and systems, however, it has been devastating for the Abacos …

Secure at Sea: As drone risk increases, security plan essential

Secure at Sea: As drone risk increases, security plan essential

Secure@Sea: by Corey D. Ranslem “What is that annoying buzzing sound?” This is something we’ve all experienced at one time or another. You could be outside at a café, at your house, on …

Comments

Leave a comment

Your email address will not be published. Required fields are marked *

Please answer the question below to leave a comment. * Time limit is exhausted. Please reload CAPTCHA.

This site uses Akismet to reduce spam. Learn how your comment data is processed.