“Tell me, if your shipyard had suffered a cyber-attack, whom would you have told?”
“As few people as possible.”
This is part of a conversation we at CSS Platinum had with an Italian shipyard owner following our contribution to the Superyacht Cyber Security panel session at the Boat International Superyacht Design Festival in Cortina d’Ampezzo, in February 2020.
“Are cybercriminals really targeting us?” he continued. “Could they actually do all the things you just described?” he asked. “The thing is, I am just not hearing about these attacks occurring.”
“A fair question,” we responded, before asking:
“Tell me, if your shipyard had suffered a cyber-attack, whom would you have told?”
“As few people as possible,” he responded instantly.
Herein lie the reality and the problem. In an industry as competitive as ours where multi-million-dollar transactions decisions are made on relationships and trust, cyber-attacks do not get reported for fear of damage to a company’s reputation.
The difficulty is that because attacks are not being reported, those yet to experience the embarrassment, pain, distress, worry and damage of a cyber-attack do not perceive it a problem.
Right now, the yachting industry is being actively targeted by numerous highly sophisticated criminal networks across the globe
Superyachts, their owners and associated stakeholders will be the subject of “target packs.” These are detailed digital dossiers compiled on them by criminal groups who are constantly gathering information for multiple sources and turning it into intelligence ready for a mature attack (payday) opportunity to present itself.
These are not tin-pot opportunists; these are well-financed, highly organised criminal businesses with business plans, budgets and resources available.
Public availability information on superyacht cyber-attacks is few and far between. Remember, this does not mean they are not happening:
Denison Yachting cyber attack: https://www.superyachtnews.com/technology/bob-denison-on-the-recent-cyber-attack
Maersk NotPetya cyber attack: Not superyachts, but an example of what can happen to any vessel and associate shore functions: https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/
Unfortunately, cybercrime and security is here to stay and is no longer something to be ignored. Technology and artificial intelligence continue to evolve at an alarming rate and shows no signs of slowing down. This evolution coupled with the reduction in component prices and the prospect of greater connectivity and data transfer rates promised by 5G & 6G technology will result in more “things” becoming “smart”, digital and automated and joining the realm of the Internet of Things.
Smart things require connectivity to a network to enable them to be controlled remotely by devices. Any network connection presents an access point for a cyber-attack.
Across the globe, doors and windows of homes are locked and secured each night to provide security and prevent uninvited criminal intruders. We are at the beginning of an age where this same approach to security must be the standard for your digital environment.
In our next blog post, we will explain why cybercriminals target superyachts. In the meantime, if you are seeking to develop your maritime cyber risk management understanding or find out further information on CSS Platinum and the services we provide, please visit https://cssplatinum.com and/or email [email protected].
Michael Wills is co-founder and chief data officer for CSS Platinum.