View from the bridge: Cybersecurity and the threat to superyachts. Are we doing enough?


Pictured above is the tranquil scene viewed from my home on the banks of the River Clyde, writes captain Iain Flockhart. Just beyond the ship’s bow is Faslane Nuclear Submarine Base; home to the fleet that carries the UK’s nuclear weapons. Below the lower hills pictured lie all of the UK’s nuclear weapons, some 215 warheads. So, what does this have to do with the world of superyachts?

In June 2017, The British American Security Information Council published a report called ‘Hacking UK Trident, a growing threat’. It makes for sobering reading.

When I read this report I was shocked that these missiles on my doorstep, could potentially be so vulnerable to malicious infiltration – with truly apocalyptic consequences.

How vulnerable then are our own onboard systems on superyachts? Most, if not all, luxury yacht systems are not subject to anything like as stringent security measures as one would expect to have protecting the nuclear doomsday devices and their host vessels.

The ramifications of a cyberattack on a superyacht are clearly not going to be as apocalyptic as those of some deranged radical hacking into the Trident missile system. But they could be no less catastrophic to an owner should he or she find that malicious activity has led to their bank account being violated.

No less catastrophic to an owner

As vessels, and the world in general, have become so much more connected and ever more reliant on this global connectivity to conduct daily business, the opportunities for “cyber geek ne’er do wells” to capitalise on the possibility of rich pickings increases.

Potential consequences are very far reaching and range from mere inconveniences such as viruses that may interfere with the entertainment systems onboard to those that will render the actual manoeuvring of the vessel impossible, as has happened on some commercial vessels recently.

Imagine a hacker following exactly where you are on an Automatic Identification System (AIS) or tracking your movements through your own Electronic Chart Display and Information System (ECDIS). Imagine the consequences if a yacht’s navigation systems were hijacked in a narrow channel, such as the one pictured above, steering the vessel aground. Before anyone even knows what’s happening, it would be too late.

Other threats to consider from basic hacking are the theft of personal data, which since General Data Protection Regulation (GDPR) kicked in last year is now something that we all need to think seriously about. All personal date of crew and guests onboard has to be properly protected.

As information ‘clouds’[ grow ever larger and spread over more of the globe, much data that was historically considered safer onboard is now vulnerable to infiltration now that vessels are permanently connected to the outside world

Just last week I managed to resolve a long standing issue on my Mac computer that despite robust and daily up-to-date anti-virus software managed to penetrate my system. This resulted in a bit of malware taking control of the communications ports on my laptop and deciding if and when it would grant access to them. It was resolved after hours of help from Apple over several days and a free bit of anti-malware software.

This minor incident caused me a great deal of inconvenience and much time wasted trying to resolve it. That was despite believing I was reasonably secure after taking measures to protect my system. There is also the problem that for most of us it is impossible to see what damage has been done and how far reaching it may be.

Destruction of data is another potential hazard

Malicious destruction of data is another potential hazard. This one is at least easy to put right if you suffer such data losses by having a highly regimented back up procedure that is religiously carried out daily or even more frequently. This is a no brainer and is easy and cheap to implement using non-networked drives for local back up.

You can never be too careful and need to be very pro-active in making sure your systems are as secure as they possible can be. A rudimentary virus or bit of malware can easily cause havoc as soon as it starts running around your Local Area Network (LAN) and beyond.

These are potentially serious threats. They need to be given due consideration to help manage the risks and protect not only an owner’s assets but also mitigate such issues as inadvertent GDPR infringements through external infiltration.

The superyachting sector is undoubtedly not doing enough to protect its vessels and those who use them and work on them from these increasing risks. It’s a fast- moving problem and it needs up-to-the-minute solutions.

About the author

Iain Flockhart is a highly-experienced yacht captain with more than 250,000 nautical miles in the role of professional captain since 1996. He grew up on sailing vessels but chooses now to work on motor yachts. He enjoys simple pleasures such as using his seven-metre RIB to go exploring and wild camping in his native Scotland. Iain is currently looking for new opportunities to command a superyacht. Contact him at [email protected]

Superyachts need 21st century cyberprotection.

Image: courtesy of Google and Maxtar Technologies.

Subscribe to our free newsletter

For more opinions from Superyacht Investor, subscribe to our email newsletter.

Subscribe here