Blog: Maritime Cyber Security
Hacking Superyachts. Advice for integrators
I’ve written previously how superyachts are the homes, the offices, the play areas for their owners and how captains need to consider so many more risks than they used to. However, a common theme is you the integrator. Your job is to put all the owners toys and all the captains tools together in a safe and secure way, so what are the risks you carry and how do you need to configure it to be most secure?
Owner and captain expectations
Yachts are homes, offices, industrial control systems and vehicles for owners and captains. It’s unlikely that the captain or owner is going to technical and know exactly how to implement things securely. In their eyes that is your job. They will expect you to provide always on internet, fast wireless, connected audio, voip, sat com, ECDIS and it all to just work anywhere in the world with no issues. So how do you manage that when you are not on-ship, but sat in your office on land?
Connected 24/7
Superyacht owners want high speed always on internet and are willing to pay for it. This means using Satcom and 3/4G repeaters constantly connected. There are numerous instances of these devices live and unsecured on Shodan. We have shown how easily these can be compromised over satellite links, not only eating in to bandwidth but potentially impacting the ability for the captain to navigate effectively. Yet still they are needed. Have you checked what exposure the systems you have implemented have?
This is further exacerbated by the lack of good passwords, it is common for default passwords to remain in place in production systems, in the rush to get the service up and running inevitably corners get cut and sometimes passwords get left as the default making it trivially easy for attackers to compromise the technology on board. Can you be confident you have changed all of the passwords you are responsible for?
Support issues
An obvious question is one of support, how do you support a yacht in the middle of the ocean? Apart from the very largest of yachts, it’s unlikely you will have a centralised support system centrally managed and so you will be reliant on the captain performing actions on your behalf or waiting until the yacht reaches land. This is fine if the issue is not a security issue and the yacht is not connected 24/7, but we know that is not the case. So how do you perform security fixes and upgrades for critical issues?
When considering the longevity of yachts, the technology on them is unlikely to be replaced for a number of years. Captains want reliability, they want things to work as they always have, but that can affect security. We have lost count of the times we find issues in networking devices, only to be told they are “out of support” and so the issues won’t be fixed. How long do you expect your kit to stay on a yacht for?
Complex networking
There are a multitude of dispirate systems on yachts and your job is to network them all safely and securely. The captain needs NMEA serial connections running over IP from the GPS antenna to be shown on the ECDIS, the Satcom needs to talk to the client WiFi and the AIS, the VOIP needs to use the satcom and the connected IoT devices the owner uses need always on internet. Yet they all need to be segregated so that client devices can’t impact safety critical systems. Your rack will use firewalls and VLAN to do this. How sure are you that your VLAN has been configured correctly, we perform loads of firewall and switch config reviews annually and in most cases find gaping holes in the configuration. Firewalls left with any/any rules allowing exposure of critical systems. When was the last time you reviewed the firewall rules?
Updates, what updates…
As with everything systems need updating, satcom systems are commonly overlooked, we have found ECDIS running ancient versions of Windows, firewalls with vulnerable versions and missing updates to connected systems. The challenge is getting update windows, the captains and owners might not dock for months on end, when they do, the maintenance windows might be very short. So how do you manage the updates? Have you implemented a risk mitigation strategy to reduce the risk between maintenance windows?
Tactical advice
- Test that connectivity is limited from the public internet
- Validate after installation that all segregation rules on your firewalls are effective and don’t allow attackers in
- Provide time to validate the security of new installations before handback to the designers/owners
- Mandate maintenance windows in support contracts and define a plan for remote maintenance
- Change default passwords on systems
Related posts: