Illness can spoil a sailing holiday – but now we also have to worry about computers getting sick. Yachts, and those of us who operate them, increasingly rely on digital technologies. When these are infected by a virus or suffer a cyber attack, we can expect a bumpy ride.
Cyber risks are a universal and daily part of life. We are at risk every time we connect to the internet – at home, in the office, and via a marina's WiFi or an onboard satellite connection. We have seen the devastation caused by recent cyber attacks on major organisations based on dry land. An attack on a yacht's vital, vulnerable onboard systems can have immediate and dangerous consequences for safety and data security.
The most common type of cyber attack is an "opportunistic" attack from malware – such as a virus – that spreads across the internet via email or other connections to infected systems. The purpose is to exploit the vulnerabilities of as many systems as possible, either to profit financially or to obtain access rights like passwords. The cause may be as trivial as someone using a default password, or clicking on an unsafe email or website. Unsecured WiFi networks also allow criminals to "sniff" data being transmitted across the network. Onboard systems that are not adequately protected may be damaged or blocked.
Less common but more serious, "targeted" attacks focus on specific systems and may cause severe financial damage by stealing valuable information. A targeted attack may follow an opportunistic one, especially if a password is stolen or the first attack is not detected. The attackers invest time and effort learning how the system works, so they usually know what they want to steal and hope to get a good return on their "investment".
Even with technically well-protected systems, a simple human action can open the door to the attacker. Personal data, such as names, dates of birth, membership of organisations or interests, can be used to design targeted attacks. For example, an email can be customised to entice the recipient to click on a link or open an attachment that contains malware. Once the malicious software has entered the network, it can penetrate deep into the yacht's systems and access valuable information.
At RINA we greatly encourage awareness of cyber risks and are developing a security lifecycle management process to help safeguard a yacht's vital systems and data. The process is based on the "security by design" paradigm, which ensures security is built into devices, networks and systems from the beginning and maintained throughout their lifecycle. Designed and carried out by interdisciplinary RINA teams, it integrates business analytics, information security management systems, security system engineering, human factors and training.