maritime cyber risk

​Vessels are usually managed from one central management system that controls the navigation, engine management, entertainment system, lighting, air conditioning and what’s most worrying is that it can also be wirelessly controlled from iPads and other devices.

In a ship there are connections to several external networks. 

Within a ship, there are several internal networks that are interconnected in various ways. 

In addition, there are several types of endpoints (crew and guests) connected to the Internet. 

This complexity creates holes and vulnerabilities that can be exploited by hackers.  

The attack surface is large because the security of IT and OT devices are usually not handled properly in a vessel.

A ship can be connected in two ways: with terrestrial or satellite communication systems. 

Communication systems used are depending on the operations use case: operations close to shoreline, port area operations, deep sea operations. 

Terrestrial communication systems are mostly based on mobile connectivity. 

Users (crew and guests) can act as communication bridge with their laptops, smartphones and tablets opening breaches to cyber attacks. 

Potential threats are:
- Access to the navigation system (cyber-kinetic attacks)
- Access to entertainment systems
- Access to private information and data

Potential impacts are:
- Guests, crew and yacht safety (cyber-kinetic attacks)
- Guests and crew privacy
- Environmental damage (cyber-kinetic attacks)
- Reputation

​iqons ​has developed the methodology YCAP (Yacht Cyber ​​Attack Prevention) ​to identify on-board IT & OT assets, their threats and vulnerabilities, and to perform a cyber risk assessment completed by active and passive cyber tests in order to build-up a valuable remediation plan.