When most of us speak of cybersecurity we actually mean cyber risk management.
I recently spoke at the Malta superyacht summit and was joined on the panel by Ian Comish a cyber risk management expert from Riela. Riela is a is headed by Rob Tobin.
In our sector, we can be bombarded with shock value words. I thought Ian’s talk was exceptional given the 20+ talks on Cyber issues I have attended this year. Rather than focus on shock value items such as hackers and drone attacks, Ian simply spoke of some effective cornerstones of risk management. Our team at SYTN worked with Riela to create one of our well-known Blueprints for Cyber Risk Management.
Jack Robinson: Editor in chief
Ian Comish is a Director of Riela Cyber Security Centre and is responsible for the operations and development of our products and services.
Ian brings 20 years’ experience in technology services. Ian specialises in providing technology and management consultancy with experience across various sectors including maritime, aviation, finance, telecoms and government.
Ian has a Master’s Engineering degree in Avionics and specialises operational systems integration and information security.
Superyacht Technology Blueprint: Riela Cyber Security Centre
“…due to hacking activity” and “…lacking basic operational security” are headlines that every owner, Captain and ETO should be afraid of. The technology on-board superyachts can be challenging enough without having to factor in their secure operation and defense against intruders.
The complexity of implementing effective cybersecurity is one reason that other industries are now employing teams of experts to assist rather than relying on already stretched technical personnel.
Riela Cyber Security Centre (Riela CSC) comprises engineers with varying skills from a wide range of backgrounds including the high-technology, finance, online gaming, and telecoms industries. Riela CSC is headquartered on the Isle of Man and is part of the Riela Group of companies. The Riela Group also comprises businesses dedicated to safety and security management, technical, crewing, fiduciary administration and emergency response services to superyachts, their crew and their owners. The Isle of Man has seen the growth of now well-established high-tech online industries, resulting in an impressive cyber ecosystem.
The risk to the superyacht community
There has been significant growth in awareness of cybersecurity issues within the superyacht sector. The Maritime Safety Committee, at its 98th session in June 2017, adopted Resolution MSC.428(98) – Maritime Cyber Risk Management in Safety Management Systems. The resolution encourages administrations to ensure that cyber risks are appropriately addressed in existing safety management systems (as defined in the ISM Code) no later than the first annual verification of the company’s Document of Compliance after 1 January 2021. Regardless of this regulatory requirement, it is increasingly important that owners, captains, and ETOs implement a cyber risk management strategy.
High Net Worth Individuals (HNWIs) are prime targets for cybercrime and the risks of security breaches are higher than ever before. Superyacht owners should consider the risk of unauthorised access to sensitive information which could carry reputational damage; such as leaking private photographs of crew or guests, financial information or the whereabouts of VIPs. Superyachts are particularly vulnerable to cyber attacks as operational and information technologies evolve and are increasingly interconnected.
It’s not all about hackers
The common misconception of cybersecurity is that it’s all about hackers. In reality, cyber security falls into two different camps: malicious and non-malicious.
A malicious attack is a deliberate attempt by an individual or organization to breach another’s information system for some sort of benefit. This benefit could be for many reasons including financial gain, or purely to disrupt operations for “the fun of it”. Malicious threat actors, as they are called, can range from a bored teenager in a far-flung country, to a highly skilled and well paid professional contracted for corporate espionage.
A non-malicious cybersecurity breach is unintentional and is often caused by negligence or by employees unaware that they are compromising the safety of their organisation. Examples include uncoordinated/unapproved software updates by vendors with remote access, employees falling for a phishing scam leading to malware infection, or simply equipment failing due to environmental conditions such as insufficient cooling.
When considering cybersecurity on-board, the scope needs to be widened and all-encompassing; far wider than just securing the IT systems.
The best way to tackle this challenge is through effective cyber risk management.
Cyber risk management
Riela CSC considers three principal cornerstones in cyber risk management. They are:
- Confidentiality – Making sure information is only accessed by people who are authorised to see it.
- Integrity – Making sure that information hasn’t been manipulated.
- Availability – Ensuring systems are available when they are required.
Riela CSC’s typical customer engagement starts with an in-depth risk assessment of the customer’s assets. This involves first discovering those assets (including their owners and stakeholders), identifying vulnerabilities and evaluating the threat landscape. The output is a prioritised list of risks based on severity that can either be accepted, transferred or mitigated; a decision that is entirely up to the customer and which should be based on risk appetite and budget. There is no such position as 100% secure, but a customer can put as much effort as they like trying to achieve that position.
Risk mitigation is where Riela CSC’s SOC (Security Operations Centre) team step in. The SOC has a plethora of risk mitigation solutions, ranging from simple paper-based policies and procedures, to user training, to utilising cutting edge software solutions, including:
- Managed Endpoint Protection with monitoring and alerting
- Advanced email security including malware and phishing filtering
- Proactive (or reactive) monitoring of systems and infrastructure
- System hardening and implementation of vendors’ best practice
- Vulnerability scanning and penetration testing
- Real-time alerting when Incidents are identified
- Incident response support
- Drone protection systems
- Bug sweeping
- System logging and auditing
- User Behaviour Analytics
- Managed perimeter security
- Intrusion Prevention Systems
Riela Cyber Security Centre: Where are we heading?
Riela CSC’s focus is constantly on effective risk management and helping customers mitigate those risks. Therefore, the future roadmap for the company is heavily focused around adopting, and defining, best practice.
Cyber security requires continuous improvement. Firstly, it is practically very difficult to mitigate every risk on day one (prioritisation is key); more importantly, threats and vulnerabilities change over time, attackers become more capable, and new systems or software versions introduce new vulnerabilities.
Focus on Behaviour Analytics
Riela CSC currently sees the evolution of cyber defense systems focused on behavior analytics. Statistical analysis of the observed patterns of human and system behavior can be used to detect anomalies that indicate potential threats. Why is a certain person logging in at an unusual time? Why is a user who normally sends ten emails a day now sending thousands? Which countries are the emails going to and why has the mail server started sending large amounts of information to a particular country? Why are the DNS servers querying obscure addresses? This describes a proactive approach instead of the typically reactive one; something that even the best firewalls struggle to achieve.
24/7 Incident Response
Riela CSC’s monitoring systems produce alerts to customers real-time, 24×7. The SOC will soon extend the Incident Response service from normal business hours to 24×7 so that customers will always have a security expert on-hand no matter what time of day they are needed.
Understanding Cyber Security Risks
Riela CSC addresses a gap in the market by helping customers understand what cyber risk management in superyachting entails for administrators, Captains, ETOs and HNWIs. The Company’s philosophy is to provide defense in depth and in breadth. The company understands that placing complete reliance upon one method of defense is simply not enough.
There is truth in the frequently stated fact that the marine industry lags well behind in terms of cybersecurity. It is imperative that the industry addresses these weaknesses to protect itself today and into the future as our reliance upon technology increases.
Riela CSC has deep knowledge of the superyacht market and understanding of its unique nature. The company’s plans for the future put the security of their customers at the front and center of everything they do.