Last year, an updated set of guidelines were published by the International Maritime Organisation (IMO) for cybersecurity onboard vessels. Previous guidelines were less descriptive than the updated version, which includes real-life examples of how systems onboard vessels have been breached. This offers ETOs/AV-IT Officers an important insight into just how critical cybersecurity systems onboard superyachts are in today’s increasingly connected environment. The reliance of superyachts on digitisation creates a higher level of cybersecurity risk which calls for dedicated risk management of the networks and systems onboard. Superyachts are hot targets for cybercriminals that will go to extreme lengths to permeate the networks on-board.
Knowledge is Power
Awareness of the impact that cybercrime can have upon a vessel and its High Net Worth guests is not as well recognised as you might think. The guidelines published might be second nature to the team at Riela Cyber Security Centre (CSC), that gained their skills from corporate, telco and data centre backgrounds, but many of these will be new to the superyacht IT community. However, these guidelines can help the technical crew to understand how it is possible to identify, prioritise and mitigate existing threats on their vessels using technical mitigation techniques, such as Intrusion Prevention Systems (IPS), network segmentation and monitoring data activity with SIEM tools. It’s important that detected events are acted upon.
One of the challenges of implementing the recommended controls in the new guidelines is finding the technical solutions to deal with the breadth of requirements; installing them and then operating them. These technologies require specialist skills, and even in our dedicated team of cybersecurity engineers, a single person doesn’t have the expertise to run everything.
Take Action on Cyber Threats
Riela CSC has focused on building a team of experts so that superyacht owners, their captains and crew can be compliant with the upcoming requirements. Whilst it is unrealistic to expect ETOs and AV-IT Officers to be trained up to tackle the work involved in creating a secure environment, a sound, general understanding of cybersecurity risks and how to mitigate them is becoming essential in today’s connected environment.
By entrusting the Riela CSC team with cybersecurity, the crew can maintain control of their networks without the distraction of the complex and often mundane aspects of security, allowing them to focus on aspects of their jobs that deliver value. Riela CSC’s Security Operations Centre (SOC) is manned with trained specialists who are dedicated to monitoring and reacting to alerts bringing peace of mind to the busy crew, in addition to any advisory work such as technical vulnerability scanning.
User Behaviour Analytics
The role of User Behaviour Analytics (UBA) is becoming increasingly important in the world of cybersecurity. UBA involves collecting, correlating and analysing user activities using advanced monitoring systems. UBA provides early insights into problems before they manifest into a significant event. At Riela, we utilise the Splunk platform for Security Information and Event Management (SIEM). Splunk’s analytics-driven SIEM goes beyond simple information and event management to tackle real-time security monitoring, advanced threat detection, forensics and incident management. An analytics-driven SIEM enables users to build a stronger security posture and improve cross-department collaboration.
Riela CSC also employs industry-leading next-generation firewalls with a centralised alerting and management station. This facility provides a suite of network security and traffic management products, deployed either on purpose-built platforms or as a software solution. The centralised platform enables the capability to quickly and efficiently investigate and tackle malware outbreaks and observe trends across similar target customers.
It is essential that yacht owners and operators take a proactive approach when it comes to cybersecurity. It is their responsibility to have a strategy in place to prevent or mitigate a breach of their security which could affect the safe operation of their vessel. The reality is that superyacht technical staff are challenged and stretched. To add cybersecurity to the list of priorities would take them away from other important duties. Riela CSC delivers the peace of mind and knowledge that this critical aspect of yacht management is taken care of. The consideration of a vessel’s cybersecurity posture is more important than ever before. The team at Riela CSC has the knowledge and experience to help you mitigate your risks – before they become an embarrassing and expensive problem.
Read this article in the Superyacht Technology News Winter Blueprint here and many more technology articles.