Superyacht Cyber Security

Introduction

The primary mission for cyber security on a superyacht is ensuring that the guest experience is transparently fulfilled. Our experience in providing cyber security to superyachts has demonstarted to us that one size doesn't fit all and we have had to learn through trial and error which cyber security technologies, which work well on a terrestrial deployment, don't work for maritime.

CND also supply preformed packages of cyber security services, according to the size of ship, risk, or budget. (Bronze, Silver and Gold) each crafted to meet the IMO 5 elements of Cyber Risk Management for both Information Technology (IT) and Operational Technology (OT). Our Platinum package is designed for fleets of ships, where resources are shared across the fleet to save money and provide correlated cyber security situational awareness.

From the 1st of January 2021, cyber security will come under the remit of the International Safety Management System (ISM) Code, supported by the IMO Resolution MSC.428(98), requiring ship owners and managers to assess cyber risk and implement relevant measures.

Cyber Security Service Offerings

As a client you can engage CND to supply individual services, they are entirely modular and can be bespoked to your exact needs. Many clients prefer to opt for a packaged solution, these packages have been developed to suit numerous scenarios, sizes of vessel, risk apetites and budgets. 

If you have an IT Managed Service Provider (MSP), our work is complementary to theirs, we will work closely with them forming a symbiotic relationship. Our passion is for cyber security not system administration.

Some of the services from our Security Operations Centres on the Isle of Man and the UK includes:

Click Here For a Selection of CND Cyber Security Superyacht Services
  • Cyber Risk Assessment - This is an interactive workshop during which, in just over half a day, our experts will discuss 100s of cyber security controls and recommend priority actions to you.
  • Operational Technology - Ensuring that the yacht operational technologies aren't interfered with by a cyber threat.
  • Policy Enforcement - Ensuring that the crew adhere to their Acceptable Use policies which will need to vary between when they are working and for the rare events when they are relaxing (welfare).
  • Confidentiality - Ensuring that guests are afforded a level of cyber protection should they require it, whilst maintaining complete confidentiality for their online activities.
  • Open-Source Intelligence (OSInt) Monitoring – Our OSInt Team will run constant searches across the Internet looking for references to the yacht which could be confidentiality breaches, such as internal yacht images, close-up drone footage, yacht ownership, guest identification, etc.
  • Internal Vulnerability assessment - Larger yachts will have 1,000s of network devices onboard, our tools will discover, identify and report on these assets and their vulnerabilities.
  • External Vulnerability assessment - The yacht's network visibility will be regularly checked from the Internet using the same tools and techniques as a hacker, any discovered vulnerabilities will be reported, with recommendations about what could be done to mitigate them.
  • Penetration Testing - Our team of specialists will attempt to penetrate the yacht from the Internet using the same tools and techniques as hackers 
  • Firewall installation, management and monitoring - Next Generation Firewalls can be installed, managed and monitored with the latest Intrusion Prevention Systems and Advanced Malware Protection, affording an exceptional level of defence against cyber threats.
  • Our Managed Phishing Assessment service, which will send bespoke emails to the crew to gauge whether a phishing attack would be successful; this service includes training when required.
  • Bespoke operational cyber security training – This is available for crew and covers the standard Internet threats and includes training for working in high-risk environments and with VIPs.
  • Creation of a bespoke Ship Cyber Security Plan.

CND Superyacht Cyber Security Packages

Bronze Superyacht Cyber Package

Low Risk and/or Low Budget

This package is designed primarily for smaller ships, providing an affordable package of cyber security measures which can be implemented remotely and with minimal crew involvement and disruption to the ship. For larger ships, due to the ease and speed of deployment, this is often implemented mid-season as an interim step, prior to progressing through to the Silver or Gold packages.

Silver Superyacht Cyber Package

Medium Risk Ships

Building yet further upon the features of the Bronze Package, the Silver Cyber Security Package focusses on hardening the boundary between the ship and the Internet. Introducing a virtual sensor installed into the heart of the ship, it provides far greater visibility of cyber threats and protection for the ship. Our security architects will review the network design making recommendations where necessary and install/manage Next Generation firewalls if required.

Gold Superyacht Cyber Package

High Risk Superyachts

The Gold Package extends the Silver protection from the boundary and provides defence in depth into the heart of the network, right down to the servers and endpoints (desktops & laptops), hardening the centre to greatly reduce the risk of compromise and lateral movement. Based upon our superyacht experience, several further cyber security technologies, managed services and security policies are included to provide an unsurpassed level of cyber security.

Platinum Fleet Cyber Package

Where an owner or management company has more than one ship secured by CND the overarching Platinum package may prove to be more appealling as we are able to share resources across the fleet, thereby greatly reducing the cost when compared to purchasing standalone cyber security packages for each ship. 

Blue Cyber Package

This is our budget cyber security offering, which through the use of our onboard sensor, provides 24x7 Cyber Alarm escalation from our Cyber Security Operations Centre located in the Isle of Man. Where our team of analysts are on hand to help you respond to any incidents.

Our Superyacht Experience

Since 2004, CND has been delivering maritime cyber security capability to naval forces, including the European Union Naval Force and the British Royal Navy. This maritime experience combined with the provision of cyber security to businesses and high net worth individuals, creates a "sweet spot" for securing superyachts. 

Providing cyber security to the superyacht industry has resulted in the rapid adoption of some interesting working practises and communication protocols, not to mention operational priorities when compared to cyber security in the wider maritime industry and beyond.

Our team of cyber security specialists have had to rapidly develop the skills necessary to secure superyachts the hard way and have had to take full advantage of our agility and experience in securing every other industry from spacecraft to maritime and from renewable energy plants to banks. 

Many of our cyber security services and technologies have been tweaked and adjusted to satisfy the needs of the superyacht industry, our superyacht experience coupled with our foundation in cyber security has proved invaluable in securiing some of the largest superyachts in the world.

Superyachts bring with them the usual threat of remote attack experienced by any other Internet connected vessel. However, they also have some other interesting soft spots which must be secured, not least of which are the high net worth clients and owners who they carry on board.

We provide superyacht owners, management companies, IT managed service providers and crew with a variety of services, some are bespoke to superyachts and others have been adapted from our land based services. Don't forget to download our superyacht brochure which also includes some of our bespoke services.

Find Out More

© Computer Network Defence Limited 2021