Josep Estevez

OmniAccess Cyber Security Director

How many years of experience do you have?
Over 13 years.

Why is Cyber Security so important for yachts?

It is well known that superyachts are at the cutting edge of technology and users typically have access to a wide range of the latest devices and apps on board. In addition to this, there is a continuous drive for vessels to offer the best onboard experience for their owners and guests through constant firmware upgrades and by connecting to different networks as these become available. By increasing the use of technology and activity on the web, you also increase the attack surface area that is open to possible cyber intrusions.

My team and I are here to analyse and identify possible vulnerabilities, in order to implement a range of processes that reduce the potential risk. The installation of systems to detect and deter intrusions, as well as providing regular reports, gives vessels the visibility they need to proactively manage their exposure to cyber risks.

How easy is it for a hacker to gain access to a superyacht?

Where there is a will there is a way, so it really does come down to the individual preparedness and cyber security maturity on each vessel. You must take into consideration a range of variables such as the level of knowledge and training of those onboard, the devices or networks being targeted and ultimately who is responsible in managing and maintaining the overall onboard Cyber Security policy.

What are the impacts of a cybersecurity hack?

Cybersecurity hacks come in a wide range of shapes and sizes. With differing intentions some may try to gain access to specific private info, create data leaks or business interruptions or use ransomware attacks to restrict access until a payment is made.

If the hack has consequences on third parties, and it is ultimately proven that it resulted from the vessels negligence in terms of a lack of cyber security controls and governance, it may even result in fines and liabilities (GDPR, IMO…).
 

What kind of attacks have you seen whilst working as a Cyber Security expert?

I have seen many types of attacks during my professional career, constantly evolving and finding new and innovative ways to gain access, to scam users or steal sensitive data. The preparedness for cyber-threats is just as important as the means to deal with an existing attack. It is important for vessels to be cyber-prepared with simple steps like segmenting networks, having a password policy in place, doing routine system backups and ways to visibly observe who is accessing your systems. We have a saying in Spain that goes “más vale prevenir que curar” which basically means it is better to prevent something from occurring than dealing with the consequences should it occur, and the same goes for cybersecurity on superyachts. It is an activity that never ends, technology is always evolving, and cyber criminals are increasingly leveraging advanced tools as part of their cyberattacks.

Do you have any example of maritime hacks?

The most famous one that comes to mind is the NotPetya ransomware cyber-attack that occurred back in June 2017 and took out the entire Maersk network infrastructure. Within several minutes the entire Danish shipping and logistics operations came to a stand-still. In a very lucky twist of fate a power cut in Nigeria´s capital meant the malware was not able to spread to their Lagos office Active Directory backup as it was offline. In the end I believe they reported losses to the tune of $300 million.

Such a ransomware attack could easily be imagined for a charter on a Superyacht by which, until the ransom is paid, the vessel is not fully operational.

What techniques are used to protect the boats from hacks?

Here at Omniaccess we have a holistic approach to vessel/superyacht cybersecurity, providing a range of services from risk assessments, 24/7 detection services, patches… all the way through to reporting and training.

 

  • Perimeter security to prevent vessels from external threats.
  • Managed endpoint security to protect all vessel devices (laptops, servers..).
  • Our Security Operations Centre (SOC) 24/7 provides monitoring and alerting to detect and react in case of a malicious activity.
  • We also conduct risk assessments to identify weaknesses and propose actions to address them.
  • We carry out technical audits using the tools and methodologies that a hacker uses to gain access to your systems.
  • We provide training for technical and non-technical users, showing tips to avoid most common scams.
  • Other services are OSINT (Open Source Intelligence): we analyse of the vessels’ information available on public repositories (Google… that is used for cyber criminals to prepare their attacks.
  • Vulnerability scanning.

What kind of information can be hacked?

Basically, all information that is either stored, processed or transmitted through the vessel network and connected devices, i.e.. personal information, operation data, vessel location…

Cybersecurity services is a new service line for OmniAccess, what sets you apart from the rest of the competition?

Yes, it is true that Cybersecurity Services is a new offering from OmniAccess, however the team we have selected brings together a vast amount of experience and expertise, together with the corresponding qualifications, to be able to provide an un-paralleled level of support and responsiveness to meet the high expectations of our very specific market.

Being cybersecurity partners for some of the top superyachts in the world gives us a unique overview of the kind of attacks these vessels are subject to and allows us to apply policies to mitigate these attacks before they may propagate amongst similar yachts around the world.

Further to this, our unique position as VSAT, 4G/5G and Wimax connectivity providers combined with our cybersecurity expertise allows us to provide a multi-layer security service. The full protection of the access network (satellite link), the perimeter (firewall) and the onboard network (endpoints) ensures a truly end-to-end security service.

For further information please visit our Cyber Security page.