Boat International: MYS Cyber Review

Priavo 360 Maritime Security, featured on Boat International after attending the Monaco Yacht Show 2019.

‘360 Maritime Security Team runs Cyber Testing at Monaco Yacht Show 2019’

“360 Maritime Security Team, whilst manning the stands and advising clients, have also been running some basic passive tests to gain a high-level view of the quality of security controls implemented on the various yachts and the show itself. The tests were split into 2 sections:

  1. Review of the Wi-Fi and visible security systems protecting owners, crew, guest and automation, designed to highlight whether there are any obvious flaws that would allow unauthorised access.
  2. A fake, devotion system was deployed to the show Wi-Fi with enhanced monitoring of security activity, this was designed to highlight if anyone else is running any security reconnaissance and attempting to hack systems at the show.

The summary findings were presented at the 360 Maritime Security Team stand QR12 on Friday at 16.00 and Saturday at 14.00.”

(Boat International, 27 September 2019)

Our 360 Maritime Security Cyber team conducted basic passive tests to gain a high-level view of the quality of WI-FI security controls implemented on yachts, as well as a review of the security posture of the show itself. Owners, Captains, Crew and Management were invited to our live hacking demonstration at the MYS2019, which demonstrated how quickly we could gain complete uncontrolled access to multiple types of wireless, control and CCTV networks on various yachts.

Using practical examples our Cyber team explained the best methods for reviewing and securing existing networks onboard, demonstrating the ease of use and immediate benefit of our decoy and deception system. By luring attackers to connect to a fake deception system, it acts as an early warning system of a cyber-attack. Technology improvements can often take several months to implement on a vessel due to the approval and testing process. A deception system gets around this delay because there are no changes to the existing systems whilst giving you an immediate level of visibility and an indication of a positive breach.

The team did not carry out any intrusive or in-depth testing as we would do under a formal penetration testing engagement. However by passively monitoring the airwaves we were able to gain information about the security controls onboard. Whilst wireless is only a small component of a yacht’s security, it can be visible to people nearby: potential attackers will be attracted to vessels that appear ‘less secured’ than others.

Boat International’s full article can be viewed here. For a summary of our Maritime Cyber Wi-Fi Assessment click here.