360 Maritime Security
Our 360 Maritime Security Cyber team conducted passive tests to gain a high-level view of the quality of WI-FI security controls implemented on yachts at the Monaco Yacht Show 2019. Owners, Captains, Crew and Management were invited to our live hacking demonstration, which detailed how quickly we could gain complete uncontrolled access to multiple types of wireless, control and CCTV networks on various yachts. Download the full MYS19 Cyber Review below.
Passive Cyber Testing
Our Cyber team passively monitored the airwaves of yachts at the show to gain information about the security controls onboard. The tests were split into two sections. Phase 1: A MYS19 Cyber review of the WI-FI and visible security systems protecting owners, crew and guests, and automation designed to highlight any obvious flaws that would allow unauthorised access. Phase 2: Deployment of a fake deception system on the show WI-FI, with enhanced monitoring, designed to highlight security reconnaissance and attempted to hacking of systems at the show.
Phase 1 Findings
Our MYS19 Cyber Review identified 675 distinct wireless networks at the show, these included show WI-FI, yacht internet and control systems and personal hotspots. 17 were found to be ‘secured’. All others deomonstrated vulnerability. 58 wireless networks related to ‘internal control systems’ were visible to anyone passing by. 11 were using an old encryption system that is prohibited. 29 were named YACHTNAME-OWNER, marking the owner as a target. 89 had no encryption or authetication. 564 shared a single password amongst all users.
Phase 2 Findings
Deception systems were connected to the MYS Wi-Fi system. Two other devices were identified making ‘active probes’ in the MYS airspace. Both devices attempted to connect to multiple vessels networks and exhibited behavior that is only used in the early stages of attack. MYS is a prime location to survey a potential target vessel system in a crowded environment where a hacker is unlikely to be caught. The MYS show Wi-Fi itself was of a good standard with individual user authentication at the wireless access point level and protection between users.
360 Maritime Security Services
Superyacht owners, guests and crew are increasingly subject to international terrorism, cyber-attack and piracy: ‘360 Maritime Security’ has gained maximum exposure to these evolving threats.
We are an amalgamation of three industry leaders, each with equal experience and expertise in their respective domains: Physical, Electronic and Cyber Security.
Using intelligence led risk analysis we are able to provide robust and innovative security solutions together with comprehensive advice on every aspect of physical, electronic and cyber maritime security.
Priavo Maritime Security is a leading Risk Management Company with extensive experience from time served within UK Special Forces, Maritime Anti-Terrorist Units, Intelligence and the Royal Marines Commando. We have experience on board all types of vessels and can provide armed transits, executive protection, crew training, intelligence reporting, audits and global assistance.
An onboard security system needs to automatically detect, track, classify and alert captains to approaching objects in the vicinity. We can provide clients with an electronic security system hosting a multitude of features to assess potential threats and filter out false alarms. Systems include drone detection, CCTV, long range surveillance, Inbound threat analysis, sonar and 3D imaging.
Using an integrated fabric of technical security controls we are able to provide optimum Cyber Security threat protection for vessels, families and crew. Bespoke crisis management plans, breach scenario planning, response protocols, crew and land-based staff training, phishing and attack simulation tests, advanced protection and monitoring are all available for multi-layered protection.