Cybersecurity – Yachts under attack, 1st chapter

Components

Cybersecurity on board is no longer a topic reserved for a handful of IT specialists, but a shared responsibility that involves the entire yachting ecosystem: from the shipyards that design and build, to owners who are called upon to protect their vessels in an increasingly connected environment

by Giuseppe Massimiliano Pennisi*

The latest-generation yachts, actual concentrations of design, luxury and digital technology, now integrate advanced telecommunications systems for Internet and voice connectivity, sophisticated entertainment platforms, and complex IT systems that manage navigation, anti-collision, propulsion control and onboard safety. In essence, a modern yacht functions as a floating smart home, constantly connected to the network, and for this reason, it represents a high-value, low-risk target for cybercriminals.

However, it would be wrong to think that only the most sophisticated yachts present vulnerabilities: even older vessels, although lacking the advanced technical solutions of modern ones, can present points of entry through seemingly secure digital devices.

Digital forensic investigations conducted following ‘unexplained failures’ have demonstrated that cybercriminals have long targeted yachts, and the number of attacks is steadily increasing.

In an increasingly digital nautical environment, cybersecurity therefore becomes an essential component of overall onboard safety. The idea that a cyberattack can only affect merchant ships is a dangerous illusion: yachts have long been a growing target for cybercriminals, as shown by digital forensic analyses carried out following “unexplained failures,” and the number of attacks is constantly increasing.

Custom Line 50 @Leonardo Andreoni.

The intersection between IT and OT:
the main vulnerability

Onboard technology is divided into:

  • information technology (IT), telecommunications systems, entertainment, electronic charting, radar and identification equipment.
  • operational technology (OT), systems that control propulsion, electrical power and fresh-water generation, fire safety and flooding protection.

Integration between IT and OT technologies, often supplied by different manufacturers and lacking adequate cybersecurity-driven design, exposes onboard systems to significant vulnerabilities. To this, we must add the use of remote access, which is often managed without strict controls, and the frequent lack of crew training in cyber-risk awareness, which remains one of the main attack vectors exploited by hackers.

Areti @Tom Van Oossanen.

Reasons and consequences of attacks

Cybercriminals target yachts for:

  1. activism/terrorism, demonstrative acts with political or social aims;
  2. economic motives, ransom demands (ransomware) to unlock operating systems or data.
  3. espionage, theft of confidential information and/or images of passengers (a crucial factor when VIPs are on board).

The consequences of an attack can be devastating:

  • physical safety risks, an attack on OT systems can endanger the safety of crew and passengers.
  • financial losses, costs to repair damage, payment of fines for breaches of sensitive data, or extortion payments.
  • reputational damage, loss of trust for the owner, particularly in the luxury charter market.

Maersk’s 2017 attack (over $300M in damages and reputational fallout) suddenly heightened awareness of cyber risks in the maritime sector worldwide. More recently, in 2022, the hacker collective Anonymous targeted Vladimir Putin’s superyacht Graceful to access sensitive data and alter its position on the Marine Traffic portal.

Tankoa S701 Solo, photo credit by Blueiprod.

Digital protection is no longer optional, but a shared responsibility: from shipyards that design increasingly connected systems to shipowners who must ensure their proper management and defence. Carefully assessing cybersecurity means protecting the yacht’s value and the people who board it.

The regulatory framework

Maritime safety regulations fall under the responsibility of the International Maritime Organisation (IMO), a UN agency. IMO regulation MSC.428(98), adopted in 2017, introduced the obligation to consider cyber risk in the Safety Management System (SMS) starting from 1 January 2021.

This regulation has been reinforced by the UR26 and UR27 requirements of the International Association of Classification Societies (IACS), which set out requirements for the cyber-resilience of ships and onboard systems. These rules have been mandatory since 1 July 2024 for ships subject to the SOLAS code. Still, the more forward-thinking classification societies and owners have extended them to superyachts as a voluntary reference to ensure an adequate level of security. Non-compliance can result in fines, operational restrictions, and exclusion from charter contracts.

A strategy for protection

To protect both the investment and safety on board, owners and managers must adopt a holistic strategy that includes:

  • continuous crew training, to mitigate the risk generated by the human factor, considered a critical vulnerability;
  • network segmentation, creation of separate “zones” (OT, crew IT, guest IT) to isolate potential attacks;
  • strict management of remote access;
  • management of updates: regular updating of operating systems, software, and firmware;
  • adoption of an incident response plan, to provide the crew with clear procedures to follow in the event of an attack (system isolation/restore, etc.);
  • periodic security audits, to be carried out by specialised companies to verify the level of cyber-resilience.

The integration of IT and OT technologies, often supplied by different manufacturers and lacking adequate cybersecurity design, leaves onboard systems vulnerable.

The yachting sector has now entered a new era of safety, in which the cyber threat is as real as the physical one. Ignoring it does not mean avoiding it; it simply means leaving the door open to intrusions that can compromise the vessel’s safety and the privacy of the owner and guests. Today, digital protection is no longer optional, but a shared duty: from shipyards that design increasingly connected systems to owners who must ensure their proper management and defence. Carefully assessing cybersecurity means safeguarding both the yacht’s value and the people who come aboard

*Giuseppe Massimiliano Pennisi

Giuseppe Massimiliano Pennisi is a Captain, with degrees in Maritime and Naval Sciences from the University of Pisa and in International and Diplomatic Sciences from the University of Trieste. He specialises in telecommunications, radar and electronic warfare. Over the last decade, he has been involved in training defence personnel specialising in telecommunications, IT, cybersecurity and digital forensics. He has set up numerous master’s degrees and university courses in these fields in partnership with leading national universities. He was part of the working group for the creation of a virtual cyber range and of national and international working groups to define professional roles in the field of IT security. To request an assessment or security test, please write to: [email protected].

(Cybersecurity – Yachts under attack, 1st chapter – Barchemagazine.com – Excerpted from Barche, January 2026)