Remote connectivity on electric boats can be useful for many reasons. It allows a manufacturer to see exactly what is happening with a boat’s battery pack down to the balance of each individual cell module. They can monitor the performance profile, how much power is being used, the charge state, the charging power, and even make software updates over the air.

Boat customers also love this because they can see their own boat’s location and data through an app, check alarm status, and even control functions such as charging and climate control.

However, if manufacturers and their customers can access all this data, so can potentially harmful actors. With high-profile and high-net-worth customers purchasing electric boats, protecting their data has become more important than ever.

Harmful actors might target a specific individual through their boat connectivity to see exactly where they’ve been via GPS trip history, their locational usage patterns, and even their real-time location. They can also target individuals through customer profile data, including home addresses and payment information stored on company servers or in cloud systems.

While commercial vessels using AIS are always tracked, private individuals enjoying time on their boat with family and friends may not want their locations tracked and potentially exploited.

“For electric boat companies, protecting operational and user data is not just important—it’s essential,” says Andrew Benyo, a cyber security expert and ethical hacker responsible for protecting shipboard networks for the U.S. Coast Guard.

“These boats collect and transmit sensitive information like location, performance metrics, and even owner data. If left unsecured, that information can expose manufacturers and their clients to significant privacy, safety, and reputational risks.”

Benyo recommends utilizing a cyber security company or expert to assess data security policies and procedures. If data is stored locally, this often involves isolating data servers from the rest of the network and tightly controlling access. It also means training employees on data security protocols.

“Things like current vessel GPS location should be on a need-to-know basis,” says Benyo. “Companies need to take proactive steps to secure their data to ensure their customers’ information is protected. Even small companies are vulnerable to cyber attacks, which could cost them everything.”

This includes ransomware, a type of software that encrypts company data until a ransom is paid. A cursory search for “ransomware” in any news database reveals a frightening list of recent attacks on companies both large and small. Benyo notes there are over two thousand attacks per day in the United States alone.

Protecting against data leaks should be front of mind for electric boat companies starting to sell boats to customers. Data leaks could lead to PR crises, lawsuits, or even operational shutdowns.

Understanding Cyber Attacker’s Motivation

Why exactly do cyber attacks occur? “Follow the money.” says Matthew Roberts, Director of superyacht cyber security firm Anchorpoint. There are many ways harmful actors can gain unauthorized access to data, but the most important question to start with is “why?”

Even though the risks associated with exploiting a boat’s location could be catastrophic, Roberts believes the likelihood of this happening is low.

Roberts explains that criminal actors are primarily trying to make money, and their activities are in line with that goal.  For example, ransomeware attacks are profitable when a company pays a ransom to un-encrypt data, or prevent a public release of data. Other common exploitative money making activities include submitting a realistic looking, but fake invoice to a business which gets paid by the accounts payable department. 

Cyber Security Best Practices

To secure boat and company data, companies might first hire a consultant to conduct an initial assessment of data security protocols.

Next, it’s recommended to designate a team member as the data and cyber security chief or hire an ongoing fractional consultant such as Roberts’ firm, Anchorpoint. Cyber security ought to be on the agenda at least monthly, to review the latest industry best practices and take small steps to prevent attacks. 

From a customer standpoint, boat companies may want to integrate an option to disconnect remote connectivity either with a physical switch, or through a software firewall which puts privacy control back in the hands of the boat owner.

Changing Tactics, Constant Philosophy

Data security is not something to constantly worry about, but to be aware of what the potential for harm is and to be mindful of it. And keeping in mind that technologies and methods of attack are always changing, it should be something that should be frequently attended to it. Instead of viewing data security as one monumental task to be set up once and then forgotten about, it is better to view it as a constant and ongoing part of the business. 

As Roberts says when it comes to cyber security, “Do a little, and do it often.”

 

 

 

Sources

• WIRED Article:
  Greenberg, A. (2024, September 25). Millions of Vehicles Could Be Hacked and Tracked Thanks to a Web Flaw. WIRED. https://www.wired.com/story/kia-web-vulnerability-vehicle-hack-track/

• ZDNet Article:
  Whittaker, Z. (2024, July 9). No one pays ransomware demands anymore. So attackers have a new goal. ZDNet. https://www.zdnet.com/article/no-one-pays-ransomware-demands-anymore-so-attackers-have-a-new-goal/