Thankfully, megayacht owners are getting smarter about cybersecurity. Unfortunately, there’s another potential threat to keep in mind: listening devices, a.k.a. bugs. This is according to Matt Horan (below), security director of C3IA Solutions. Horan, whose company works with the UK military, corporations, and private individuals, says his bug sweepers have begun checking megayachts in recent months. The discoveries are cautionary tales for other owners.
C3IA, established in 2006, offers security and technical services for data risk management, cybersecurity training, and related matters. Horan says megayacht owners who’ve contacted him have done so for a common reason. “Often a client will become suspicious when something he has said onboard is repeated elsewhere,” Horan explains. Therefore, he continues, someone recorded the conversation.
C3IA does find that more owners are more cognizant of cyber risks, he stresses. However, listening devices are small, and therefore easily hidden. “With the regular changes of crews and the yachts being chartered to third parties, these are many more opportunities for bugs and devices to be planed,” Horan says. C3IA declined to comment about how many megayachts it has addressed. However, Horan does say that his team has checked yachts from 130 to upwards of 300 feet (40 to 91 meters). Furthermore, the common thread among them is that they recently chartered.
Charter or not, various reasons exist why individuals plant bugs. Horan says corporate competitors sometimes strive to steal secrets. In other cases, spouses suspect infidelity.
C3IA, which employs a number of former military personnel, undertakes a few steps when an owner requests assistance. Sweeping the yacht can, especially for the largest megayachts, take a few weeks. The team also conducts an audit of the yacht’s recent movements. In addition, it performs background checks on crewmembers and even suppliers. “We’ll also conduct a vulnerability analysis on the yacht’s IT networks,” Horan says. This allows C3IA to uncover potential technical issues, as well as where security can be even stronger