In 2018, I was invited aboard a mega-yacht at the Miami International Boat Show to “dock trial” satellite-communications equipment. A former Microsoft CEO was also aboard. Granted, the former executive was a guest, not the yacht’s owner, but his mere presence—especially if his phone was on the Wi-Fi network—made the yacht a tempting cybercrime target.
While this business-celebrity scenario was unusual, many executives and business owners use their yachts as second offices. That’s why hardware and software exist: to give owners greater network control.
Cybersecurity risks and network management were once simple, with high-latency, low-speed connections, but today’s high-speed communications create real concerns. KVH’s CommBox Edge Gateway devices and Secure Suite software are intended to protect onboard networks while providing user-friendly management tools, faster speeds and an improved user experience. Better still, the devices and software are agnostic about connectivity sources and airtime providers.
KVH’s CommBox Edge Gateway 2 and 6 are black-box devices that serve as the endpoint of a yacht’s network before it hits the internet. Robert Blackman, KVH’s senior manager of service business development, says that while both models serve similar functions, the Gateway 6 offers more memory and power.
“The hardware is somewhat irrelevant,” says Blackman, noting that a virtual black box is also available. “They are mechanisms to get the software out there. The power is in the software.”
All versions of the CommBox Edge run KVH’s Secure Suite, an intrusion-prevention system built on Cisco’s technology. This includes Cisco Talos, which detects and blocks emerging and known threats, and Cisco Snort, which monitors and analyzes traffic for malicious activity, and then responds in real time.
Talos creates and continuously updates threat “signatures” and rule sets based on patterns. Snort uses these signatures to identify and counter cybersecurity threats.
“If a threat is detected, the Snort engine will block it,” Blackman says. “Secure Suite can also quarantine the infected PC and isolate it until a human operator has reviewed it.”
Additionally, Secure Suite can reset connections, adjust firewalls, alert administrators and log all intrusion threats in a secure cloud for analysis.
Secure Suite also includes a Threat Dashboard, where owners or administrators can see the threats that have targeted the yacht’s network, and the steps taken to mitigate them. Downstream users won’t even see traffic that Snort blocks.
While Secure Suite works to prevent intrusions, it still allows legitimate traffic, and false positives can be white-listed via the Threat Dashboard tool.
KVH offers light and standard CommBox Edge packages focused on network management, as well as the Secure Suite. High-profile clients who run businesses from their yachts likely opt for the secure option, while others may choose more-basic packages.
While Secure Suite provides cybersecurity, CommBox Edge devices are also network management tools. “It’s a sophisticated, software-defined, wide area network appliance,” says Blackman, referring to hardware and software that manage airtime, bandwidth and data quotas. “It gives users a single-pane view to manage the whole vessel.”
Administrators can also globally blacklist websites or throttle data speeds for crew while ensuring owners enjoy the fastest service.
This is where network bonding comes in. Many yacht owners now run hybrid networks involving legacy VSAT, low-earth orbit sat-comms (Starlink or OneWeb), cellular and Wi-Fi. While these options can work well individually, CommBox Edge devices can take two connections with similar speeds, bandwidth and latency, and then create one seamless connection.
Such a setup provides automatic failover if one link fails, while also boosting speed. “It accelerates the packets by giving it a shove from behind,” Blackman says.
In addition to improving speeds, CommBox Edge provides secure remote access, allowing technical fixes from afar. “If a vessel has connectivity, we can connect to it and the devices on its network,” Blackman says. For example, if a camera misbehaves, a technician can be given a URL that connects only to that device to troubleshoot. To further bolster security, users can limit the time a third party has access before permissions are revoked.
CommBox Edge devices can work aboard a wide range of vessels, but KVH’s targeted sweet spot starts at the length overall of about 60 feet. Owners can use the platform with any cellular, satellite or Wi-Fi provider. “You don’t need your connectivity with KVH,” Blackman says, noting that owners can often save money by using CommBox Edge to manage bandwidth and enforce quota controls.
High-net-worth individuals and executives like the Microsoft CEO I saw during that dock trial will always be cybercrime targets, but KVH’s CommBox Edge Gateways and Secure Suite software are tools that can bolster security, speed and network control aboard a variety of vessels.
Hardware Options
KVH makes two versions of its CommBox Edge Gateway, namely the CommBox Edge Gateway 2 and the CommBox Edge Gateway 6. While the 6 (as shown above) offers more memory and power than the 2, both devices run KVH’s Secure Suite, which is an intrusion-prevention system that’s built using Cisco technology. Additionally, both devices can help yacht owners manage their airtime, bandwidth and data quotas.
Virtually There
KVH’s CommBox Edge 2 and 6 support Secure Suite software, but a virtual-machine version is also available. This version can reside on an onboard server or on third-party hardware, provided it meets KVH’s specifications.
