Posts

Upgrading our Ranger Tug R-25 with AIS and Boat Internet

-
Image
This rather long write-up documents two of my favorite upgrades to our 2024 Ranger Tug R-25: boat Internet and AIS. These two upgrades are actually completely orthogonal. I just happened to make both at the same time because I had the time and I wanted both. They are otherwise independent and you can do one or the other entirely separately.  If you are more a visual learner, Martin Nethkin has a great video on how he installed Peplink on his R-27. The documentation I have below is adapted to the R-25, but is based on what I learned watching him. He also has a short write-up about AIS  and a video on the benefits. Rationale - Why Do You Want To Do This? The reason is obviously different for the two, and neither is necessary. Automated Identification System (AIS) can operate in silent or bi-directional mode. In silent mode it receives AIS transmissions from any vessels transmitting them, including their radio station identifiers (MMSI) numbers. The information includes the ve...
Post a Comment
Read more

Warning: Regulations May Harm Your Security

-
Like many of you, I have spent decades trying to devise security controls that comply with various regulatory requirements. In some cases, they are actual regulations, like FINRA 17a-4, GDPR, HIPAA, NYDFS Part 500, and PCI DSS. In other cases, the regulation is an industry standard to demonstrate adequate controls to business partners and customers, such as NIST CSF and SOC 2 Type II; or a requirement for some customers, such as FedRAMP. While every one of these is well intended and they all have some requirements that are sensible, they also have the potential to cause harm, primarily in one of two ways.  Regulatory Compliant Does Not Mean Secure Regulatory compliance is often presented as a voucher or certification. Management often celebrates that we “passed our certification”. First, most of the regulations are not actually certifications. For instance, as a merchant, you are not “certified” under the Payment Card Industry (PCI) Data Security Standard (DSS). You are assessed,...
Post a Comment
Read more