Cyber Security in Recirculating Aquaculture Systems (RAS)

My interest in the world of Aquaculture started around 7 years ago during my undergraduate studies at Swansea University. This interest was intensified through further studies and by taking a career path in a subsector of Aquaculture known as Recirculating Aquaculture Systems (RAS). RAS can be understood as a fully controllable semi-closed biological production system.

Recently, this production method has gained worldwide interest due to its potential to produce sustainable marine and freshwater products. There are numerous variations in these systems which are dependent on the operator or the initial system design team. RAS is complicated and still relatively young.

A more recent interest that I have developed, which has resulted in a healthy paranoia, is cybersecurity. I have always had a surface level understanding of information technologies, the benefits of increasing such capabilities as well as the challenges that are attached with such advances. However, it is through recent learnings that I have started to scrape into the surface of the potential threats available through criminal actions on information technologies and the attached process control systems (PCS).

These threats have been increasing rapidly with targets moving from the stereotypical act of stealing information from users to halting or affecting production systems. The aquaculture sector is vulnerable to a range of current (and future) threats. What about a more sophisticated social engineered enhanced attack which could lead to IP theft, or intentional changes to production systems leading to reduced performance? The potential threat and impact to aquaculture, RAS especially, is compounded by the accelerated growth the sector is currently experiencing. Internet of Things (IOT) and Artificial Intelligence (AI) being just some of the new innovations being integrated into process which could increase the risk of cybersecurity threats and the effects of any successful attempts. These potential vulnerabilities ask several questions including, but not limited to; is the sector prepared? What defenses are in place? Are vulnerabilities identified? Etc.

I hope that this may start to highlight what could become a significant problem to the sector in the future, by discussing and tackling this problem early on it could ensure the best outcome for the sector. If there is anything in this that you have considered for your operation or you have previous experience in, then please get in touch and I will be very grateful for the opportunity to discuss it further. Also, if you have any stories regarding this topic then I would be greatly interested in hearing them.

By Edward Miller, Cybersecurity + RAS Tech

For more information and/or to contact Edward, email