We have already had this pointless discussion...
We have already had to listen to this kind of nonsense with respect to the ADS-B system as used for aviation. So I suppose that we will have to endure this every time some "security researcher" becomes aware of a new broadcast position reporting system.
Such systems are inherently susceptible to spoofing due to the nature of what they do. The researchers tend to suggest that a secure system is possible without actually proposing anything. The implication here is that every sailboat in the world could be registered in some system and that the credentials for such a system could somehow be kept secure in hardware that the owner has access to. That is obvious nonsense. The users of such systems are aware of their shortcomings and do not allow information derived from such systems to force them to do dangerous things. That is in the same way that they are expected to be able to withstand incorrect information from any navigation aid.
The stuff about making an Iranian "nuclear boat" appear somewhere is particuarly dumb. Plot elements from terrible action adventure movies should not appear in security reports.
Next the security researchers will be publicly appalled at how easy it is to spoof navigation lights. It only requires access to coloured flashlights! ... and marine radios... anyone can buy a marine radio and generate all the false distress calls and position reports that they want! This is obviously because lights and radios were invented before there was an internet ... or something...