There are multiple potential cyber threats to navigation systems, such as radar and ecdis, from its connection to other ship systems and links to online services through satellite communications. Malware could enter a system through an attachment in an e-mail. There could also be human-based threats, where viruses could be introduced by a USB stick slotted into ecdis by navigators loading route plans, or service engineers doing software updates.
NCC Group research director Andy Davis said navigation equipment needs to be segregated from other onboard systems and communications to prevent cyber attacks. Other threats could come from the spoofing of data that navigation aids use for ship positioning and route checking. “Ecdis is vulnerable during software upgrades and ENC updates, or from cyber attacks on the Global Navigation Satellite System (GNSS),” he explained. He said software defined radio transceivers could be used to transmit ship Automatic Identification System (AIS) or vessel traffic system (VTS) information that would also affect ecdis. “Someone could spoof the radio signal used for positioning and timing data over GNSS, or the AIS or VTS signals. Or they could send malicious chart data that has the potential to compromise ecdis software, to potentially corrupt data that triggers software flaws.”
Full article can be viewed here
This article by NCC Group a well respected security research company is spot on. At present vessels are not always connected to the Internet, meaning an attacker simply scanning a network might not find a vessel. This will change as vessels bandwidth and online connectivity changes in the future.
Today the main concerns would be;
- Infected USB drives physically plugged into ECDIS or other systems
- USB keyloggers installed by someone with physical access to a Masters PC
- Physical security/access to such systems by unauthorized personnel
- GPS spoofing/Clock skewing in confined waters
Our maritime contacts inform us that AIS while vulnerable is not too much of a concern for them. We also spoke with several older generation Masters who agreed that while in their generation technology was less and hence they didn't have to rely on it too much, the younger generation coming into the industry is more reliant on these technologies.
An example of this would be the move to ECDIS and less vessels carrying paper based maps on-board.
If an attacker can compromise ECDIS and attached systems and cause multiple systems to fail or indeed show wrong information incorrectly this could disrupt the vessels operations or potentially lead to an accident.