About the Project

This project is a physical demonstration platform for marine cybersecurity attacks. The project has replicated common marine systems found on ships and placed them on a small foam boat. Additional devices have been placed, and software has been written to attack these common marine systems and demonstrate the vulnerability of these common systems.

The simplest example of such a demonstration is a boat whose autopilot uses GPS readings to navigate. A route might be set where a series of GPS coordinates are input into route planning software. A simple cyber attack could involve accessing the GPS coordinates before they make it to the autopilot software and modifying them. This would cause the boat to steer off course as it tries to follow its planned route while its current positional data has been altered.

Motive

The marine industry is one of the last to increase cybersecurity measures. The average age of a cargo ship today is over 20 years old. Much of the technology used for communication between devices and control systems was developed without cybersecurity in mind. Much of this equipment will also continue to be in service for many years to come. This equipment poses many cyber risks that affect everyone involved in the industry.

There have been few efforts to increase the cybersecurity of ships. There is also a lot of proprietary information regarding communication protocols which makes these interconnected systems even harder to protect.

The motive behind this project is to create a physical demo that can demonstrate the impact of cyber-attacks. This may help to convince others within the industry of the seriousness of this issue, and the need to address it. Attacks may demonstrate a boat steering off course, operating at unsafe speeds, crashing into objects or other vessels, or grounding itself.

This project also involved researching different ways marine systems can be attacked, thus improving our knowledge of how to protect systems against said attacks.

Finally, the demonstration platform can also serve as a test platform to work on developing methods to improve the cybersecurity of marine systems and test out new protection measures.

Scope

This project focuses specifically on analyzing the NMEA2000 communication protocol as a cybersecurity vulnerability. It also looks at the Automatic Identification System (AIS) and VHF-Data Exchange System (VDES).

An analysis of many common systems regarding cybersecurity can be found here. Not all of these have been touched on by the project. This project mainly focused on the more physically dangerous cyberattacks and did not focus on attacks that involved things like stealing data and altering financial or cargo management systems.

Goal Outcomes of the Boat

• Offshore manual piloting

• Autopilot control via pre-planned GPS waypoint route, or compass heading

• A variety of cyber attacks in place on the NMEA2000 network via swapped T connectors

• Cyber attacks on the VDES/AIS systems

• A series of displays on shore to represent typical bridge displays, such as an ECDIS and instrument gauges. This will simulate the view a captain would have while piloting a ship, both in normal operation mode or while being hacked.

• An interface on shore to control the cyber attacks.

Implementation

You can find more details information about the project implementation here.

Project materials and components are listed here.