Attack Surface of Ships
Last updated
Last updated
The AIS system provides situational awareness to ships. Ships must periodically transmit AIS messages containing the ship’s name, position, speed, voyage information, and physical dimensions. AIS allows ships to view marine traffic and make safe decisions. It is also 4used in search and rescue operations and can send distress or man overboard (MOB) signals to nearby vessels.
AIS messages are broadcast over VHF radio and are therefore susceptible to jamming. Jamming attacks transmit noise over the radio frequencies used for AIS, so nearby vessels can not send or receive any AIS data. A jamming attack could be hazardous in poor weather with low visibility when other ships are nearby. AIS data is neither encrypted nor authenticated, so spoofing attacks where fake AIS data is broadcast is also possible. Fake AIS information could lead a captain to change the route and steer toward an obstacle. Spoofing and Jamming AIS signals are inexpensive and can be done with about $4000 of equipment.
VDES is a newer system that builds on the capabilities of AIS, provides higher data rates, and uses a more sophisticated modulation scheme. AIS only has a horizontal reach of 74 km, and VDES helps close these gaps with satellite communication, which creates a global data exchange system rather than the ship-to-ship and ship-to-shore communication of AIS. With a larger bandwidth, more information can be transmitted with VDES than with AIS.
Without encryption, VDES is susceptible to the same attacks as AIS. However, VDES standards are yet to be finalized, and the greater capabilities of VDES mean that it could be designed to support encryption. Encryption of messages would mean that only the intended recipient can decrypt the message. However, the adoption of encryption is controversial because it is ideal if all navigation data is available to all vessels and authorities for safety purposes.
Global Navigational Satellite System (GNSS) refers to groups of satellites that provide positional and timing information to GNSS receivers. GPS is the most common GNSS system and is the GNSS system that this report will cover. There are five other main GNSS systems operated by China, Europe, Russia, India, and Japan. GPS provides latitude, longitude, altitude, and time to receivers. GPS signals are relatively weak, and a hacker can spoof a GPS signal by transmitting a stronger false signal to the target receiver. GNSS or GPS jamming and spoofing affects not only the maritime industry but also law enforcement, on-land transportation, and mobile mapping systems.
Most vessels use NMEA 0183 based on RS-422 or NMEA 2000 based on SAE J1939 for communication between devices. These protocols are used in networks that connect all sensors onboard, and the information can be used by an autopilot, ECDIS, and instrument display panels to guide human decision-making and autonomous control. Sensors could include GPS, engine monitors, weather monitors, a current sensor, a wind sensor, and a rudder feedback sensor. AIS and VDES data are also sent through the network.
NMEA 0183 is a serial protocol that uses ASCII sentences, where data fields are separated by commas. The network is centered around the ECDIS, and double cabling is required for bi- directional communication.
NMEA 2000 uses a Controller Area Network (CAN) bus to send messages. NMEA 2000 requires less cabling than NMEA 0813, as all devices are connected on a single backbone. NMEA 2000 data is transmitted through CAN frames and deciphered with PGNs made available to those who purchase the standard.
Signal K is an open-source alternative to NMEA. It was designed to support innovation and research within the marine industry. Marine equipment manufacturers have yet to adopt it for commercial products, but it is common in hobbyist projects. The NMEA protocols were not designed with cybersecurity in mind. Messages sent between devices are not encrypted. In the NMEA 2000 network, an attacker can access the entire network from a single compromised device due to the bus topology. Critical monitoring systems for the engine and power systems are fed through the network, and alarms could be disabled, putting the ship at risk if a problem goes undetected due to filtered NMEA messages. Sensor readings and AIS information used by an autopilot or ECDIS could be modified, ultimately leading to collisions, delays, damages to the ship, and putting onboard personnel at risk.
Two systems commonly found on ships’ bridges are an ECDIS and a VDR. The ECDIS is a digital chart display used for route planning and monitoring.
The ECDIS is the most essential navigational device on a ship. Some ships are even required to have a backup ECDIS. Many ECDISs have out-of-date operating systems that no longer receive security updates. They could be susceptible to ransomware attacks which would cause significant delays.
The VDR records all data during a voyage. It reads data from the NMEA network, information entered into the ECDIS, and even voice recordings from the bridge. The VDR is essential to investigate incidents that occurred while on the water. Modifying information stored in a VDR could be a target for attackers trying to hide a cybersecurity breach. As the ECDIS and VDR are connected to NMEA networks, they can also serve as access points to attack the NMEA network.
