There are multiple potential cyber threats to navigation systems, such as radar and ecdis, from its connection to other ship systems and links to online services through satellite communications. Malware could enter a system through an attachment in an e-mail. There could also be human-based threats, where viruses could be introduced by a USB stick slotted into ecdis by navigators loading route plans, or service engineers doing software updates.
NCC Group research director Andy Davis said navigation equipment needs to be segregated from other onboard systems and communications to prevent cyber attacks. Other threats could come from the spoofing of data that navigation aids use for ship positioning and route checking. “Ecdis is vulnerable during software upgrades and ENC updates, or from cyber attacks on the Global Navigation Satellite System (GNSS),” he explained. He said software defined radio transceivers could be used to transmit ship Automatic Identification System (AIS) or vessel traffic system (VTS) information that would also affect ecdis. “Someone could spoof the radio signal used for positioning and timing data over GNSS, or the AIS or VTS signals. Or they could send malicious chart data that has the potential to compromise ecdis software, to potentially corrupt data that triggers software flaws.”
Mr Davis also said there is potential disruption from resetting the date and time ecdis uses, which could disrupt the software or hardware, or generate logic errors. “There is the theory of the Y2038 bug,” he explained. “Data is stored as a 32bit integer number. This is the number of seconds from 1 January 1970 to now. So when we get to the time of 03.14 on 19 January 2038 this goes back to zero. So people could spoof the date and time to January 2038 and cause errors.”
He said the top threats are from viruses on USB sticks, internet-based intrusions, or from insider threats. Internet attacks could be direct by hackers, or inadvertent from Botnet software looking for any computers to attack. Mr Davis suggested methods for minimising the risk of encountering a cyber attack on ship systems. He recommended shipowners keep internet firewalls updated, install and keep updated antivirus software on primary computers on ships, to produce and enforce procedures for using USBs and ensure they are free of viruses before being connected to ecdis. He also recommended that systems are independently security tested.
The current and emerging cyber risks facing maritime industries will be discussed at Riviera Maritime Media’s upcoming Maritime Cyber Risk Management Summit. This will be held in London on 21 June, in association with Norton Rose Fulbright, and media partner Marine Electronics & Communications. Subjects to be covered include: What can be done to mitigate cyber risk and the latest best practices and technologies used to reduce the risks of a cyber security breach. For more information and to register for the event, visit the website.