As you've probably guessed, the answer is "yes" and "yes." AIS (Automatic Identification System) is required on ships over 300 gross tons and all passenger-carrying vessels. Marine navigation aids (lighthouses, buoys) are also being equipped with AIS transmitters.
Your boat may not be required to have AIS but you may rely on it to give you information about navigation aids or ships near your area. At a 2013 security conference in Kuala Lumpur a team of computer security experts (using homemade equipment) showed how they found a way to fake ship positions, collision alerts and weather forecasts, among eight types of security attacks.The team also demonstrated how they created an imaginary ship off the coast of Italy.
"The team said that except for the fake ship creation off the Italian coast, all other attacks were conducted in controlled lab environments. They also informed various coast guards and marine-based agencies before carrying out their tests, including the International Telecommunications Union (ITU), which designed the AIS." (Professional Mariner, Oct. 16, 2013)
The team explained that AIS has no authentication or security mechanisms, so hacking is possible. Apparently when AIS was introduced about 10 years ago, the developers didn't consider security measures for the system. Similar security flaws are apparently found in two other essential marine navigation technologies: GPS and ECDIS (Electronic Chart Display and Information System) used by ships for viewing digital nautical charts.
The ramifications of having fake data showing up on AIS, GPS and ECDIS screens are serious. Collisions, terrorist opportunities and piracy against shipping could be created by criminal hackers. We will see how long it takes to put strong security mechanisms into these vital systems.
For more details on this security threat see http://www.reuters.com/article/2014/04/23/us-cybersecurity-shipping-idUSBREA3M20820140423
Your boat may not be required to have AIS but you may rely on it to give you information about navigation aids or ships near your area. At a 2013 security conference in Kuala Lumpur a team of computer security experts (using homemade equipment) showed how they found a way to fake ship positions, collision alerts and weather forecasts, among eight types of security attacks.The team also demonstrated how they created an imaginary ship off the coast of Italy.
"The team said that except for the fake ship creation off the Italian coast, all other attacks were conducted in controlled lab environments. They also informed various coast guards and marine-based agencies before carrying out their tests, including the International Telecommunications Union (ITU), which designed the AIS." (Professional Mariner, Oct. 16, 2013)
The team explained that AIS has no authentication or security mechanisms, so hacking is possible. Apparently when AIS was introduced about 10 years ago, the developers didn't consider security measures for the system. Similar security flaws are apparently found in two other essential marine navigation technologies: GPS and ECDIS (Electronic Chart Display and Information System) used by ships for viewing digital nautical charts.
The ramifications of having fake data showing up on AIS, GPS and ECDIS screens are serious. Collisions, terrorist opportunities and piracy against shipping could be created by criminal hackers. We will see how long it takes to put strong security mechanisms into these vital systems.
For more details on this security threat see http://www.reuters.com/article/2014/04/23/us-cybersecurity-shipping-idUSBREA3M20820140423
RSS Feed