Find Manufacturer/NMEA Dealer
 Find a Product
 Company Name
 Zip/Postal Code

KVH TracPhone V3-HTS

SiOnyx Aurora

SiOnyx Aurora

SiOnyx Aurora

NMEA Boater Blog
Onboard cyber security--know your vulnerabilities

By Jim Fullilove
MEJ Editor

Unwanted intrusions into our cyber lives are all too common these days, whether it’s viruses downloaded via bogus offers that lock up the works, ransomware that holds your computer system hostage until a fee is paid or some hacker that mines your device for personal information. For boaters there’s also the possibility that your GPS or AIS (Automatic Identification System) can be jammed or spoofed, which boils down to the devices providing false positioning information. 

When I’ve talked to people in the marine business who are involved in cyber security, they often downplay the probability that recreational boats will be subject to cyber attacks. They argue that there’s nothing to be gained by hacking into a boater’s communication device—and possibly delivering a virus to the boat’s electronic network--by way of a phishing email or viral attachment. I’m not so sure about that. Full connectivity provides many benefits, but it also brings vulnerability. 

Virus hamstrings a containership

A good example occurred a few years ago aboard a commercial vessel—a containership. A crewman plugged his smartphone into a USB port on the helm to charge it. Unbeknownst to the crewman the phone contained a virus that wiggled its way into the ship’s Electronic Chart Display and Information System—a very sophisticated type of integrated multifunction display—and crashed it. Fortunately the ship was dockside and not at sea. If things like this can happen aboard a large ship, it can also cause havoc or worse on a sportfishing machine or family cruiser.

As for the "what’s to gain argument,” how about downloading ransomware that finds its way into your MFD and from there perhaps into your engine controls and locks things up until you pay the ransom?

I had an opportunity to sit in on a presentation at the NMEA Conference & Expo by cyber security consultant Gary Kessler (Gary Kessler Associates). He put a fine point on the magnitude of the problem. In the maritime industry, 80% of large companies reported a cyber attack in the prior year. (Kessler pic) Ten percent reported a successful breach while 28% reported a thwarted attempt. Among large companies, 69% were confident of their defense readiness, while only 6% of small companies and 19% of midsize companies felt prepared. At the same time, only 6% of those small companies had cyber security insurance.

"Marine systems are a target,” a PowerPoint slide pointed out. "Dealers, vendors and manufacturers have the same vulnerability as everyone else, including cybercrime and cyberfraud, hacking, supply chain vulnerabilities and intellectual property theft. If marine electronics have weak security, those products–and their supply chain–will be targets of cyber-based attacks.” 

Networks are vulnerable

He said vessels are particularly vulnerable because of networked systems, including bridge navigation, communications, propulsion, steering, monitoring, security, cargo handling and bilge management and others. Kessler warned of poor security in protocols and network design, pointing to satcom terminals that may be exposed on the Internet and administrative interfaces that are accessible via insecure protocols as well as no message authentication or encryption. Another major area of concern and exposure is "poor security hygiene” by users with easy-to-guess passwords. Other attacks include ransomware demands, especially if that involves a ship’s control systems while at sea, as well as jamming and spoofing GPS and AIS.

Kessler concluded with this recommendation: If you know what your systems’ vulnerabilities are, you’ve got a shot at understanding the threats—the probability that the weaknesses will be exploited and by whom. If you focus mostly on the threats and not the vulnerabilities, you’re probably already in trouble. 

We’re in the process of backgrounding the severity and likelihood of cyber attacks that target both recreational and commercial vessels for an extended article or two in Marine Electronics Journal. When we publish it we’ll share that information with you via The Mic. Meantime, we recommend that you heed Kessler’s warning and advice.

Related Articles:

Comments | Leave a Comment
Page 1 of 3 ( 13 comments)

Jp:(8/11/2018 5:28:29 PM) "I have a 2018 Yamaha f40 la and Humminbird helix 7 di , I would like to leverage the nema 2000 capability of the helix 7 to display engine info, what do I need , Humminbird does have a gateway and lowrance makes a Yamaha nema cable, but I'm reading connectors are proprietary . How can I get what is needed?

Since these products are not NMEA 2000 certified there is little assurance that they will share data with each other.

1. Here is the link to see all NMEA 2000 certified products:

2. The NMEA 2000 cables and connectors are from many manufacturers: Here is the link for approved cables and connector manufacturers:

AC/DC grounding distance:(8/2/2018 1:29:35 AM) "What about the grounding points of AC /DC systems? can they be grounded at the same point?
If one system has both AC and DC can they both be grounded to a common buss-bar that has only one conection to the hull?

Here's what Ed Sherman, electric tech guru at the American Boat & Yacht Council, said:

The ultimate goal should always be to tie ac and dc grounds together on board at a single point. In ABYC Standard E-11, it is described as “the engine negative terminal or its buss.” It is most commonly done at a buss."
Hard-Over with Brushed APilot Pump:(12/18/2017 5:37:05 PM) "Jim.
What do you mean by ...."Garmin GHP 20 with SmartPump...Because it is a brushless system, it is fail-safe and won’t execute a hard-over turn the way a brushed pump can."

Thanks for the note. Since the description came from Garmin I contacted the company for an explanation. Here's what one of their engineers told me:

On brushed DC actuators, a single-point failure in the drive circuit (shorted wire or blown component inside the controller) could cause the motor to run full speed in one direction and take the rudder all the way to one rail. A brushless actuator relies on timing-controlled commutation, so a short or component fail would cause the actuator to stop moving rather than moving at full speed.

Hope this helps,

trawlerdeejay:(10/13/2017 3:46:51 PM) "Excellent article. I had no idea what the differences were between o183 and 2000, Thank you so much."
Darryl:(3/27/2017 10:17:15 PM) "Putting the MSRP with each unit reviewed would have been helpful. If each unit was actually tested, the reports on each unit would have been helpful too.

Thanks Darryl---we generally don't mention prices due to confusion over so many variations---MSRP (mfg. suggested retail price), MAP (min. advertised price), MRP (min. resale price) and then there are internet prices on some websites that go their own way. But your point is well taken--buyers need to know if something is in their price range. We'll work on it.
There is independent testing of some of these products on sites like but the information we receive from manufacturers rarely cites the results of any shootouts they may conduct against the competition's products. "
Page:   1 2 3 Next >>

Comments | Leave a Comment

Name *
E-mail *
Comment *

Characters Left:
Post Comment As *
(Enter in the name that you want next to your comment)
Access Code
Please Enter Code *

Search Articles: