Find Manufacturer/NMEA Dealer
 Find a Product
 Company Name
 Zip/Postal Code

KVH TracPhone V7HTS


Simrad GO7 XSE

Simrad StructureScan® 3D

NMEA Boater Blog
Onboard cyber security--know your vulnerabilities

By Jim Fullilove
MEJ Editor

Unwanted intrusions into our cyber lives are all too common these days, whether it’s viruses downloaded via bogus offers that lock up the works, ransomware that holds your computer system hostage until a fee is paid or some hacker that mines your device for personal information. For boaters there’s also the possibility that your GPS or AIS (Automatic Identification System) can be jammed or spoofed, which boils down to the devices providing false positioning information. 

When I’ve talked to people in the marine business who are involved in cyber security, they often downplay the probability that recreational boats will be subject to cyber attacks. They argue that there’s nothing to be gained by hacking into a boater’s communication device—and possibly delivering a virus to the boat’s electronic network--by way of a phishing email or viral attachment. I’m not so sure about that. Full connectivity provides many benefits, but it also brings vulnerability. 

Virus hamstrings a containership

A good example occurred a few years ago aboard a commercial vessel—a containership. A crewman plugged his smartphone into a USB port on the helm to charge it. Unbeknownst to the crewman the phone contained a virus that wiggled its way into the ship’s Electronic Chart Display and Information System—a very sophisticated type of integrated multifunction display—and crashed it. Fortunately the ship was dockside and not at sea. If things like this can happen aboard a large ship, it can also cause havoc or worse on a sportfishing machine or family cruiser.

As for the "what’s to gain argument,” how about downloading ransomware that finds its way into your MFD and from there perhaps into your engine controls and locks things up until you pay the ransom?

I had an opportunity to sit in on a presentation at the NMEA Conference & Expo by cyber security consultant Gary Kessler (Gary Kessler Associates). He put a fine point on the magnitude of the problem. In the maritime industry, 80% of large companies reported a cyber attack in the prior year. (Kessler pic) Ten percent reported a successful breach while 28% reported a thwarted attempt. Among large companies, 69% were confident of their defense readiness, while only 6% of small companies and 19% of midsize companies felt prepared. At the same time, only 6% of those small companies had cyber security insurance.

"Marine systems are a target,” a PowerPoint slide pointed out. "Dealers, vendors and manufacturers have the same vulnerability as everyone else, including cybercrime and cyberfraud, hacking, supply chain vulnerabilities and intellectual property theft. If marine electronics have weak security, those products–and their supply chain–will be targets of cyber-based attacks.” 

Networks are vulnerable

He said vessels are particularly vulnerable because of networked systems, including bridge navigation, communications, propulsion, steering, monitoring, security, cargo handling and bilge management and others. Kessler warned of poor security in protocols and network design, pointing to satcom terminals that may be exposed on the Internet and administrative interfaces that are accessible via insecure protocols as well as no message authentication or encryption. Another major area of concern and exposure is "poor security hygiene” by users with easy-to-guess passwords. Other attacks include ransomware demands, especially if that involves a ship’s control systems while at sea, as well as jamming and spoofing GPS and AIS.

Kessler concluded with this recommendation: If you know what your systems’ vulnerabilities are, you’ve got a shot at understanding the threats—the probability that the weaknesses will be exploited and by whom. If you focus mostly on the threats and not the vulnerabilities, you’re probably already in trouble. 

We’re in the process of backgrounding the severity and likelihood of cyber attacks that target both recreational and commercial vessels for an extended article or two in Marine Electronics Journal. When we publish it we’ll share that information with you via The Mic. Meantime, we recommend that you heed Kessler’s warning and advice.

Related Articles:

Comments | Leave a Comment
Page 2 of 3 ( 13 comments)

Laurie Seibert:(2/16/2017 2:00:20 AM) "Thanks EV Collier for sharing this informative blog. It is important to know the causes of EMI filters. We use these parts in our daily life in the electronic products so we should know that what are the causes are cures of EMI Filters.

Great job and keep updating!

Laurie Seibert"
Yes:(2/10/2017 7:22:40 AM) "EMI/RFI filter causes and cure. There are very few people who share such information with everyone. I was looking to read such informative blog!

Great job!

Lisa Wilson
hugo:(1/30/2016 2:00:32 AM) "Why is no integrated ais transceiver available? Only recivers.


Each AIS system consists of one VHF transmitter, two VHF TDMA receivers, one VHF DSC receiver, and standard marine electronic communications links (IEC 61162/NMEA 0183) to shipboard display and sensor systems (AIS Schematic). Position and timing information is normally derived from an integral or external global navigation satellite system (e.g. GPS) receiver, including a medium frequency differential GNSS receiver for precise position in coastal and inland waters. Other information broadcast by the AIS, if available, is electronically obtained from shipboard equipment through standard marine data connections. Heading information and course and speed over ground would normally be provided by all AIS-equipped ships. Other information, such as rate of turn, angle of heel, pitch and roll, and destination and ETA could also be provided. Check out:"
Islander Sailboat Info:(12/4/2015 9:49:32 AM) "Great post!! This is the missing introduction I've been looking for. Thank you for taking a complicated subject and making it very easy to understand." 11:16:16 PM) "Excellent posting! thanks a lot for sharing this information.
Page:   << Prev 13 Next >>

Search Articles: