The Triton

Topics

Secure at Sea: AIS fraught with vulnerabilities

ADVERTISEMENT

Secure@Sea: by Corey D. Ranslem

AIS, or automatic identification system, has been around for about 20 years. The International Maritime Organization required the first AIS systems back in 2002 on certain types of vessels in critical areas of the world as an update to the SOLAS (Safety of Life at Sea Convention). The early requirements stated that all tankers and passenger vessels equal to or greater than 150 gross tons would be required to carry AIS, as well as all other ships of 300 gross tons or greater on international voyages, and 500 gross tons or greater on domestic voyages. 

There are additional restrictions that have been put in place over the years by various countries. The U.S. requires AIS on all vessels of 65 feet or greater. Initially, fishing vessels and passenger vessels carrying less than 150 passengers were exempt, but that changed when full AIS went into effect back in 2016. There aren’t many vessels today, including large yachts, that don’t have AIS on board.

The AIS signals are unencrypted VHF-based radio signals that provide some basic vessel information, including vessel name, position, course and speed. This information is used by port authorities and shoreside VTS (vessel traffic systems) for identifying vessels. This information is also integrated into a vessel’s ECDIS (electronic charting display information system) or navigation and radar to provide information on the other vessels around for better identification and collision avoidance. 

AIS is a great system that has enhanced collision avoidance and helped to improve vessel operations. However, there are numerous security vulnerabilities within the system. First, there are several vulnerabilities within the AIS system itself. It is very easy to intercept and change AIS information coming from vessels to shoreside facilities. It is also easy to “hack” into a vessel’s AIS and change its internal information. None of the information within the AIS system is encrypted, so it is very easy to change a vessel’s name, position, course and speed to just about anything and any location. 

The underlying issue with the AIS system is that there is no authentication within the system and no integrity check of any of the data. It is also very easy to build an AIS system to intercept and transmit erroneous data. 

Maritime security experts believed that pirates used AIS tracking to target certain vessels back in the early days of piracy, circa 2008. Now pirates, along with other nefarious actors, use AIS as a standard practice to carry out malicious activities. Many security experts recommend AIS transceivers be switched off while transiting high-risk areas. However, that is not always possible because of flag or coastal country regulations.

When you do some basic internet research, you can find several university and other research projects and studies conducted on the vulnerabilities of AIS, and how to carry out those various attacks. Even someone with basic computer knowledge could cause major issues with vessels and shoreside systems. Attackers could trigger false collision alarms or render the collision alarms useless in an actual collision situation. They can also change information to/from VTS and port authorities, causing issues with vessel arrivals and departures, as well as with collision avoidance. A hacker could theoretically render a VTS system useless and close a traffic area or port.

There are some global issues currently within the AIS system that need to be addressed on a political level that we won’t get into here. However, there are some basic measures that can be taken to ensure you are seeing and receiving the correct information. Double-check the output of your AIS to ensure the correct information is flowing from your system. Second, double check the information coming for other vessels that corresponds with the vessel’s radar or visual position in relation to your vessels. It doesn’t hurt to also ensure VTS and port authorities are seeing your correct information when navigating in restricted channels. 

Corey Ranslem, CEO at International Maritime Security Associates (www.imsa.global), has more than 24 years of combined Coast Guard and maritime industry experience. Comments are welcome below.

Related Articles

Rules of the Road: IMO revises radio equipment, polar ops

Rules of the Road: IMO revises radio equipment, polar ops

Rules of the Road: by Capt. Jake DesVergers The International Maritime Organization is a United Nation’s agency  assigned duties to ensure international safety. Tasked with developing …

Secure at Sea: Guide helps set up cyber security plan

Secure at Sea: Guide helps set up cyber security plan

Secure@Sea: by Corey Ranslem Cyber security is a hot topic. It’s  become one of the most dominant and expanding threats to the maritime industry, and it’s increasing at rapid rates. A day …

Secure at Sea: Piracy skyrockets in Caribbean as Venezuela turmoil escalates

Secure at Sea: Piracy skyrockets in Caribbean as Venezuela turmoil escalates

Secure@Sea: by Corey Ranslem The country of Venezuela has been in a deteriorating security and economic situation for a number of years. Most mariners who understand the politics and geography …

Secure at Sea: Yachts off Mexico need plan for piracy

Secure at Sea: Yachts off Mexico need plan for piracy

Secure@Sea: by Corey D. Ranslem Piracy off the Gulf Coast of Mexico has been prevalent for several years. Pirates in this region are typically organized gangs that specifically target the Mexican …

Monaco19: YCM offers new courses

Monaco19: YCM offers new courses

By Lucy Chabot Reed The Yacht Club de Monaco announced a suite of new courses being developed and ready for offer in the coming weeks. Polar Code Capt. Jan Persson, CEO of 90North Ice …

Rules of the Road: Trackers play crucial role in emergencies

Rules of the Road: Trackers play crucial role in emergencies

Rules of the Road: by Capt. Jake DesVergers During a recent accident investigation, a vessel was lost at sea in poor weather conditions. Thankfully, no one was injured in the emergency. However, …

Comments

Leave a comment

Your email address will not be published. Required fields are marked *

Please answer the question below to leave a comment. * Time limit is exhausted. Please reload CAPTCHA.

This site uses Akismet to reduce spam. Learn how your comment data is processed.