Page 48: of Maritime Reporter Magazine (November 2020)

SATELLITE COMMUNICATIONS

AIS: the Good, the Bad & the Ugly

By Matthew Bonvento rguably one of the greatest Dubai collided with Walcon Wizard an The ability to spoof a GPS of a local tools in the current state of unmanned crane barge being towed by ship, thus disrupting the AIS broadcast the industry, the Automatic the tug Kingston. Within the synopsis, is not new. What Dr. Kessler has brought

AIdenti? cation System (AIS) the UK MAIB accident report states that to light is the ability to broadcast an AIS is also an under rated security concern. the bridge watch on the Rickmers Dubai signal for a vessel or ATON that is not

With performance standards being set in did not maintain a proper lookout and in fact even there. This is due to the fact 1998 and IMO implementation adopted was relying solely on AIS information that within AIS, there are very few pro- in 2000 under Regulation 19 of SOLAS displayed on the ECDIS. Neither the tug tections that prevent the broadcast from

Chapter 5, cyber security was not the nor the barge were broadcasting on AIS, being abuse. That weakness is the fact greatest concern. AIS was implemented and thus not visible to the mate on watch that there is no veri? cation of the signal to enhance safety by allowing all users to who was not monitoring the RADAR. being transmitted from another vessel. identify vessels around them by name, There are numerous reasons why a As outlined in his recent paper, Protect- thus facilitating communications. The receiver of AIS data may not be receiv- ed AIS: A Demonstration of Capability unit allows for coastal states and port ing the correct information or any in- Scheme to Provide Authentication and operators to monitor approaching ves- formation at all. This can include faulty Message integrity, Dr. Gary Kessler fur- sels. In recent years AIS has been used installation or retro? t on board, other thering research has found some of the to track collisions, allisions, groundings vessels may be suffering the same, have following weaknesses: and other accidents. Hobbyists can work the AIS switched off, or not installed at AIS protocol weaknesses, including: with AIS providers to mount antennae to all. Of course one of the easiest ways to • Lack of validity checks: AIS mes- their homes and assist in tracking ves- disrupt an AIS signal is through the use sages do not include any geographic sels within reach. This data can then of GPS spoo? ng. This well known phe- validation information meaning that it is also be utilized by trade experts to track nomenon has gained recent notoriety possible for a bad actor to send an AIS the movement of goods throughout the during a series of spoo? ng incidents in message from any location while pur- world. Coastal states even have virtual Chinese ports last year. An article on 15 porting to be in another location.

Aids to Navigation (ATONs) in lieu of November 2019 in MIT Technology re- • Lack of timing checks: AIS mes- actual buoys, especially in places where view highlighted how GPS spoo? ng can sages contain no time stamp veri? cation having a physical ATON would not be move a vessel’s AIS location, course, information meaning that a cyberattack- practical. and speed anywhere. This spoo? ng can er can replay valid AIS information at a

With all of these amazing uses one put a vessel in the middle of a channel, later time of their choosing. would think that this system would be when in fact it was sitting at the dock the • Lack of authentication: The AIS robust and impenetrable. Recent experi- entire time. protocol provides no mechanism to au- ments have proven that this is not the Use of traditional RADAR and ARPA thenticate the sender, thus anyone with case. Dr. Gary Kessler, Cyber Security skills coupled with appropriate use of a the ability to craft or otherwise transmit expert has researched and shown how lookout can make a huge difference in an AIS packet can impersonate any oth- terrorists, foreign or domestic, and na- avoiding collisions such as the Rick- er AIS device. tion states can easily broadcast an AIS mers Dubai. There is a growing amount • Lack of integrity checks: AIS signal to cause confusion in a waterway of accidents and near misses by naviga- messages are transmitted in an unen- which can result in devastating conse- tion of? cers utilizing AIS tracking of a crypted and unsigned form; this makes quence. target, without the appropriate ARPA it simple for an interloper to intercept

Why is a disruption to the AIS unit tracking, in determining the risk of a and/or modify transmissions. so terrifying? Recent trends have been collision. This is not only bad seaman- highlighted in ship collisions show- ship, but against the International Con- An experiment conducted by Dr. Kes- ing a reliance on AIS. On 11 January vention on the Prevention of Collisions sler demonstrated the vulnerability in 2014 the multi-purpose vessel Rickmers at Sea. the system. Using previously recorded 48 Maritime Reporter & Engineering News • November 2020

MR #11 (34-49).indd 48 11/9/2020 11:23:00 AM