The threat of cyber attacks within the marine sector has intensified over the past few months, according to the International Maritime Bureau (IMB).

The IMB has called for vigilance and said that cyber criminals are increasingly targeting carriers, terminals, ports and transport operators.

In a statement it said that although more sophisticated IT systems have helped companies to better protect themselves against fraud and theft it has also left them more vulnerable to cyber attacks.

Earlier this year, NCC Group's research team discovered several weaknesses within an Electronic Chart Display and Information Systems (ECDIS) demo product, which enabled them to access and modify ECDIS files and insert malicious content.

If exploited in a real scenario, these vulnerabilities could cause serious environmental and financial damage. 

Yevgen Dyryavyy, security consultant at NCC Group, said that access to ECDIS on vessels is somewhat restricted, but this should not be used as a sole defence mechanism.

"An ECDIS could still be accessed through a USB stick or an online chart update or even sensor compromise or other systems that's connected to the vessel's local area network." 

Dyryavyy continued: "ECDIS developers should adopt Security Development Lifecycles and rigorous testing as this software will soon become standard for ships all over the world so security needs to be prioritised very quickly."

The International Maritime Organisation is currently implementing regulations which require ECDIS to be installed on all commercial vessels, with the aim of replacing the use of paper nautical charts over the coming months.

Download the whitepaper here

Preparing for Cyber Battleships - Electronic Chart Display and Information System Security

Related articles

New research reveals maritime cyber security dangers

distributed by