Shipboard ECDIS Cyber Security

Boris Svilicic,Mateo Doričić,Igor Rudan,Vlado Frančić

doi:10.31217/p.33.2.7

Boris Svilicic, Mateo Doričić + Show 2 more

Open Access

https://doi.org/10.31217/p.33.2.7

Copy DOI

Journal: Pomorstvo	Publication Date: Dec 19, 2019
Citations: 12	License type: cc-by

Affiliation: University of Rijeka

Abstract

The Electronic Chart Display and Information System (ECDIS) plays a central role in safe navigation of ships. The ECDIS is basically a software package running on a general operating system that could be comprised of the third-party components. This paper presents an analysis of cyber security weaknesses of a shipboard ECDIS raising from the ECDIS software’s third-party components. The analysis is based on the cyber security testing of the shipboard ECDIS using an industry vulnerability scanner. Detected vulnerabilities are analysed regarding the protection measures implemented on the ship. The results suggest that even the type approved ECDIS system with maintained ECDIS software and the underlying operating system could be vulnerable due to weaknesses in the ECDIS software’s third-party components.

Highlights

The Electronic Chart Display and Information System (ECDIS) has significantly changed the ship navigation by providing real-time navigational information and reduction of workload from paper charts (Brčić et al, 2019), and enhancing the efficiency and safety
The ECDIS is basically a software package running on a general operating system that could be comprised of the third-party components
The analysis is based on the cyber security testing of the shipboard ECDIS using an industry vulnerability scanner

Summary

Introduction

The Electronic Chart Display and Information System (ECDIS) has significantly changed the ship navigation by providing real-time navigational information and reduction of workload from paper charts (Brčić et al, 2019), and enhancing the efficiency and safety. The ECDIS development for about three decades into the complex computer-based system has raised a need to protect the safe navigation from cyber threats (Svilicic et al, 2019a; Tam and Jones, 2019; Svilicic et al, 2019b; Hareide et al, 2018; Kessler et al, 2018; Lee et al, 2017). The ECDIS is basically a software package with standardized functionality by IMO performance standards (IMO, 2017c), which is running on a general operating system from a different manufacturer than the system itself. It has been shown that the ECDIS underlying operating system is a source of major cyber threats (Svilicic et al, 2019b; Svilicic et al, 2019c).

Shipboard ECDIS

Third-party components Allows for the exploitation of well known

Results and discussion

Conclusion