Since May 2019, the U.S. authorities have recorded numerous unlawful activities in the region. In two of those cases, GPS interference occurred at the same time as other suspicious events.

Translink is the company’s connected ECDIS solution, which combines traditional ECDIS hardware and software with an encrypted network link to shore. This connectivity enables, among other things, route optimization and improved exchanges between the vessel and the shipowner.

The DNV GL certification scheme was recently updated (March 2020), and the corresponding document can be found here.

For vessels, these scenarios may include:

• attempts to spoof or jam positioning or communication systems, either directly targeting the vessel or affecting its surrounding environment
• malfunctions or loss of availability of ECDIS navigation systems, even though these systems are often deployed with redundancy
• the transmission of false safety information to vessels (GMDSS alerts, AIS data, weather information, etc.)
• intrusions targeting onboard industrial control systems, including propulsion, navigation, or cargo management systems
• the remote takeover of a vessel or part of its systems
• the partial or complete encryption of onboard information systems through ransomware attacks

Ports are also exposed to similar risks, including:

Apparently, we are no longer supposed to adopt an alarming tone, so let us try to analyze it calmly.

The company, which operates in the United Kingdom and the United States, conducts penetration tests at the request of its clients on different types of ships. In their article, they explain that each time they perform such work, they manage to identify information systems that few — sometimes none — of the crew members know about, or whose purpose they do not understand. This may seem surprising. However, there can be explanations (which the article does not highlight, preferring — somewhat excessively in my view — the buzz). Here are a few possible explanations:

In this article, I explain in more detail what a maritime information system is, attempting to classify them as clearly as possible.

Maritime information systems can refer to different types of infrastructure:

• ships:
  • merchant vessels
  • warships
  • recreational vessels
  • fishing vessels
  • scientific / hydro-oceanographic / fisheries research vessels
  • barges
• ports and naval infrastructures:
  • container loading/unloading systems, smartports, logistics systems
  • Port and Cargo Community Systems
  • cranes and gantries
  • dock and basin management systems
  • locks
  • pipelines
• other onshore facilities:
  • maritime informatics of signal stations, MRCC (Maritime Rescue Coordination Centers), ship command and management centers
• offshore installations:
  • drilling platforms
  • Marine Renewable Energies (MRE): wind turbines, tidal turbines…

Next, to make things easier to understand, I tend to divide systems into two major families: “IT” systems (Information Technology), which are fairly similar to what can be found in other sectors, and “OT” systems (Operational Technology), which, to simplify, could be described as “operational systems”, more specific to the maritime information domain.