49
Winter 2014 – 2015 Proceedings
www.uscg.mil/proceedings
AIS misuse could have a negative
impact to maritime safety, such as
obscuring the location and identif-
cation of a vessel involved in a search
and rescue mission.
Incidents
Criminals have attempted to evade
law enforcement by misusing the
Automatic Identifcation System. In
April 2010, an Argentinean Coast
Guard vessel intercepted a fishing
vessel illegally operating one mile
inside Argentina's exclusive eco-
nomic zone. The vessel attempted to
evade the Argentinean Coast Guard
by sailing into international waters
and disconnecting its AIS equip-
ment.
2
In anot her example, researchers
associated with a software and cloud
computing security company dem-
onstrated how an adversary could
hijack AIS information and perform
attacks that enable them to turn the
tracking system into a liability by "spoofng" information
going from a ship's AIS to online tracking services.
3
This
type of control can allow a bad actor to change a vessel's
reported location and alter characteristics, including size,
type, origin, or even cargo.
Mitigation
While most mariners know about and tolerate AIS vulner-
abilities, possibly the best way to mitigate most of its vulner-
abilities is to use more than one system to identify vessels.
For example, long-range identifcation and tracking (LRIT) is
a maritime security system that utilizes more secure trans-
mitters — as opposed to AIS — which serves primarily mari-
time safety purposes. When mariners use both LRIT and
AIS in conjunction, anomalies become more apparent that
could indicate criminal or adversarial compromise of either
system.
Moreover, the U.S. Coast Guard uses the authoritative ves-
sel identifcation service to collect data from many different
databases to verify a vessel's identifcation. This method
helps identify erroneous data or anomalies. Also, time dif-
ference of arrival is another possible mitigation technique
that could more closely authenticate vessel location, by cal-
culating the time it takes for a single AIS transmission to
reach multiple land-based antennas.
Finally, even though AIS's network, transmitters, and com-
mercial websites that display its data are all vulnerable,
mariners can mitigate vulnerabilities by using multiple sys-
tems/techniques to validate their ship's location and iden-
tify ships in close proximity.
About the author:
LCDR Allison Middleton is the Intelligence Division chief at Coast Guard
Cyber Command. LCDR Middleton has served in the USCG in a variety of
operational, training, and intelligence billets since her 2003 graduation from
the U.S. Coast Guard Academy. She has an M.A. in intelligence analysis,
an M.S. in human performance improvement, and an M.E.D. in curriculum
and instruction.
Endnotes:
1.
The Guys Who Can Make Oil Tankers Disappear, Virtually. ABC news, October 2013.
Available at http://abcnews.go.com/Blotter/guys-make-oil-tankers-disappear-
virtually/story?id=20565851.
2.
Argentine Coast Guard Arrest Korean Jigger for Illegal Fishing. Merco Press, April 30,
2010.
3.
ABC news.
Bibliography:
Researchers highlight security vulnerabilities in ship tracking system. Dark Reading,
Oct. 13, 2011.
Vulnerabilities Discovered in Global Tracking System. Washington, DC: Department of
Homeland Security, Weekly Analytic Synopsis Product, Oct. 18, 2013.
The Truth about AIS Spoofng: Web-Based Tracking Vulnerable, but… . Written by Jeff
Robbins, PassageMaker, Oct. 27, 2013. Available at www.passagemaker.com/articles/
trawler-news/the-truth-about-ais-spoofng-web-based-tracking-vulnerable-but/.
Image courtesy of U.S. Coast Guard NAVCEN.
AIS Operational View