Proceedings magazine is a communication tool for the Coast Guard's Marine Safety & Security Council. Each quarterly magazine focuses on a specific theme of interest to the marine industry.
Issue link: http://uscgproceedings.epubxp.com/i/436751
48 Proceedings Winter 2014 – 2015 www.uscg.mil/proceedings Cybersecurity of Maritime Critical Infrastructure Exploiting Weaknesses However, the system has vulnerabilities that bad actors can exploit. Criminals or other adversaries can use these weak- nesses to create fctitious vessels, make vessels "disappear," or change a ship's location or characteristics. 1 These tricks may allow bad actors to evade law enforcement or national security measures to smuggle drugs, money, or even weapons of mass destruction. Even the unintentional Ships use the Automatic Identifcation System (AIS) to iden- tify and track other ships to prevent a collision, provide vessel description, information on the next port of call, and such. AIS also aids vessel traffc services, provides maritime domain awareness, supports search and rescue tracking, enables feet monitoring, allows aids to navigation location transmission, and can assist in mishap investigations. Hide and Seek Managing Automatic Identifcation System vulnerabilities. by LCDR allisOn MiDDleTOn Intelligence Division Chief U.S. Coast Guard Cyber Command AIS Vulnerabilities AIS Websites AIS websites rely on the Internet to transmit information to commercial websites and to the U.S. Coast Guard. However, commercial providers do not always use the best information security techniques to protect their data. Therefore, displayed information is only as secure as the network it is connected to. If someone or something compromises the network, much of the legitimate data sent to the commercial providers could be altered, including position, course, cargo, fagged country, speed, name, and Mobile Maritime Service Identity status. A network intrusion could also allow a criminal or adversary to create a fake vessel with the same details in another loca- tion. Aids to navigation information is also displayed on these commercial sites, and a cyber attack into a network could allow an adversary or criminal to change the location and other iden- tifying information related to an aid to navigation. Radio Frequency Transmissions AIS radio frequency (RF) transmissions are not secure. There are no validity checks, timing checks, or authentication. Therefore, spoofng Automatic Identifcation System RF transmissions is possible, but it requires the bad actor to purchase an AIS base station, develop an original AIS transmitter, or exploit an existing transponder and control it to transmit unauthorized messages. Therefore, criminals or adversaries could take advantage of the lack of secure transmissions to disable an AIS system on a vessel; trigger a distress beacon that will also trigger alarms on all vessels within approximately 50 km; or create a fctitious collision warning alert. The last scenario is probably the most troubling, because some vessels have software that will auto- matically recalculate and change their course, based on collision alerts. Denial of Service AIS is also vulnerable to a "denial of service" attack (an interrup- tion in an authorized user's access to a network, typically one caused with malicious intent). Insecure RF signals could allow a criminal or adversary to spoof an AIS signal that would cause all ships to send AIS information much more frequently, which would result in a denial of service attack on all vessels in close proximity.