ECDIS should be protected to avoid potential cyber breaches
11/06/18 https://safety4sea.com/ecdis-should-be-protected-to-avoid-potential-cybe...
ECDIS is possible to be hacked, causing confusion regarding the size and the location of vessels, in order to trigger other ships' collision alarms. This could possibly block the English Channel, even though such a consequence is high unlikely.
Namely, BBC reported that Ken Munro, Pen Test Partners, said that ECDIS could possibly be hacked, confusing the the location of its GPS. Such an action could also show that a ship is bigger than its real, but this would be obvious to others.
If such a development takes place, the English Channel could possibly shut down. The University of Plymouth's Maritime Cyber Threats reviewed some of the details Mr. Munro noted, and mentioned that even though what Mr. Munro said could happen, reaching the worst case scenario is extremely unlikely.
Moreover, Dr. Tim Crichton said that the Channel Navigation Information Service, which monitors the traffic in the area, would intervene timely if AIS collision warnings contradicted radar readings and what deck officers see. Nevertheless, a member of the Channel Navigation Information Service said that what Mr. Munro noted should not be ignored.
In order to avoid this from happening, operators must use strong passwords and make sure that they have installed the latest software patches. In addition, the UK's National Cyber Security Centre (NCSC) has published the guide "Code of Practice Cyber Security for Ships," which can be proven helpful.
The report says that it is necessary for a ship to have appropriate measures that may be used in case of an incident to reduce its impact on the ship's operations and aid recovery. These are likely to include:
Incident response plans, which include liaison, where appropriate, with UK Law Enforcement, the UK's National Cyber Security Centre (NCSC)1, UK CiSP, DfT and Action Fraud2;
Communication plans to reassure and inform stakeholders, during and after any incident or breach, as well as handling any third party, regulator, media or public interest issues;
Risk assessment and mitigation plans to enable the impact to be assessed over both the short and medium to longer terms;
Disaster recovery and business continuity plans which are able to afford the same level of security for the ship data as the processes and systems in use on a day to-day basis.
Furthermore, consideration has to be given to when and how forensic evidence will be preserved to help in any investigation into the cause of the event or the perpetrators. Where evidence collection is for law enforcement purposes it should comply with the relevant national guidelines.
You can see the full report in the PDF (https://safety4sea.com/wp-content/uploads/2018/06/UK-National-Cyber-Secu...)