A shipping cybersecurity expert has warned that many of the Electronic Chart Display and Information Systems (ECDIS) that ships use are “simple” enough to disable, exposing the vessels to numerous operational risks.
An ECDIS is a geographic information system used for maritime navigation. These systems display information from Electronic Navigational Charts, and combine it with other data gathered by sensors such as radar, depth sounders, automatic identification systems, and more.
Celebrate excellence in insurance. Join us at the Insurance Business Awards in Chicago.
Speaking at the Singapore Registry of Ships Forum, American Bureau of Shipping (ABS) director of cyber security Paul Walters demonstrated how an ECDIS could be easily shut down by plugging a phone into charge on the computer on which the system is being run.
Walters said that the shutdown happened because the ECDIS looks for drivers for the phone. Since the system cannot find drivers for the phone, it shuts down.
“And they are very difficult to get back, and that has to do with software quality,” Walters said. He also pointed out that many of the ECDIS platforms run on the outdated operating system Windows XP.
The ABS has recommended countermeasures to block the ports and prevent unsupported devices from being mistakenly plugged into the ECDIS. These measures, which can be easily purchased online or in computer hardware stores, can stop crew from carelessly charging their phones or vendors from plugging their USB devices without checking with the crew.
Insurance Marine News has additionally recommended that those ship operators looking to update their ECDIS charts should download the encrypted files on a USB stick made especially for the process. The stick should be checked for any malware before use.
Related stories:
ICS & CMI encourage maritime treaty ratification
IUMI: Shipping is a “moving target” for cyber risks