An Attack on an Integrated Navigation System

Maritime cyber security is emerging as a field as reports of cyber attacks against computerized maritime systems have started arriving. Modern vessels are equipped with computerized systems for navigation employing the Global Positioning System (GPS), known as Integrated Navigation Systems (INS) and Electronic Chart Display and Information Systems (ECDIS). This paper describes a proof-of-concept attack on an INS and its integrated ECDIS, and reports on a demonstration of the attack on a vessel. The attack includes malware that acts as a man-in-the-middle intercepting and manipulating GPS coordinates. Furthermore, the paper discusses the feasibility of the attack, as well as countermeasures.

[1]  Logan Kugler Why GPS spoofing is a threat to companies, countries , 2017, CACM.

[2]  Mass Soldal Lund,et al.  Integrity of Integrated Navigation Systems , 2018, 2018 IEEE Conference on Communications and Network Security (CNS).

[3]  Marco Balduzzi,et al.  A security evaluation of AIS automated identification system , 2014, ACSAC.

[4]  Mass Soldal Lund,et al.  Enhancing Navigator Competence by Demonstrating Maritime Cyber Security , 2018, Journal of Navigation.

[5]  Luka Perkov,et al.  Social Engineering Toolkit — A systematic approach to social engineering , 2011, 2011 Proceedings of the 34th International Convention MIPRO.

[6]  Odd Sveinung Hareide,et al.  Scan Pattern for the Maritime Navigator , 2017 .

[7]  Robert E. Johnson,et al.  Survey of SCADA security challenges and potential attack vectors , 2010, 2010 International Conference for Internet Technology and Secured Transactions.

[8]  M. Angela Sasse,et al.  The true cost of unusable password policies: password use in the wild , 2010, CHI.

[9]  M. Angela Sasse,et al.  Users are not the enemy , 1999, CACM.

[10]  M. Angela Sasse,et al.  Pretty good persuasion: a first step towards effective password security in the real world , 2001, NSPW '01.

[11]  Eric Michael Hutchins,et al.  Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains , 2010 .

[12]  Eric Byres The air gap: SCADA's enduring security myth , 2013, CACM.

[13]  Oliver Fitton,et al.  The future of maritime cyber security , 2015 .

[14]  Kevin D. Jones,et al.  Threats and Impacts in Maritime Cyber Security , 2012 .