FAQ: Automatic Identification Systems (AIS), its Benefits and Threats

In early 2015, the U.S. Coast Guard amended existing rules regarding the use of Automatic Identification Systems (AIS), mandating that owners and operators of commercial vessels operating in U.S. waters install the system by March 1st, 2016. The new AIS rule is estimated to affect around 10,000 vessels, all of which are required to have an AIS device, which provides real-time routing information and handles data exchanges with other equipped vessels and shore-based facilities.

The edict now affects commercial vessels that exceed 65 feet in length. In the past, commercial fishing vessels that exceed the mentioned length requirement were exempted in the rule but were now added to the 2015 directive. Commercial vessels that are more than 65 feet long and are carrying less than 150 passengers are also now required to adhere to the mandate.

According to Jorge Arroyo, AIS regulatory project officer for the Coast Guard, “AIS is probably the most beneficial piece of safety equipment you can have on the water today.” He adds, “Its primary purpose is collision avoidance. It allows you to know and contact the people aboard the other vessel and find out what they intend to do and what their status is.”

However, officials believe that mariners have already adopted this prior to the implementation deadline. In an interview, South Florida tournament captain George Mitchell said, “Regardless of whether the government requires it, a lot of private companies require it, and insurance companies can require it for safety purposes.”

With the new ruling of the U.S. Coast Guard already in effect, this now covers close to 80 percent of marine vessels in the U.S. commercial fleet alone. Much like how researchers have uncovered security loopholes in smart car technology, it has to be considered that this advancement in maritime technology will similarly have its share of vulnerabilities.

View research: A Security Evaluation of AIS

In the research paper A Security Evaluation of AIS , Trend Micro security researchers provided an overview of AIS, its functions and operations, as well its benefits. It also pointed out attack possibilities and security issues that may arise with the use of these systems by introducing threats that affect both its online implementation and specifications in its protocol.

When it comes to AIS, we look at how the introduction of this system serves as a boon in maritime communications and safety—and how such systems could also be compromised.

What is AIS?

Automatic Identification System (AIS) is a system that provides real-time information such as tracking and monitoring for ships and other machine vessels designed to improve maritime safety.  

How does it work?

AIS functions primarily by acquiring Global Positioning System (GPS) coordinates and exchanging real-time with ships and maritime authorities through the use of radio transmissions. AIS information includes, but is not limited, to ships’ positions, identity, type, position, course, speed, and other navigation information.

What are the benefits of AIS?

AIS provides a lot of benefits in terms of traffic monitoring and vessel assistance.  Ship owners and maritime authorities greatly rely on AIS to supplement information acquired from traditional radars for location tracking and is used to detect and avoid vessel collisions. Since its introduction in 2002, AIS has been installed in 300,000 vessels on a global scale, set up to monitor marine traffic and improve safety. AIS has also been proven to be instrumental in accident investigation and search-and-rescue (SAR) operations.

The reliance of ship owners and maritime authorities on AIS has given it a very important—if not downright critical—role in terms of ensuring maritime traffic safety. However, this same importance has led our researchers to scrutinize how cybercriminals might target this system.

What threats have been found?

In the study conducted by Trend Micro threat researchers, three major categories of threats have been determined to potentially impact maritime safety when exploited: spoofing, hijacking, and availability disruption. The threats were then categorized under software- or radio frequency (RF)-based threats, or both.

[More: Threats at Sea: A Security Evaluation of AIS]

Software-and RF-based threats

• Ship spoofing creates a valid but nonexistent vessel in the area, done by assigning static information like ship name, identifiers (MMSI and call sign), flag, ship type, manufacturer, and even dimensions like ship status, position, speed, course, and destination to the fictitious ship.

This kind of attack presents an array of malicious attack scenarios, such that it could make it appear like a particular vessel is entering enemy borders to cause conflict. That said, this type of threat could cause issues for automated systems identifying data and making inferences based on collected information from AIS.

Software-Based AIS Threats

To provide data to online providers, AIS installations on ships essentially require software. AIS providers collect data by sending preformatted emails, mobile apps and forwarding software such as AIS Dispatcher. The problem lies in their implementation. Close analysis showed that these providers do not vet sources nor do they check if such messages were from the vessels that claimed to have sent them. There are also no means to authenticate the AIVDM senders—a weakness that can be exploited to send spoofed messages and stage man-in-the-middle attacks.

RF-Based AIS Threats

• CPA spoofing: Closest point of approach (CPA) spoofing involves faking a possible collision with a target ship. Naturally, this could trigger a CPA alert which could be perilous to a moving vessel. This could drive a vessel off-course, endangering it by causing it to hit an obstruction or run aground during low tide.
• AIS-SART spoofing: One of the most important benefits of using AIS is to aid in search-and-rescue operations. SARTs, on the other hand, help detect and locate vessels and people in distress. AIS-SART spoofing involves generating false distress beacons to gain the attention of the target, and could be done to direct the vessel into hostile waters or areas controlled by pirates.
• Faking weather forecasts: Faulty weather forecasts could prove to be dangerous to any maritime vessel. The AIS also receives dynamic data that could reflect a shift in the weather. It was also discovered that it was possible to communicate false updates to authorities using AIS.

How can ship operators and mariners be protected against threats on AIS?

Exploring real-world attacks and scenarios have led to the proposal of possible mitigation strategies that could provide an extra layer of protection to vessels that use AIS. These include:

• Anomaly detection: Applying anomaly detection techniques can be used to detect suspicious activity based on the collected data by the AIS. Unexpected changes in vessel routes and static information can be spotted through this technique. While this strategy could prove to be valuable, transponder installations on vessels may remain vulnerable to RF-based threats like availability disruption and SART spoofing.
• X.509 public key infrastructure (PKI): Adopting a PKI schema in the AIS protocol used in RF communications. X.509 is a well-known PKI standard that issues digital certificates through official national maritime authorities that could stand as certification authorities. This authenticates messages exchanged by stations.