# Fake News



## callpor (Jan 31, 2007)

Yesterday the BBC published the following report at https://www.bbc.co.uk/news/technology-44397872 . It was repeated later in the day by multiple news channels.

It is worth reading the detail. Being a simple sailor, would appreciate comments from SN experts who have greater knowledge of this subject than I do. I think it warrants the title of "fake news"?

All my recent experience making short (3-8 day) voyages on a wide variety of vessels brings me to the following conclusion.

Technically total rubbish. I am very surprised that the BBC published this total cr-p before checking the technical veracity.

The only statement that was correct is “(cyber) security on board ships is often dire”.... but it is getting better by the day.

ECDIS (the Electronic Chart Display Information System) which is now the mandated primary navigation system on most vessels, providing that they are equipped with two totally independent systems with separate power supplies. ECDIS has no connection with any form of communication to/from the .vessel. The e-charts (ENC’s) are updated using dedicated memory sticks that are encrypted and generally the connection is locked. Up dates, of course are downloaded onto a dedicated computer linked to the satcom systems. Any corrupted feed would be instantly identified when the download memory stick is inserted into the ECDIS equipment. 

ECDIS does not feed the AIS! The AIS information can be fed to the ECDIS display, if desired. It is standard navigational practice not to rely on AIS imput to ECDIS for collision avoidance. Collision Avoidance is electronically managed on another separate function within the ship’s radar, called ARPA (Automatic Radar Plotting Aid) for details see https://en.wikipedia.org/wiki/Automatic_radar_plotting_aid .

The people at the University of Plymouth's Maritime Cyber Threats research group, were being kind to Mr Munro and his lack of competence to comment on this subject. He and his company Pen Test Partners clearly know very little about the electronic and communications systems onboard most seagoing vessels and even less about the cyber security measures that are built into the kit. It is very robust and most unlikely to be penetrated as he states. Munro’s suggestion that the vulnerability could be exploited to block the English Channel, is absolute rubbish and just shows his ignorance. He’s just trying to get a headline, and the BBC in their ignorance gave him one.

Unfortunately too many ill-informed IT technical people are getting involved in maritime digital developments, particularly employed by equipment manufacturers who lobby IMO the global regulatory body. It is happening at the moment in respect to autonomous ships? Many of the current proposals being submitted to IMO for consideration display the ignorance of these people to how vessels operate and the conditions they inevitably experience over long voyages. 

Captain Chris Allport, FNI


----------



## James_C (Feb 17, 2005)

There are plenty of ships out there where standard memory sticks are in use rather than anything encrypted - less faff factor involved.
Some bridge equipment manufacturers have their AIS setup as part of the Radar fit, i.e. you have to use the radar screen/PC to setup AIS - SAM of Hamburg being an example. On passenger ships in particular it is not unknown for these systems to be directly linked to a satellite for the purposes of monitoring/random downloads by those ashore in head office.
Saying all that, there are still plenty of ships out there also where they have an ECDIS fitted (to meet the regs) and where the primary means of navigation is still by paper chart. In some cases this is on grounds of cost but in others it's because there is a reluctance to dispense with paper charts, this being partly to ensure there's a backup available but also to ensure some form of navigational skills are retained - my current and previous two employers certainly fit in that bracket.


----------



## Farmer John (Feb 22, 2012)

In my experience, any technical matter that is reported in the press that refers to an area of your expertise is reported as if by Gnomes with a poor grasp of any terrestrial language. Nouns used as verbs, quantities being completely mis-applied and such sorts of problems.

Should I post this under the grumpy label?


----------



## Mad Landsman (Dec 1, 2005)

Just wait until the Daily Wail gets the story - They are experts at being non-experts. Just pick out the hype and print it without checking, using inappropriate CAPITAL letters to maximise click bait.


----------



## Bill.B (Oct 19, 2013)

Whilst I see many ships that have only a feed from the AIS to the ECDIS there are a lot that have two way communication from the ECDIS to the AIS. SAM were the first I saw where the AIS was part of the radar and the AIS had no separate control head. A few ships I see to have a dedicated USB stick for ECDIS updates while others go the Chartco, Navtor direct download via satcom/VSAT. There is always the possibility a virus can be introduced via shore service and my company has strict policies on that. That goes for radars/chart radars as well.


----------



## callpor (Jan 31, 2007)

Bill.B said:


> Whilst I see many ships that have only a feed from the AIS to the ECDIS there are a lot that have two way communication from the ECDIS to the AIS. SAM were the first I saw where the AIS was part of the radar and the AIS had no separate control head. A few ships I see to have a dedicated USB stick for ECDIS updates while others go the Chartco, Navtor direct download via satcom/VSAT. There is always the possibility a virus can be introduced via shore service and my company has strict policies on that. That goes for radars/chart radars as well.


Bill B; I've made many short voyages on modern vessels over the past several years all of which have been fitted with ECDIS, some of them being type approved installations and most use Chartco/Jepsens for ENC's. Not one has had a direct feed connection for Satcom downloads, all use a memory stick transferring via a dedicated bridge PC, which maintains the chart and nautical publications inventory. This PC is connected to the Satcoms. Brgds, Chris


----------



## callpor (Jan 31, 2007)

James_C said:


> There are plenty of ships out there where standard memory sticks are in use rather than anything encrypted - less faff factor involved.
> Some bridge equipment manufacturers have their AIS setup as part of the Radar fit, i.e. you have to use the radar screen/PC to setup AIS - SAM of Hamburg being an example. On passenger ships in particular it is not unknown for these systems to be directly linked to a satellite for the purposes of monitoring/random downloads by those ashore in head office.
> Saying all that, there are still plenty of ships out there also where they have an ECDIS fitted (to meet the regs) and where the primary means of navigation is still by paper chart. In some cases this is on grounds of cost but in others it's because there is a reluctance to dispense with paper charts, this being partly to ensure there's a backup available but also to ensure some form of navigational skills are retained - my current and previous two employers certainly fit in that bracket.


Jim,
I wish all the ships I ride for check voyages had some paper charts, as I get lost on ECDIS! The latest trend I have found on vessels with IMO type approved twin ECDIS installations is to have a dedicated laptop loaded with a global set of ENC's as their "get me home" backup. Chris


----------



## Bill.B (Oct 19, 2013)

I was speaking from experience Callpor. I work about 3-4 ships a week and see a lot. I agree with you that ECDIS has a lot of drawbacks. The screen size always seems too small no matter how much you zoom in or out. A paper chart is much easier for me to deal with. Most night time screens I have seen are horrible and if they have all the marks on is just a mess of symbols. Add AIS targets and radar overlay the screen fills up pretty quickly. At least the latest IMO requirement has helped alleviate the cocophany of alarms ECDIS generates. I am fully aware of the benefits of ECDIS for enabling the second mate time to do other things. Route planning and updates are a great improvement. I am hearing from a lot of seafarers that they still like to have access to paper charts but we see quite a few paperless vessels. Have also had a couple that came in with both systems out. 
Navtor system comes through the SAT/VSAT and depending on ECDIS via a gateway. Transas being one that uses a gateway. However as we have seen if someone invented it someone can hack it. In a Transas system the operator can, using the ECDIS keyboard, select his route, make up a file of that route send it straight from the ECDIS to Transas and get back in a very short time the necessary permits to open up that route, providing they are in credit, so there is a path both out to land and in from land to the ECDIS which can be exploited. From experience I have found bridge computers to be very dirty machines. On one ship I found 800+ infections of a virus called "FUjack" on the satcom connected bridge PC. When they tried to use it the PC made a raspberry sound and the DVD drawer shot out. The masters laptop had over 400 infections. Crews will bring onboard pirated videos and music plus work programs and all have the capability to carry infections. The above mentioned vessel could not clean up their system using a major Antivirus brand. I had to find a little known brand of antivirus software that the virus did not recognize to clean the drives and start over again. 
After an ECDIS installation I always advise to use email and USB to update charts but invariably am asked if there is a simpler way using direct connection automatically.


----------



## callpor (Jan 31, 2007)

Bill.B said:


> I was speaking from experience Callpor. I work about 3-4 ships a week and see a lot. I agree with you that ECDIS has a lot of drawbacks. The screen size always seems too small no matter how much you zoom in or out. A paper chart is much easier for me to deal with. Most night time screens I have seen are horrible and if they have all the marks on is just a mess of symbols. Add AIS targets and radar overlay the screen fills up pretty quickly. At least the latest IMO requirement has helped alleviate the cocophany of alarms ECDIS generates. I am fully aware of the benefits of ECDIS for enabling the second mate time to do other things. Route planning and updates are a great improvement. I am hearing from a lot of seafarers that they still like to have access to paper charts but we see quite a few paperless vessels. Have also had a couple that came in with both systems out.
> Navtor system comes through the SAT/VSAT and depending on ECDIS via a gateway. Transas being one that uses a gateway. However as we have seen if someone invented it someone can hack it. In a Transas system the operator can, using the ECDIS keyboard, select his route, make up a file of that route send it straight from the ECDIS to Transas and get back in a very short time the necessary permits to open up that route, providing they are in credit, so there is a path both out to land and in from land to the ECDIS which can be exploited. From experience I have found bridge computers to be very dirty machines. On one ship I found 800+ infections of a virus called "FUjack" on the satcom connected bridge PC. When they tried to use it the PC made a raspberry sound and the DVD drawer shot out. The masters laptop had over 400 infections. Crews will bring onboard pirated videos and music plus work programs and all have the capability to carry infections. The above mentioned vessel could not clean up their system using a major Antivirus brand. I had to find a little known brand of antivirus software that the virus did not recognize to clean the drives and start over again.
> After an ECDIS installation I always advise to use email and USB to update charts but invariably am asked if there is a simpler way using direct connection automatically.


Bill, You obviously have a lot more experience with this kit than me and can respond to the BBC article more appropriately? The dual Transas ECDIS on the last ship I rode last month were new and ENC permits were inserted using a USB memory stick. Recognising that the "dedicated" bridge computer linked to the Satcom for nav. publications, chart inventory and ENC permits was the weak link I checked the cyber protection. From delivery the Master had introduced a rigorous system of password protection which appeared to be respected by the OOW's, but as you say, this box is open to abuse and will probably not remain virus free for long, but due to abuse by those onboard. The likelyhood of a hack through the satcom is unlikely?


----------

