Paperless ship navigation: cyber security weaknesses

Maritime transportation is backbone of globalized trade and the manufacturing supply chain as nowadays more than four fifths of world merchandise trade by volume is carried by ships. Safe navigation of ships of today depends heavily on cyber-physical systems, of which the central is the Electronic Chart Display and Information System (ECDIS). The paperless ship navigation is allowed when the type approved ECDIS with official electronic navigation charts acts as an independent backup for the primary system. In this paper, we present an analysis of cyber security weaknesses of the paperless ship navigation that relies on two internetworked ECDIS workstations in the backup arrangement. The method of analysis is based on cyber security testing of the ECDIS workstations with an industry vulnerability scanner tool. The detected vulnerabilities are analysed in the context of ECDIS backup arrangement and safeguards implemented on board the paperless ship. The obtained results suggest that the critical cyber threat vectors result from uncontrolled internetworking of unmaintained ECDIS workstations with identical hardware and software configurations.