By selecting UK flag, you have now set your site language to English. If you'd like to change your language preference again, simply click on one of the other flags.

Close

こちら Japan flag を選択して頂くと、言語設定が日本語に切り替わります。設定変更後は以下の機能が利用可能です。

  • 日本語版ウェブサイトへのクイックアクセスが可能となり、日本語の刊行物をご覧頂けます。

  • 日本語版が閲覧可能な刊行物や記事については、日本語が優先表示されます。表示言語については Japan flag をご参照下さい。

閉じる 言語設定を切り替えたい場合には、国旗のマークをクリックして下さい。

By selecting Japan flag, you have now set your language to Japanese. This has several benefits, including:

  • Providing quick access to our Japan page, which collates all our Japanese content in one place.

  • Ensures that content is presented to you in Japanese first, if we have an article, publication or webpage available in Japanese. Look out for the Japan flag indicators across the site.

Close If you’d like to change your language preferences again, simply click on one of the other flags.

点击选择 China flag,可将网站语言设置为中文。这能帮助您:

  • 快速访问我们的中国区页面,该页面将有网站内容的中文汇总。

  • 在我们的文章、出版物或者网页有中文版本提供的情况下,确保首先向您展示的是中文版本的内容。您可关注站点上的 China flag 按键。

关闭 点击任意其他国旗,可切换您的语言偏好。

By selecting China flag, you have now set your language to Chinese. This has several benefits, including:

  • Providing quick access to our China page, which collates all our Chinese content in one place.

  • Ensures that content is presented to you in Chinese first, if we have an article, publication or webpage available in Chinese. Look out for the China flag indicators across the site.

Close If you’d like to change your language preferences again, simply click on one of the other flags.

ECDIS Cyber Security

The risk of cyber-attacks is ever present across all industries and sectors.

The IMO has recognised the threat of cyber-attacks in the marine industry and will require ship operators to consider cyber risk management as a part of their safety management system. This will include a cyber security assessment which should be done no later than the first annual inspection of the company’s Document of Compliance after 1 January 2021. In this article we look specifically at some vulnerabilities associated with ECDIS systems.

Bridge Systems and ECDIS

Amongst the many systems that must be considered within this assessment is the bridge navigation equipment. Equipment such as ECDIS that receives frequent updates to its chart catalogue and its software make it high risk. It may also be possible for anyone on the bridge to plug their own device into the ECDIS via a USB port.

How is ECDIS Vulnerable?

Ship operators will need to initially identify any vulnerability to their vessel’s cyber security. In the case of ECDIS this can include: Interfaces with shore side systems. This type of interface is often used to conduct software updates remotely. The ECDIS can also be interconnected with other navigation systems, such as GNSS and ARPA. This can make the system vulnerable to a virus spread between platforms. Control of removable media such as

USB drives and CD which are commonly used on ECDIS to install updates to the ENC’s, the permit files and software.

Any removable media sources must be checked to ensure they are free from malware. Any breach of ECDIS security could result in ECDIS sensor data being manipulated with unreliable information displayed to the officer of the watch. It could even mean a total loss of the ECDIS and any equipment on its associated network.

Assesment and Detection

The team conducting the assessment should identify the likelihood and impact of a potential breach, and put in place measures in the ship’s management system to ensure these threats do not become a reality. The measures put in place should mean that any threats are detected before they become an issue. For example, if an update to the ECDIS means using removable media, such as a USB drive, then checks on the content should be run prior to using the drive. Access to the ECDIS to conduct updates should be limited to as few people as possible as a way of protecting equipment.

When You’ve found a Threat!

The procedures put in place to protect the vessel should include responses to a detected threat. The IMO Guidelines on cyber security advise that a team should be established, and a recovery plan put in place, to take the correct steps to restore systems such as ECDIS to a safe working condition.

Help is at Hand

All activity on the ECDIS should be logged and accurate records maintained. This now includes the steps taken to avoid cyber threats to the ECDIS. To assist with this, the United Kingdom Hydrographic Office (UKHO) has updated its publication NP133C ENC and ECDIS Maintenance Record to include a section on cyber risk management.

The cyber risk checklist contained in the publication allows the crew to conduct a risk assessment when updating their ECDIS, as well as keeping an accurate record of the steps they have taken in line with their company’s cyber security procedures.

The checklist outlines the steps that the crew should take when updating their ECDIS:

 

The ADMIRALTY ENC and ECDIS Maintenance Record (NP133C) is designed to help mariners demonstrate compliance with IMO regulations during Port State Control inspections, with easy-to-use checklists and templates to record ECDIS annual performance checks and software maintenance.

Find Out More

Protecting ECDIS is just one small piece of the cyber security jigsaw puzzle. For more information on cyber security for shipping please visit the Cyber Security Insights area of our website: www.nepia.com/cyber-security.

Author: John Southam

This website, www.nepia.com, is now in archive and will not be updated with new content. The website will remain accessible for a short time as we complete the transfer of relevant content to the new NorthStandard website (north-standard.com).

If you would like to access the ECDIS training assessment app (ETA), you can still register for app access via MyNorth.

Please head to north-standard.com for the latest industry news, expert analysis and publications, club rules and contacts, and access to our newly launched digital tools specifically designed to support your operations.

TAKE ME TO NORTH-STANDARD.COM