Raising the Standard of Maritime Voyage Data Recorder Security
Abstract
:1. Introduction
2. Current Technical Standards
2.1. IMO Requirements
2.2. IEC Standards
- access to any physical part of the system, except the data output interface, shall require the use of tools or keys
- any access to the final recording medium shall leave easily recognisable evidence of tampering, e.g., seals or stickers
- operation or any controls or keyboard keys, or any combination of these, shall not affect recording
- termination of recording shall only be possible by means of a key or other secure method
- recorded data shall be protected against unauthorised access by use of a password
3. VDR Security Vulnerabilities
“… designed such that malicious modification or deletion of electronically stored information by subjection to electromagnetic signals from commonly available electronic devices is not possible” [39]
3.1. Determining the Information Security Properties of a VDR
3.2. VDR Vulnerabilities
3.2.1. Confidentiality
3.2.2. Integrity
3.2.3. Availability
3.3. Summary
4. Raising the Standard
4.1. Components of VDR Security
4.1.1. Physical Security
4.1.2. Data Security
4.1.3. Cryptographic Methods for Integrity Checking
4.1.4. Password Security Policy
4.1.5. Update/Patch Policy
4.1.6. Incident Response and Management Plan
4.1.7. Security Training
4.2. Discussion
5. Conclusions
Author Contributions
Funding
Institutional Review Board Statement
Informed Consent Statement
Data Availability Statement
Acknowledgments
Conflicts of Interest
Abbreviations
AIS | Automatic Identification Systems |
CIA | Confidentiality, Integrity and Availability |
CVSS | Common Vulnerability Scoring System |
ENISA | European Union Agency for Cybersecurity |
EU | European Union |
GDPR | General Data Protection Regulation |
GPS | Global Positioning System |
GUI | Graphical User Interface |
IACS | International Association of Classification Societies |
IEC | International Electrotechnical Commission |
IMO | International Maritime Organization |
ISO | International Organization for Standardization |
ISPS | International Ship and Port Facility Security Code |
MAIB | Maritime Accident Investigation Branch |
MFA | Multi Factor Authentication |
MSC | Maritime Safety Committee |
NIS | Network and Information Systems Directive |
NMEA | National Maritime Electronics Association |
PPT | People, Process, Technology |
SOLAS | Safety of Life at Sea Convention |
S-VDR | Simplified Voyage Data Recorder |
UR | Unified Requirements |
USCG | United States Coast Guard |
VDR | Voyage Data Recorder |
References
- IMO. Voyage Data Recorders; International Maritime Organization: London, UK, 2022; Available online: https://www.imo.org/en/OurWork/Safety/Pages/VDR.aspx (accessed on 18 January 2023).
- IMO. Resolution Msc.333(90) (Adopted on 22 May 2012) Adoption of Revised Performance Standards for Shipborne Voyage Data Recorders (Vdrs); IMO: London, UK, 2012. [Google Scholar]
- IACS. No. 85—Recommendations on Voyage Data Recorder. 2018. Available online: https://iacs.org.uk/download/1871#:~:text=The%20voyage%20data%20recorder%20system,recoverability%20of%20the%20recorded%20data (accessed on 18 January 2023).
- Riviera Maritime Media. A Short History of VDR. 2009. Available online: https://www.rivieramm.com/news-content-hub/news-content-hub/a-short-history-of-vdr-48518 (accessed on 18 January 2023).
- Joly, J. MS Estonia: New Expedition Confirms Official Accident Report. 2021. Available online: https://www.euronews.com/2021/11/18/ms-estonia-new-expedition-confirms-official-accident-report (accessed on 18 January 2023).
- North of England P&I Association. Voyage Data Recorders (VDR): Advice for the Ship’s Crew. 2015. Available online: https://www.nepia.com/media/222798/NORTH-Hot-Spots-VDR.PDF (accessed on 18 January 2023).
- Degnarain, N. Decoding The Black Box: The 2015 US Disaster That Revolutionized Ship Crash Investigations. 2020. Available online: https://www.forbes.com/sites/nishandegnarain/2020/10/13/decoding-the-black-box-the-2015-us-disaster-that-revolutionized-ship-crash-investigations/?sh=71b75662712f (accessed on 18 January 2023).
- National Transportation Safety Board, NTSB/MAR-17/01—Singling of the US Cargo Vessel El Faro. 2018. Available online: https://www.ntsb.gov/investigations/AccidentReports/Reports/SPC1801.pdf (accessed on 18 January 2023).
- Piccinelli, M.; Gubian, P. Modern ships Voyage Data Recorders: A forensics perspective on the Costa Concordia shipwreck. Digit. Investig. 2013, 10, S41–S49. [Google Scholar] [CrossRef]
- Tam, K.; Jones, K. Forensic Readiness within the Maritime Sector. In Proceedings of the 2019 International Conference on Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA), Oxford, UK, 3–4 June 2019; pp. 1–4. [Google Scholar] [CrossRef]
- Wingrove, M. Using VDR Data to Enhance Fleet Operations and Safety. 2014. Available online: https://www.rivieramm.com/opinion/opinion/using-vdr-data-to-enhance-fleet-operations-and-safety-39120 (accessed on 18 January 2023).
- Du, Y.; Chen, Y.; Li, X.; Schönborn, A.; Sun, Z. Data fusion and machine learning for ship fuel efficiency modeling: Part II—Voyage report data, AIS data and meteorological data. Commun. Transp. Res. 2022, 2, 100073. [Google Scholar] [CrossRef]
- Directive (EU) 2016/1148; Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 Concerning Measures for a High Common Level of Security of Network and Information Systems across the Union. European Commission: Brussels, Belgium, 2016.
- Regulation (EU) 2016/679; Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the Protection of Natural Persons with Regard to the Processing of Personal Data and on the Free Movement of Such Data, and Repealing Directive 95/46/EC (General Data Protection Regulation). European Commission: Brussels, Belgium, 2016.
- Drougkas, A. The Cyber Security Policy Framework: NIS Directive and Cyber Security in Maritime. In Proceedings of the Digital Ship Conference, Athens, Greece, 8 November 2019; Available online: https://static1.squarespace.com/static/57a8878837c58153c1897c2c/t/5c056515aa4a99ba1fb7f2b1/1543857451926/14AthanasiosDrougkas_Athens18.pdf (accessed on 18 January 2023).
- MarineLink. Danelec Unveils Synchronized VDR Data and CCTV Interface. 2022. Available online: https://www.marinelink.com/news/danelec-unveils-synchronized-vdr-data-499285 (accessed on 18 January 2023).
- GDPR.EU. What Are the GDPR Fines? 2020. Available online: https://gdpr.eu/fines/ (accessed on 18 January 2023).
- Honeywell Industrial Cybersecurity USB Threat Report 2022; Honeywell: Charlotte, NC, USA. 2022. Available online: https://www.honeywellforge.ai/content/dam/forge/en/documents/cybersecurity/Industrial-Cybersecurity-USB-Threat-Report-2022.pdf (accessed on 18 January 2023).
- Santamarta, R. Maritime Security: Hacking into a Voyage Data Recorder (VDR). 2015. Available online: https://ioactive.com/maritime-security-hacking-into-a-voyage-data-recorder-vdr/ (accessed on 18 January 2023).
- IMO. International Convention for the Safety of Life at Sea (SOLAS), 1974; International Maritime Organization: London, UK, 2021; Available online: https://www.imo.org/en/About/Conventions/Pages/International-Convention-for-the-Safety-of-Life-at-Sea-(SOLAS),-1974.aspx (accessed on 18 January 2023).
- DNV-GL. EC Certificate Type Examination. 2017. Available online: https://www.scribd.com/document/440781840/VR2272B-Installation-Manual-new (accessed on 18 January 2023).
- Furuno. VR-7000 Operator’s Manual. 2019. Available online: https://www.furunousa.com/-/media/sites/furuno/document_library/documents/manuals/public_manuals/vr7000_operators_manual.pdf (accessed on 18 January 2023).
- NetWave. NW-6000-Series Voyage Data Recorder Operator Manual. 2015. Available online: https://cirspb.ru/pdf/NW6000-00-Operator-manual-version1.3.pdf (accessed on 18 January 2023).
- Marine, D. Type Approval Certificate—DM100 VDR G2. 2022. Available online: https://www.danelec.com/umbraco/Api/Download/media?name=DNV%20Type%20Approval%20Certificate%20DM100%20VDR%20and%20S-VDR%20G2%20with%20Float%20Free%20Capsule%20MK2.pdf&url=%2Fmedia%2Flvsnoog3%2Fdnv-type-approval-certificate-dm100-vdr-and-s-vdr-g2-with-float-free-capsule-mk2.pdf (accessed on 18 January 2023).
- Hughes, K. Type Approval Certificate—X-VDR. 2017. Available online: https://uk.hensoldt.net/fileadmin/kh/Type-Approval-Certificates-New/X-VDR_Voyage_Data_Recorder_233.pdf (accessed on 18 January 2023).
- MSC.163(78); Performance Standards for Shipbourne Simplified Voyage Data Recorders (S-VDRs). IMO: London, UK, 2004.
- MSC.214(81); Adoption of Amendments to the Performance Standards for Shipborne Voyage Data Recorders (VDRs) (Resolution A.861(20)) and Performance Standards for Shipborne Simplified Voyage Data Recorders (S-VDRs) (Resolution MSC.163(78)). IMO: London, UK, 2006.
- IResolution A.694(17); General Requirements for Shipborne Radio Equipment Forming Part of the Global Maritime Distress and Safety System (GMDSS) and for Electronic Navigational Aids. IMO: London, UK, 1991.
- MSC.163(78); PErformance Standards for the Presentation of Navigation-Related Information on Shipborne Navigational Displays). IMO: London, UK, 2004.
- IEC 61996-1:2013+A1:2021; Maritime Navigation and Radiocommunication Equipment and Systems. Shipborne Voyage Data Recorder (VDR). Performance Requirements, Methods of Testing and REQUIRED test results. International Electrotechnical Commission: Geneva, Switzerland, 2021.
- IEC 60945:2002; Maritime Navigation and Radiocommunication Equipment and Systems. General Requirements. Methods of Testing and Required Test Results. International Electrotechnical Commission: Geneva, Switzerland, 2021.
- IEC 61162-1:2016; Maritime Navigation and Radiocommunication Equipment and Systems. Digital Interfaces. Single Talker and Multiple listeners. International Electrotechnical Commission: Geneva, Switzerland, 2016.
- IEC 61162-2:1998; Maritime Navigation and Radiocommunication Equipment and Systems. Digital Interfaces. Single Talker and Multiple Listeners, High-Speed Transmission. International Electrotechnical Commission: Geneva, Switzerland, 1998.
- IEC 61162-450:2018; Maritime Navigation and Radiocommunication Equipment and Systems. Digital Interfaces. Multiple Talkers and Multiple Listeners. Ethernet Interconnection. International Electrotechnical Commission: Geneva, Switzerland, 2018.
- IEC 62288:2022; Maritime Navigation and Radiocommunication Equipment and Systems—Presentation of Navigation-Related Information on Shipborne navigational Displays—General Requirements, Methods of Testing and Required Test Results. International Electrotechnical Commission: Geneva, Switzerland, 2022.
- Cybersecurity & Infrastructure Security Agency. Interschalt VDR G4e Path Traversal Vulnerability|CISA; Cybersecurity & Infrastructure Security Agency: Arlington, VA, USA, 2016. [Google Scholar]
- CVE Program. CVE-2016-9339—Interschalt VDR G4e Path Traversal Vulnerability; National Insitute of Standards and Technology: Gaithersburg, MD, USA, 2016. [Google Scholar]
- Harish, A.V.; Tam, K.; Jones, K. Investigating the Security and Accessibility of Voyage Data Recorder Data using a USB attack. In Special Track: CyMAR: Cyber at Sea: Issues Concerning the Maritime Sector, along with Cyber2022; Iaria XPS Press: Lisbon, Portugal, 2022. [Google Scholar]
- ISO/TS 10891; Freight Containers. Radio Frequency Identification (RFID). Licence Plate Tag. ISO: Geneva, Switzerland, 2009.
- What Is the CIA Triad and Why Is It Important? Fortinet: Sunnyvale, CA, USA, 2022.
- Windows Embedded Standard 7—Microsoft Lifecycle|Microsoft Learn; Microsoft: California, CA, USA, 2022.
- Kali Linux. Introduction: Kali linux documentation. Available online: https://www.kali.org/docs/introduction/ (accessed on 19 January 2023).
- Lyon, G. Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning; Nmap Project: Online, 2009. [Google Scholar]
- Metasploit Penetration Testing Software, Pen Testing Security. Available online: https://www.metasploit.com/ (accessed on 18 January 2023).
- Hak5. USB Rubber Ducky. Available online: https://shop.hak5.org/products/usb-rubber-ducky-deluxe (accessed on 3 August 2022).
- Keystroke; Merriam-Webster: Springfield, MA, USA, 2022.
- Gonzalez, A. Rubber Ducky: Learning about the Keystroke Injection|by Alejandro González|Trabe|Medium. 2022. Available online: https://medium.com/trabe/rubber-ducky-learning-about-keystroke-injection-324f462f80fa (accessed on 2 September 2022).
- The State of Ransomware 2022; Sophos: New Delhi, India, 2022; Available online: https://assets.sophos.com/X24WTUEQ/at/4zpw59pnkpxxnhfhgj9bxgj9/sophos-state-of-ransomware-2022-wp.pdf (accessed on 18 January 2023).
- Zdnet. All four of the world’s largest shipping companies have now been hit by cyber-attacks|ZDNet. 2020. Available online: https://www.zdnet.com/article/all-four-of-the-worlds-largest-shipping-companies-have-now-been-hit-by-cyber-attacks (accessed on 3 August 2022).
- Kali Linux Tools. hydra. Available online: https://www.kali.org/tools/hydra/ (accessed on 3 August 2022).
- MalwareBytes. BadRabbit: A Closer Look at the New Version of Petya/NotPetya. 2017. Available online: https://www.malwarebytes.com/blog/news/2017/10/badrabbit-closer-look-new-version-petyanotpetya (accessed on 18 January 2023).
- MS17-010 EternalRomance/EternalSynergy/EternalChampion SMB Remote Windows Code Execution. 2018. Available online: https://www.rapid7.com/db/modules/exploit/windows/smb/ms17_010_psexec/ (accessed on 3 August 2022).
- NMEA. National Marine Electronics Association—NMEA. Available online: https://www.nmea.org/nmea-0183.html (accessed on 18 January 2023).
- MACE Times in ReFS|Forensic Investigation of Microsoft’s Resilient File System (ReFS). Available online: http://resilientfilesystem.co.uk/mace-times (accessed on 3 August 2022).
- Golitsyn, V.; Paik, J.-H.; Robinson, P.; Francioni, F.; Rao, P.S. PCA Case No. 2015-28 In the matter of an arbitration-before-an arbitral tribunal constituted under annex vii to the 1982 united nations convention on the law of the sea the italian republic-v.-the republic of india-concerning-the “enrica lexie” incident permanent court of arbitration. 2020. Available online: https://pcacases.com/web/sendAttach/16500 (accessed on 18 January 2023).
- Gardner, A. Voyage Data Recorder—Is It Ready for Use? 2021. Available online: https://britishmarine.com/news-and-advice/advice-and-notices/voyage-data-recorder-is-it-ready-for-use/ (accessed on 18 January 2023).
- CISecurity. Security Primer—EternalBlue; Center for Internet Security: East Greenbush, NY, USA, 2019; p. 4722. [Google Scholar]
- IMO. Brief History of IMO; International Maritime Organization: London, UK, 2022; Available online: https://www.imo.org/en/About/HistoryOfIMO/Pages/Default.aspx (accessed on 18 January 2023).
- Hopcraft, R.; Martin, K.M. Effective maritime cybersecurity regulation—The case for a cyber code. J. Indian Ocean Reg. 2018, 14, 354–366. [Google Scholar] [CrossRef]
- Morgan, J.M.; Liker, J.K. The Toyota Product Development System—Integrating People, Process and Technology; CRC Press: Boca Raton, FL, USA, 2006. [Google Scholar]
- Eminağaoğlu, M.; Uçar, E.; Eren, Ş. The positive outcomes of information security awareness training in companies—A case study. Inf. Secur. Tech. Rep. 2009, 14, 223–229. [Google Scholar] [CrossRef]
- National Institute of Standards and Technology, FIPS 140-2—Security Requirements for Cryptographic Modules. 2001. Available online: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.140-3.pdf (accessed on 18 January 2023).
- Abdel Hakeem, S.A.; Abd El-Gawad, M.A.; Kim, H. A Decentralized Lightweight Authentication and Privacy Protocol for Vehicular Networks. IEEE Access 2019, 7, 119689–119705. [Google Scholar] [CrossRef]
- National Institute of Standards and Technology, NIST Special Publication 800-82—Guide to Industrial Control Systems (ICS) Security. 2015. Available online: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-82r2.pdf (accessed on 18 January 2023).
- IMO. International Ship and Port Facility Security (ISPS) Code; International Maritime Organization: London, UK, 2021. [Google Scholar]
- ISO/IEC27001:2013; Information Technology—Security Techniques— Information Security Management Systems—Requirements. ISO: Geneva, Switzerland, 2013.
- Seong, K.T.; Kim, G.H. Implementation of voyage data recording device using a digital forensics-based hash algorithm. Int. J. Electr. Comput. Eng. (IJECE) 2019, 9, 5412–5419. [Google Scholar] [CrossRef]
- Vasu, S.; George, S.N.; Deepthi, P. An Integrity Verification System for Images using Hashing and Watermarking. In Proceedings of the 2012 International Conference on Communication Systems and Network Technologies, Rajkot, India, 11–13 May 2012. [Google Scholar] [CrossRef]
- Vocal. DCT Transform Digital Watermarking. Available online: https://vocal.com/video/dct-transform-digital-watermarking/ (accessed on 18 January 2023).
- Chauhan, Y.; Gupta, P.; Majumder, K. Digital Watermarking of Satellite Images. In Proceedings of the Third Indian Conference on Computer Vision, Graphics & Image Processing, Ahmadabad, India, 16–18 December 2002. [Google Scholar] [CrossRef]
- Mojtaba Mousavi, S.; Naghsh, A.; Abu-Bakar, S.A.R. Watermarking Techniques used in Medical Images: A Survey. J. Digit. Imaging 2014, 27, 714–729. [Google Scholar] [CrossRef] [PubMed]
- National Institute of Standards and Technology, FIPS 197—Specification for the Advanced Encryption Standard (AES). 2001. Available online: https://nvlpubs.nist.gov/nistpubs/fips/nist.fips.197.pdf (accessed on 18 January 2023).
- UK Home Office. Investigation of Protected Electronic Information Revised Code of Practice Presented to Parliament Pursuant to Section 71(4) of the Regulation of Investigatory Powers Act 2000; UK Home Office: London, UK, 2018. [Google Scholar]
- Zimmermann, V.; Gerber, N. The password is dead, long live the password—A laboratory study on user perceptions of authentication schemes. Int. J. Hum.-Comput. Stud. 2020, 133, 26–44. [Google Scholar] [CrossRef]
- Brecht, D. Password Security: Complexity vs. Length. 2021. Available online: https://resources.infosecinstitute.com/topic/password-security-complexity-vs-length/ (accessed on 18 January 2023).
- National Cyber Security Centre. Password Policy: Updating Your Approach. 2018. Available online: https://www.ncsc.gov.uk/collection/passwords/updating-your-approach (accessed on 18 January 2023).
- BIMCO. The Guidelines on Cyber Security Onboard Ships v4. 2020. Available online: https://www.bimco.org/about-us-and-our-members/publications/the-guidelines-on-cyber-security-onboard-ships (accessed on 18 January 2023).
- Microsoft. Download Microsoft Authenticator. 2022. Available online: https://www.microsoft.com/en-us/security/mobile-authenticator-app (accessed on 18 January 2023).
- Summers, W.C.; Bosworth, E. Password Policy: The Good, the Bad, and the Ugly. In Proceedings of the Winter International Synposium on Information and Communication Technologies, WISICT ’04, Cancun Mexico, 5–8 January 2004; Trinity College Dublin: Dublin, Ireland, 2004; pp. 1–6. [Google Scholar]
- National Institute of Standards and Technology, NIST Special Publication 800-63B—Digital Identity Guidelines. 2017. Available online: https://pages.nist.gov/800-63-3/sp800-63b.html (accessed on 18 January 2023).
- ISO/IEC27002:2017; Information Technology—Security Techniques—Code of practice for information security controls. ISO: Geneva, Switzerland, 2017.
- Huang, D.L.; Patrick Rau, P.L.; Salvendy, G.; Gao, F.; Zhou, J. Factors affecting perception of information security and their impacts on IT adoption and security practices. Int. J. Hum.-Comput. Stud. 2011, 69, 870–883. [Google Scholar] [CrossRef]
- Ambinder, M. 2 White House Movie Tropes That Don’t Make Sense. 2015. Available online: https://theweek.com/articles/462339/2-white-house-movie-tropes-that-dont-make-sense (accessed on 18 January 2023).
- KeySure. KeySure Key Control Product. 2022. Available online: https://www.keysure.net/ (accessed on 18 January 2023).
- CashStash. CashStash. 2013. Available online: https://www.thingiverse.com/thing:110897 (accessed on 18 January 2023).
- Cavusoglu, H.; Cavusoglu, H.; Zhang, J. Security Patch Management: Share the Burden or Share the Damage? Manag. Sci. 2008, 54, 657–670. [Google Scholar] [CrossRef] [Green Version]
- Microsoft. Windows 10 Update Servicing Cadence. 2018. Available online: https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-10-update-servicing-cadence/ba-p/222376 (accessed on 18 January 2023).
- IEC 62443-3-2:2020; Security for Industrial Automation and Control Systems. International Electrotechnical Commission: London, UK, 2020.
- NIST Special Publication 800-61—Computer Security Incident Handling Guide Recommendations of the National Institute of Standards and Technology; National Institute of Standards and Technology: Gaithersburg, MD, USA, 2012. [CrossRef]
- ISO/IEC27035-3:2020; Information Technology—Information Security Incident Management. ISO: Geneva, Switzerland, 2020.
- Cyber Strategic Outlook Aug 2021; US Coast Guard: Washington, DC, USA, 2021.
- US Coast Guard. CVC-WI-027(1)—Vessel Cyber Risk Management Work Instruction. 2020. Available online: https://www.dco.uscg.mil/Portals/9/DCO%20Documents/5p/CG-5PC/CG-CVC/CVC_MMS/CVC-WI-027(series).pdf (accessed on 18 January 2023).
- National Institute of Standards and Technology. Framework for Improving Critical Infrastructure Cybersecurity—Version 1.1. 2018. Available online: https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf (accessed on 18 January 2023).
- The ’Enrica Lexie’ Incident (Italy v. India); Permanent Court of Arbitration: The Hague, The Netherlands, 2020.
- Voyage Data Recorder Vr-5000 (Serial Number 1001 or Greater); Furuno: Hyogo, Japan, 2005.
- Hodgkinson, S. The Voyage Data Recorder (VDR). 2022. Available online: https://www.westpandi.com/publications/news/april-2022/the-voyage-data-recorder--(vdr)/ (accessed on 18 January 2023).
- Hopcraft, R. Developing Maritime Digital Competencies. IEEE Commun. Stand. Mag. 2021, 5, 12–18. [Google Scholar] [CrossRef]
- Msc.1/Circ.1222/Rev.1)—Guidelines on Annual Testing of Voyage Data Recorders (Vdr) And Simplified Voyage Data Recorders (S-Vdr); IMO: London, UK, 2019.
- IEC63154:2021; Maritime Navigation and Radiocommunication Equipment and Systems—Cybersecurity—General Requirements, Methods of Testing and Required Test Results. IEC: London, UK, 2021.
- IACS. About IACS; International Association of Classification Societies: London, UK, 2022; Available online: https://iacs.org.uk/about/ (accessed on 18 January 2023).
- IACS. Unified Requirements; International Association of Classification Societies: London, UK, 2022; Available online: https://iacs.org.uk/publications/unified-requirements/ (accessed on 18 January 2023).
- IMO. E26—Cyber Resilience of Ships; International Association of Classification Societies: London, UK, 2022; Available online: https://iacs.org.uk/download/14104 (accessed on 18 January 2023).
- IACS. E27—Cyber Resilience of On-board Systems and Equipment; International Association of Classification Societies: London, UK, 2022; Available online: https://iacs.org.uk/download/14105 (accessed on 18 January 2023).
- Chokshi, N. How Giant Ships Are Built. 2020. Available online: https://www.nytimes.com/interactive/2020/06/17/business/economy/how-container-ships-are-built.html (accessed on 18 January 2023).
Manufacturer Device | AMI Marine X2 VDR | Furuno VR-7000 VDR | NetWave Systems NW-6000 VDR | Danelec Marine DM100 VDR G2 | Kelvin Hughes X-VDR |
---|---|---|---|---|---|
IMO Regulations | A.694(17) | A.694(17) | A.658(16) | A.694(17 | A.694(17)) |
MSC.36(63) | MSC.163(78) | A.662(16) | MSC.36(63) | MSC.36(63) | |
MSC.97(73) | MSC.191(79) | A.694(17) | MSC.97(73) | MSC.191(79) | |
MSC.191(79) | MSC.302(87) | A.810(19) | MSC.191(79) | MSC.333(90) | |
MSC.333(90) | MSC.333(90) | A.830(19) | MSC.302.(87) | ||
A.861(20) | MSC.333(90) | ||||
MSC.81(70) | |||||
MSC.163(78) | |||||
MSC.333(90) | |||||
IEC Standards | IEC 60945:2002 | IEC 61996-1:2014 | IEC 61996-1:2013 | IEC 61996-1:2013 | IEC 60945:2002 |
IEC 62288:2014 | IEC 61996-2-1 | IEC 60068-2-27 | IEC 61996-2 | IEC 62288:2014 | |
IEC 61996-1:2013 | IEC 61162-1 | IEC 60936-1:1999 | IEC 60945:2002 | IEC 61996-1:2013 | |
IEC 61162-1 | IEC 61162-2 | IEC 60936-3 | IEC 61162-1 | IEC 61162-1 | |
IEC 61162-2 | IEC 61162-450 | IEC 60945:2002 | IEC 61162-2 | IEC 61162-2 | |
IEC 61162-450 | IEC 60945:2002 | IEC 61097-2:2002 | IEC 61162-450 | IEC 61162-450 | |
IEC 62288 | IEC 61097-7:1996 | IEC 62288:2014 | |||
IEC61924-2 | IEC 61162 | IEC 62923-1:2018 | |||
IEC 61260 | |||||
IEC 61672 | |||||
IEC 61993-2 | |||||
IEC 62288 | |||||
IEC 61162-450 |
Requirement | Name | Security Requirements | Comments |
---|---|---|---|
MSC.333(90) | Adoption of Revised Performance Standards for Shipborne Voyage Data Recorders (VDRs) | Resolution states all three recording mediums are “capable of being accessed following an incident but secure against a physical or electronically manipulated changed or deletion of recorded data” Equipment should be designed within the realm of practical possibility, resilient against manipulations of the amount of data, or the data itself. Any manipulation attempt should be recorded. | Provides performance requirements for devices installed after 1 July 2014. For devices installed prior to 1 July 2014 see A.861(20) as amended by MSC.214(81). Amended in 2021 by MSC.494(104) to consider changes in another piece of equipment’s performance standards. |
MSC.163(78) | Performance Standards for Shipborne Simplified Voyage Data Recorders (S-VDRs) | All recording mediums should be designed in such a way as not to interfere with the integrity of the data, whilst being accessible after an incident. | Like MSC.333(90) covers the performance standards for S-VDRs. |
MSC.191(79) | Performance Standards for the Presentation of Navigation-Related Information on Shipborne Navigation Displays | No security requirements | Harmonise requirements for the presentation of navigational-information on the bridge (colours, symbols, resolution etc). |
A.694(17) | General Requirements for Shipborne Radio Equipment Forming Part of the Global Maritime Distress and Safety System | No security requirements | Overarching set of minimum design requirements for any maritime device. |
Standard | Name | Security Requirements | Comments |
---|---|---|---|
IEC 61996-1:2013+A1:2021 | Maritime navigation and radiocommunication equipment and systems. Shipborne voyage data recorder (VDR). Performance requirements, methods of testing and required test results | Requirements regarding resistance to tampering, recording integrity and the protection of configuration data are verbatim from MSC.333(90). Additional statement saying data should be protected through the use of “a key, password or similar means” Provides a list of requirements that must be present during an inspection to be considered resistant to tampering. | Standardises the requirements of MSC.333(90), and outlines the required methods to set compliance. For a VDR to be deemed SOLAS Chapter V compiant it must conform to this standard. |
IEC 60945:2008 | Maritime navigation and radio communication equipment and systems. General requirements. Methods of testing and required test results | No security requirements | Standardises the requirements of IMO Res A.694(17). Specifies the minimum performance requirements, methods of testing, and required results of maritime equipment. |
IEC 61162-1 IEC61162-2 IEC 61162-450 | Maritime navigation and radiocommunication equipment and systems. Digital interfaces. | IEC 61162-1 and IEC 61162-2 have no security requirements. IEC 61162-450 outlines how a general authentication tag can be added to messages to support the management of cyber security risk (7.2.3.8). No details provided on how this can be used to improve device security of data integrity. | This series covers the digital interfaces between devices. Primarily outlining the standard sentence structures for transmitted data to ensure message cross-compatibility. |
IEC 62288:2022 | Maritime navigation and radiocommunication equipment and systems. Presentation of navigation-related information on shipborne navigational displays. General requirements, methods of testing and required test results | No security requirements | Standardises the requirements contained within IMO Res MSC.191(79). |
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content. |
© 2023 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Hopcraft, R.; Harish, A.V.; Tam, K.; Jones, K. Raising the Standard of Maritime Voyage Data Recorder Security. J. Mar. Sci. Eng. 2023, 11, 267. https://doi.org/10.3390/jmse11020267
Hopcraft R, Harish AV, Tam K, Jones K. Raising the Standard of Maritime Voyage Data Recorder Security. Journal of Marine Science and Engineering. 2023; 11(2):267. https://doi.org/10.3390/jmse11020267
Chicago/Turabian StyleHopcraft, Rory, Avanthika Vineetha Harish, Kimberly Tam, and Kevin Jones. 2023. "Raising the Standard of Maritime Voyage Data Recorder Security" Journal of Marine Science and Engineering 11, no. 2: 267. https://doi.org/10.3390/jmse11020267