VoIP is basically a telephone connection over the Internet. The data is sent digitally, using the Internet Protocol (IP) instead of analogue telephone lines. In order to use VoIP, you need a computer, an Internet connection, and VoIP software. You also need a microphone, analogue telephone adapter, or VoIP telephone.  Many VoIP programs like skype and TeamSpeak allow you to use a basic microphone and speaker setup. Others require VoIP phones, which are like regular telephone handsets, but typically connect to your computer via USB. Analogue telephone adapters allow you to use regular phones with your computer. IP phones are another option that connect directly to a router via Ethernet or wirelessly. These phones have all the necessary software for VoIP built in and therefore do not require a computer.

VPN’s are sometimes regarded as an ‘anti-system’ program, but it depends what you use it for. Some use VPN’s to browse illegal websites. Others just use it to watch videos as if they were based in different countries. So a Virtual Private Network works by using encryption and other security measures, a VPN can scramble all the data sent through the wide area network, so the network is “virtually” private.

Businesses often use VPNs to communicate across multiple locations. For example, a large company that has offices in several cities may need to send Information to the different locations via the Internet and make sure it’s done securely so it can’t be hacked. To keep the information secure, the company might set up a VPN with an encrypted connection.

‘Always-on’ can be the downfall of a vessel if its cyber security is not addressed. From being an isolated (and therefore more secure) environment when at sea, a ship is now just as connected as many offices. Yet, cyber security is usually an afterthought, if even considered at all.

Basic satellite equipment checks

Administration passwords

Access from the public internet

Terminal software version

Physical security of the terminal

By far the most common problem: the satellite terminal installer hasn’t changed the administration passwords from the default admin/admin, admin/1234 or similar. Ensure the passwords are complex and only known by those who need to know.

Most airtime providers offer a private IP address space, so hackers can’t reach your satcom system as easily over the internet.

It’s easy to find out if your vessel terminals are public or not: put the IP address in a browser and see if you can route to the terminal web interface from the public internet. Or you could port scan it. Speak to your airtime provider and check.

An ECDIS is usually just a desktop computer. It may have a rugged case, screen and keyboard, but it is fundamentally just a PC.

Just like any computer, it requires updates to be applied, both to the underlying operating system, to its ECDIS software and to the digital charts. If any of those are omitted for any period of time, cyber security vulnerabilities creep in.

ECDIS are increasingly being connected to vessel networks to facilitate online chart updates, integration with other bridge systems and remote maintenance. Security flaws that did not matter so much in the past through a lack of connectivity are now becoming very important.

Even having dual redundant ECDIS on the bridge is no guarantee of availability: during research we discovered similar security flaws on multiple ECDIS brands. A hacker would have little difficulty in compromising both.