Anti-malware software for shipping bridge systems, including the electronic chart display and information system (ecdis), has been developed by a group of technology companies and tested by training company ECDIS Ltd.
Malware was introduced on a variety of ecdis systems through an email attachment. Award-winning Abatis software was then fitted to all the leading manufacturers’ ecdis and radar systems and the virus was re-introduced onto the server.
Robyn Harrigan, Training & Production Manager at ECDIS Ltd said:-
All of the systems tested, with operating systems ranging from Windows 2000 to Windows XP, and up to Windows 7, appeared protected and maintained stability after the attack
However, it was made clear that there is still a significant number of trials to take place over the next few months on Linux-based systems, and an injection of the virus via an auxiliary sensor connected to the ecdis via the local area network.
Shipping companies have been increasingly concerned about potential cyber attacks with several vessels suffering an ecdis crash at sea due to malware.
Cyber threats to ecdis are from a variety of sources such as links through satellite communications, connections to other ship systems, software updates and memory sticks which may contain viruses. There is also the threat of cyber attacks on satellite navigation, automatic identification or traffic services systems.
NCC Group research director Andy Davis, cites the top threat from memory sticks, email viruses and insider threats. He advised anti-virus should be installed and kept up-to-date on ships. Procedures for using USBs should also be introduced to ensure they are free of viruses.
Anti-virus and anti-cyber software is now provided by some ecdis providers however legacy systems are almost unprotected.
The final part of the trial will be conducted both with Abatis anti-malware software, and without it, in a controlled test over the next few months.