Ships Trust Position Data from Strangers

The core navigation and identification systems on commercial vessels — Automatic Identification System (AIS), Electronic Chart Display and Information System (ECDIS), and GPS — accept inputs without cryptographic verification, enabling spoofing, manipulation, and denial-of-service attacks. AIS broadcasts vessel identity, position, speed, and course on unencrypted, unauthenticated VHF channels, so any attacker with a $300 software-defined radio can inject fake vessels, alter real vessel positions, or create ghost collision threats. GPS signals are weak enough to be overpowered by portable transmitters, and GPS spoofing attacks on commercial shipping have been documented in the Black Sea, Eastern Mediterranean, and Persian Gulf — with vessels' navigation systems showing them inland or in incorrect positions. ECDIS systems that overlay AIS and GPS data on electronic charts inherit these vulnerabilities, meaning the integrated navigation picture displayed to bridge officers can be manipulated.

Over 90% of global trade by volume moves by sea, and maritime navigation depends on GPS and AIS for collision avoidance, traffic management, and regulatory compliance. A successful AIS spoofing attack could cause collisions between vessels, ground ships by displaying false chart data, or make vessels invisible to traffic management systems. GPS spoofing in congested waterways (Strait of Hormuz, Strait of Malacca, English Channel) could trigger chain-reaction collisions. Beyond navigation, AIS spoofing has been used to create false vessel tracks for sanctions evasion — tankers appear to be in one location while actually loading oil elsewhere. The IMO's Maritime Cyber Risk Management guidelines acknowledge the threat but provide no technical specifications for authentication.

AIS was designed in the 1990s as a cooperative safety system, not a security system — adding authentication would require replacing or upgrading AIS transponders on all ~400,000 SOLAS vessels worldwide, at an estimated cost of $2–5 billion. Multi-receiver AIS validation (comparing a vessel's AIS-reported position with shore-based radar or satellite observation) can detect spoofed positions but requires infrastructure investment and doesn't prevent attacks in areas without shore radar coverage. GPS anti-spoofing techniques (multi-frequency receivers, inertial navigation crosschecking) exist for military systems but are rarely implemented in commercial maritime GPS. ECDIS type-approval testing by classification societies does not include cybersecurity evaluation — a certified ECDIS system can be fully compliant with IMO standards while accepting every spoofed input it receives. Software patches for ECDIS vulnerability require physical vessel access during port calls and are rarely applied.

Lightweight cryptographic AIS authentication protocols that can be deployed incrementally — vessels with upgraded transponders authenticate their messages, while legacy receivers can still decode the position data. Multi-sensor navigation integrity monitoring that crosschecks GPS, AIS, radar, and inertial navigation and alerts bridge officers when inputs disagree. Cybersecurity requirements integrated into IMO type-approval standards for ECDIS and navigation systems, creating market incentives for secure products. Shore-based maritime domain awareness systems that independently verify vessel positions using satellite radar (SAR) and optical imaging.

A team could set up an AIS simulation environment using software-defined radio and an AIS transceiver simulator, demonstrate the attack surface of unauthenticated AIS, and prototype a simple consistency-checking algorithm that detects impossible vessel movements (speed/course/position contradictions). A navigation team could prototype multi-sensor integrity monitoring that compares GPS, ECDIS chart data, and simulated radar returns to detect spoofing. Relevant disciplines: cybersecurity, maritime engineering, RF engineering, signal processing.