SlideShare a Scribd company logo

Why AIS is not always enough

Pole Star Space Applications
Pole Star Space Applications

Sole reliance on AIS data for ship tracking poses risks for compliance as AIS has vulnerabilities. It can be hacked and falsified, is not continuously transmitted, and was not designed for global tracking. An alternative is PurpleTRAC, which screens ships against sanctions lists, tracks using multiple data sources including secure Inmarsat-C, detects events, and archives activities for auditing and compliance.

Economy & Finance
1 of 4
Download to read offline
How sole reliance on AIS data could undermine your organisation’s gBMP In order to mitigate the risk of money laundering and terrorist financing, and avoid the likely criminal, reputational, and commercial damage that would occur as a result of non-compliance, organisations with exposures to shipping (including ship finance, trade finance, commodity trading, chartering and insurance services) are investigating the use of ship tracking services as a part of their overall risk management strategy. Knowledge of a ship’s previous, current, and future trading patterns is required in order to achieve demonstrable best efforts, and is the foundation of any geospatial Best Management Practice (gBMP) programme. For those considering ship tracking services, you may have found that the range of commercial solutions available on the market appear to be limited to Automatic Identification System (AIS)-based services. AIS-only ship tracking services may offer an adequate source of information for basic ship tracking. However, if you are evaluating these services for compliance purposes, it is crucial to understand the vulnerabilities of AIS and be aware of alternative, more secure and comprehensive risk management solutions such as those commonly utilised by governments and major shipping companies. A recent critical report by Trend Micro (an independent internet content security and threat management consultancy) has drawn the attentions of the maritime and mainstream press to the vulnerabilities of AIS, in particular the security of the data and its susceptibility to hacking. In this bulletin, we explore the vulnerabilities of AIS and suggest how PurpleTRAC (a new risk management and sanction compliance solution from Pole Star) can help underpin your implementation of gBMP. 1
Vulnerabilities of AIS AIS has several major vulnerabilities, including: AIS message transmission is not secure and can be falsified Trend Micro has drawn attention to “vulnerabilities that allow an attacker to tamper with valid AIS data and inject invalid AIS data”.1 During experiments, Trend Micro’s researchers proved that they were able to “hijack communications of existing vessels, create fake vessels, trigger false SOS or collision alerts and even permanently disable AIS tracking on any vessel”.2 According to Lloyds List, Trend Micro has highlighted “how easy it is to hack into the system that tracks the location of the world fleet”.3 AIS can be spoofed because it uses open standards (ITU M.1371 / NMEA0183) that can be obtained by anyone and used to decode the data. AIS equipment is not required to be continuously switched on AIS messages are transmitted using very high frequency (VHF) radio waves and received, without restriction, by anyone with an AIS receiver (who can then publish the data on the web and/or use the data for illegitimate purposes). Consequently, there are legitimate operational concerns that pirates and/or criminals could use this information to locate and target specific ships and cargoes. To counter this, the International Maritime Organization (IMO) issued regulatory guidance to ships masters that, if the ship was considered to be under threat, its AIS could be switched off. This does happen when ships transit high-risk areas where there is an obvious threat of piracy, when ships with high-interest cargo wish to avoid commercial detection, and when ships conducting illegal ship-to-ship transhipments attempt to conceal their activities.5 AIS was not designed to be a global tracking system AIS is recognised by the IMO for the purpose of collision avoidance and not as a global ship tracking system. Furthermore, when the IMO introduced ship tracking as an international security requirement (with the introduction of the Long-Range Identification and Tracking (LRIT) regulation) it specifically excluded the use of AIS due to its inherent insecurity, and employed the more secure, robust, and reliable Inmarsat-C technology instead. Satellite-AIS has message collection and latency limitations In high-density shipping areas where thousands of ships may be transmitting AIS messages, it is a challenge for S-AIS systems to efficiently collect, process, and download all of the messages. The result of this is that many messages are lost due to data collisions. Research indicates that typical S-AIS receivers are able to receive less than 50% of messages in medium to high-density areas.The S-AIS provider then has to clean (or “de-collide”) the data in order to extract useful information from it. This data processing exercise adds a delay (known as “latency”) to the delivery of the message. 2 Real world example: Ramtin It was recently reported that the Iranian crude oil tanker Ramtin, which is managed and owned by Tabuk Maritime (a company sanctioned by OFAC), had hacked its own AIS to disguise its activities near Singapore.4 1, 2 Vulnerabilities Discovered in Global Vessel tracking Systems, Trend Micro, 15 October 2013, http://blog.trendmicro.com/trendlabs-security-intelligence/vulnerabilities-discovered-in-global-vessel-tracking-systems 3 AIS can no longer be trusted, says hacking expert, Lloyds List, 18 October 2013 4 Iranian Tanker Hacks AIS to Disguise Itself Off Singapore, gCaptain, 25 October, 2013, http://gcaptain.com/iranian-tanker-hacks-disguise/ 5 Phantom Ships Expose Weakness in AIS Vessel-Tracking System, Bloomberg, 29 October 2013, http://www.bloomberg.com/news/2013-10-29/phantom-ships-expose-weakness-in-vessel-tracking-system-freight.html
How AIS works The Automatic Identification System (AIS) is a VHF (very high frequency) radio tracking system that is used by ships and vessel traffic services to identify and locate other nearby ships for the primary purpose of collision avoidance. The AIS regulation requires equipment to be fitted aboard all ships of 300 gross tonnage and upwards engaged on international voyages, cargo ships of 500 gross tonnage and upwards not engaged on international voyages, and all passenger ships irrespective of size. The requirement became effective for all ships 31 December 2004. The regulation requires that AIS shall: • Provide information (including the ship's identity, type, position, course, speed, navigational status and other safety-related information) automatically to appropriately equipped shore stations, other ships and aircraft • Receive the above information automatically from other AIS enabled ships • Monitor and track ships • Exchange data with shore-based facilities Terrestrial (T-AIS) The AIS equipment aboard a ship broadcasts messages to AIS receivers on other ships and ashore (typically ports). Such T-AIS equipment can detect messages from up to 50 nautical miles and therefore provides effective ship-to-ship and coastal coverage. Satellite AIS (S-AIS) S-AIS systems use a network of satellite-based receivers to detect and collect AIS messages transmitted from ships. S-AIS is effective for basic and historical ship tracking. However, the system does have message collection and latency limitations in respect of near real-time tracking. Achieving demonstrable best efforts Avoiding sanctioned countries, either directly or by indemnification, is not sufficient. Organisations with exposures to shipping risk are expected to know if any business relationships are linked to such countries. By definition, this includes the physical asset (the ship) and related group beneficial owner, registered owner, operator, manager, and technical manager, and extends to the ship’s chartering, cargo, cargo financing, and associated insurances including hull, P&I, cargo, war risk, and K&R. 3 Satellite AIS Limited coverage • Public • Unsecured Terrestrial AIS Limited range • Public • Unsecured
The solution: PurpleTRAC PurpleTRAC is a geopolitical risk management and economic sanctions compliance solution designed by and for organisations with exposures to shipping risks. Delivered as a Software-as-a-Service (SaaS) hosted application to registered users on a subscrip- tion-only basis, PurpleTRAC consists of three integrated processes: ship screening, ship tracking and archiving & reporting. Screening Screening consists of a series of automatic checks to provide critical and advisory information regarding a selected ship’s current and past exposure to risk. Global Sanctions: screens the ship and its associated group beneficial owner, registered owner, operator, ship manager, and technical manager against a comprehensive range of 37 international sanctions lists8 , and generates an alert if a positive match is returned. Flag State, Class Society, and Ship Quality Performance: screens the ship against a range of flag, class, and Port State Control (PSC) inspection deficiency and detention databases9 and blacklisted ports and generates an alert if a positive PSC match is returned. Ship Movement History: screens the ship against OFAC sanctioned countries and US Port Security Advisory bulletin ports listings using the last 90-days of available Automatic Identification System (AIS) position data and generates an alert if a positive match is returned. A comprehensive Screening Report is available on the user interface, via download and by email. Tracking PurpleTRAC actively tracks ships on a continuous or voyage-based basis. Hybrid Track technology: combines data from multiple satellite tracking services (including the ship’s secure Inmarsat-C terminal and its AIS equipment) into a single coherent position track (whilst managing minor inconsistencies and reporting major anomalies). Detection & alerts: actively monitors the ship’s movements for key pre-defined events (e.g. approach or entry to high-risk areas10 ). Daily screening: daily screening against the full range of global economic sanctions lists. A Management Report is available on the user interface, via download and by email. Archiving & Reporting PurpleTRAC maintains an up-to-date record of all users’ historical and on-going activities, providing a tamper-resistant, auditable and verifiable statement of your organisation’s geopolitical risk management and sanctions compliance activity. A Trade Report is available on the user interface, via download and by email. 4 Find out more about PurpleTRAC at http://purpletrac.polestarglobal.com 8 Data supplied by Dow Jones Risk & Compliance 9 Data supplied by IHS 10 As defined by the London Joint War Committee

Recommended

SOCAR Trading and PurpleTRAC Case Study
SOCAR Trading and PurpleTRAC Case StudySOCAR Trading and PurpleTRAC Case Study
SOCAR Trading and PurpleTRAC Case StudyPole Star Space Applications
 
PurpleTRAC Brochure
PurpleTRAC BrochurePurpleTRAC Brochure
PurpleTRAC BrochureAmanda Northey
 
PurpleTRAC brochure
PurpleTRAC brochurePurpleTRAC brochure
PurpleTRAC brochurePole Star Space Applications
 
Csa dar-air-pitch-deck-102316
Csa dar-air-pitch-deck-102316Csa dar-air-pitch-deck-102316
Csa dar-air-pitch-deck-102316ClearSpace Aeronautics
 
Spec ops service corporate overview
Spec ops service corporate overviewSpec ops service corporate overview
Spec ops service corporate overviewChip Bayless
 
Die EASA-Sicherheitsempfehlungen
Die EASA-SicherheitsempfehlungenDie EASA-Sicherheitsempfehlungen
Die EASA-SicherheitsempfehlungenFunke_Zentral
 
IRJET- A Low Cost Cospas-Sarsat Transponder
IRJET- A Low Cost Cospas-Sarsat TransponderIRJET- A Low Cost Cospas-Sarsat Transponder
IRJET- A Low Cost Cospas-Sarsat TransponderIRJET Journal
 
Transocean offshore operation 6
Transocean offshore operation 6Transocean offshore operation 6
Transocean offshore operation 6Steffones K
 

Recommended

SOCAR Trading and PurpleTRAC Case Study
SOCAR Trading and PurpleTRAC Case StudySOCAR Trading and PurpleTRAC Case Study
SOCAR Trading and PurpleTRAC Case StudyPole Star Space Applications
 
PurpleTRAC Brochure
PurpleTRAC BrochurePurpleTRAC Brochure
PurpleTRAC BrochureAmanda Northey
 
PurpleTRAC brochure
PurpleTRAC brochurePurpleTRAC brochure
PurpleTRAC brochurePole Star Space Applications
 
Csa dar-air-pitch-deck-102316
Csa dar-air-pitch-deck-102316Csa dar-air-pitch-deck-102316
Csa dar-air-pitch-deck-102316ClearSpace Aeronautics
 
Spec ops service corporate overview
Spec ops service corporate overviewSpec ops service corporate overview
Spec ops service corporate overviewChip Bayless
 
Die EASA-Sicherheitsempfehlungen
Die EASA-SicherheitsempfehlungenDie EASA-Sicherheitsempfehlungen
Die EASA-SicherheitsempfehlungenFunke_Zentral
 
IRJET- A Low Cost Cospas-Sarsat Transponder
IRJET- A Low Cost Cospas-Sarsat TransponderIRJET- A Low Cost Cospas-Sarsat Transponder
IRJET- A Low Cost Cospas-Sarsat TransponderIRJET Journal
 
Transocean offshore operation 6
Transocean offshore operation 6Transocean offshore operation 6
Transocean offshore operation 6Steffones K
 
Swarm Final Presentation - UCSD H4D 2016
Swarm Final Presentation - UCSD H4D 2016Swarm Final Presentation - UCSD H4D 2016
Swarm Final Presentation - UCSD H4D 2016H4Diadmin
 
REPORT OF THE 3RD MEETING OF PMAWCA HARBOUR MASTERS’ NETWORK,
REPORT OF THE 3RD MEETING OF PMAWCA HARBOUR MASTERS’ NETWORK,REPORT OF THE 3RD MEETING OF PMAWCA HARBOUR MASTERS’ NETWORK,
REPORT OF THE 3RD MEETING OF PMAWCA HARBOUR MASTERS’ NETWORK,AGPAOC- PMAWCA
 
Ais guide
Ais guideAis guide
Ais guidehmursalin
 
Drones: Safety, Risk and Regulations
Drones: Safety, Risk and RegulationsDrones: Safety, Risk and Regulations
Drones: Safety, Risk and RegulationsAnthonyVenetz
 
Maritime cyber security threats & consequence part 2
Maritime cyber security threats & consequence part 2Maritime cyber security threats & consequence part 2
Maritime cyber security threats & consequence part 2pankaj kapoor
 
Ism cbt
Ism cbtIsm cbt
Ism cbtAbner_Llenos
 
Jame willis safety conference
Jame willis safety conferenceJame willis safety conference
Jame willis safety conferenceDigitalPower
 
UNNMANED AIRCRAFT SYSTEMS – CURRENT OPS, INTEGRATION AND CHALLENGES
UNNMANED AIRCRAFT SYSTEMS – CURRENT OPS, INTEGRATION AND CHALLENGES UNNMANED AIRCRAFT SYSTEMS – CURRENT OPS, INTEGRATION AND CHALLENGES
UNNMANED AIRCRAFT SYSTEMS – CURRENT OPS, INTEGRATION AND CHALLENGES Dirk Gorissen
 
Avian flu Type A-H5N1 epidemiological model: Puerto Rico as a case study
Avian flu Type A-H5N1 epidemiological model: Puerto Rico as a case studyAvian flu Type A-H5N1 epidemiological model: Puerto Rico as a case study
Avian flu Type A-H5N1 epidemiological model: Puerto Rico as a case studyMariangeles Rivera
 
Pentru tine
Pentru tinePentru tine
Pentru tineMircea Tivadar
 
A New Form of Dos attack in Cloud
A New Form of Dos attack in CloudA New Form of Dos attack in Cloud
A New Form of Dos attack in CloudSanoj Kumar
 
AIS Exposed. New vulnerabilities and attacks. (HITB AMS 2014)
AIS Exposed. New vulnerabilities and attacks. (HITB AMS 2014)AIS Exposed. New vulnerabilities and attacks. (HITB AMS 2014)
AIS Exposed. New vulnerabilities and attacks. (HITB AMS 2014)Marco Balduzzi
 
Cybercrime in the Deep Web (BHEU 2015)
Cybercrime in the Deep Web (BHEU 2015)Cybercrime in the Deep Web (BHEU 2015)
Cybercrime in the Deep Web (BHEU 2015)Marco Balduzzi
 
Possessive adjectives
Possessive adjectivesPossessive adjectives
Possessive adjectivesbogomolova1879
 
HTTP(S)-Based Clustering for Assisted Cybercrime Investigations
HTTP(S)-Based Clustering for Assisted Cybercrime Investigations HTTP(S)-Based Clustering for Assisted Cybercrime Investigations
HTTP(S)-Based Clustering for Assisted Cybercrime InvestigationsMarco Balduzzi
 
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin Ahmed
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin AhmedBackup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin Ahmed
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin AhmedMazin Ahmed
 
чынгыз айтматов Small
чынгыз айтматов Smallчынгыз айтматов Small
чынгыз айтматов SmallKamchibekova Rakia
 
Christmas
ChristmasChristmas
Christmasbogomolova1879
 
ОО" Шоола Кол" презентация Результаты поиска Санкт-Петербург 14 октября
ОО" Шоола Кол" презентация Результаты поиска Санкт-Петербург 14 октябряОО" Шоола Кол" презентация Результаты поиска Санкт-Петербург 14 октября
ОО" Шоола Кол" презентация Результаты поиска Санкт-Петербург 14 октябряАсылбек Айтматов
 
Abusing Social Networks for Automated User Profiling
Abusing Social Networks for Automated User ProfilingAbusing Social Networks for Automated User Profiling
Abusing Social Networks for Automated User ProfilingMarco Balduzzi
 
Softworx Enterprise Asset Management 101 - Presentation Template
Softworx Enterprise Asset Management 101 - Presentation TemplateSoftworx Enterprise Asset Management 101 - Presentation Template
Softworx Enterprise Asset Management 101 - Presentation TemplateEnterprise Softworx Solutions
 
Presentation1
Presentation1Presentation1
Presentation1Nima Kamali
 

More Related Content

What's hot

Swarm Final Presentation - UCSD H4D 2016
Swarm Final Presentation - UCSD H4D 2016Swarm Final Presentation - UCSD H4D 2016
Swarm Final Presentation - UCSD H4D 2016H4Diadmin
 
REPORT OF THE 3RD MEETING OF PMAWCA HARBOUR MASTERS’ NETWORK,
REPORT OF THE 3RD MEETING OF PMAWCA HARBOUR MASTERS’ NETWORK,REPORT OF THE 3RD MEETING OF PMAWCA HARBOUR MASTERS’ NETWORK,
REPORT OF THE 3RD MEETING OF PMAWCA HARBOUR MASTERS’ NETWORK,AGPAOC- PMAWCA
 
Drones: Safety, Risk and Regulations
Drones: Safety, Risk and RegulationsDrones: Safety, Risk and Regulations
Drones: Safety, Risk and RegulationsAnthonyVenetz
 
Maritime cyber security threats & consequence part 2
Maritime cyber security threats & consequence part 2Maritime cyber security threats & consequence part 2
Maritime cyber security threats & consequence part 2pankaj kapoor
 
Jame willis safety conference
Jame willis safety conferenceJame willis safety conference
Jame willis safety conferenceDigitalPower
 
UNNMANED AIRCRAFT SYSTEMS – CURRENT OPS, INTEGRATION AND CHALLENGES
UNNMANED AIRCRAFT SYSTEMS – CURRENT OPS, INTEGRATION AND CHALLENGES UNNMANED AIRCRAFT SYSTEMS – CURRENT OPS, INTEGRATION AND CHALLENGES
UNNMANED AIRCRAFT SYSTEMS – CURRENT OPS, INTEGRATION AND CHALLENGES Dirk Gorissen
 

What's hot (8)

Swarm Final Presentation - UCSD H4D 2016
Swarm Final Presentation - UCSD H4D 2016Swarm Final Presentation - UCSD H4D 2016
Swarm Final Presentation - UCSD H4D 2016
 
REPORT OF THE 3RD MEETING OF PMAWCA HARBOUR MASTERS’ NETWORK,
REPORT OF THE 3RD MEETING OF PMAWCA HARBOUR MASTERS’ NETWORK,REPORT OF THE 3RD MEETING OF PMAWCA HARBOUR MASTERS’ NETWORK,
REPORT OF THE 3RD MEETING OF PMAWCA HARBOUR MASTERS’ NETWORK,
 
Ais guide
Ais guideAis guide
Ais guide
 
Drones: Safety, Risk and Regulations
Drones: Safety, Risk and RegulationsDrones: Safety, Risk and Regulations
Drones: Safety, Risk and Regulations
 
Maritime cyber security threats & consequence part 2
Maritime cyber security threats & consequence part 2Maritime cyber security threats & consequence part 2
Maritime cyber security threats & consequence part 2
 
Ism cbt
Ism cbtIsm cbt
Ism cbt
 
Jame willis safety conference
Jame willis safety conferenceJame willis safety conference
Jame willis safety conference
 
UNNMANED AIRCRAFT SYSTEMS – CURRENT OPS, INTEGRATION AND CHALLENGES
UNNMANED AIRCRAFT SYSTEMS – CURRENT OPS, INTEGRATION AND CHALLENGES UNNMANED AIRCRAFT SYSTEMS – CURRENT OPS, INTEGRATION AND CHALLENGES
UNNMANED AIRCRAFT SYSTEMS – CURRENT OPS, INTEGRATION AND CHALLENGES
 

Viewers also liked

Avian flu Type A-H5N1 epidemiological model: Puerto Rico as a case study
Avian flu Type A-H5N1 epidemiological model: Puerto Rico as a case studyAvian flu Type A-H5N1 epidemiological model: Puerto Rico as a case study
Avian flu Type A-H5N1 epidemiological model: Puerto Rico as a case studyMariangeles Rivera
 
A New Form of Dos attack in Cloud
A New Form of Dos attack in CloudA New Form of Dos attack in Cloud
A New Form of Dos attack in CloudSanoj Kumar
 
AIS Exposed. New vulnerabilities and attacks. (HITB AMS 2014)
AIS Exposed. New vulnerabilities and attacks. (HITB AMS 2014)AIS Exposed. New vulnerabilities and attacks. (HITB AMS 2014)
AIS Exposed. New vulnerabilities and attacks. (HITB AMS 2014)Marco Balduzzi
 
Cybercrime in the Deep Web (BHEU 2015)
Cybercrime in the Deep Web (BHEU 2015)Cybercrime in the Deep Web (BHEU 2015)
Cybercrime in the Deep Web (BHEU 2015)Marco Balduzzi
 
HTTP(S)-Based Clustering for Assisted Cybercrime Investigations
HTTP(S)-Based Clustering for Assisted Cybercrime Investigations HTTP(S)-Based Clustering for Assisted Cybercrime Investigations
HTTP(S)-Based Clustering for Assisted Cybercrime InvestigationsMarco Balduzzi
 
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin Ahmed
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin AhmedBackup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin Ahmed
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin AhmedMazin Ahmed
 
чынгыз айтматов Small
чынгыз айтматов Smallчынгыз айтматов Small
чынгыз айтматов SmallKamchibekova Rakia
 
ОО" Шоола Кол" презентация Результаты поиска Санкт-Петербург 14 октября
ОО" Шоола Кол" презентация Результаты поиска Санкт-Петербург 14 октябряОО" Шоола Кол" презентация Результаты поиска Санкт-Петербург 14 октября
ОО" Шоола Кол" презентация Результаты поиска Санкт-Петербург 14 октябряАсылбек Айтматов
 
Abusing Social Networks for Automated User Profiling
Abusing Social Networks for Automated User ProfilingAbusing Social Networks for Automated User Profiling
Abusing Social Networks for Automated User ProfilingMarco Balduzzi
 
Softworx Enterprise Asset Management 101 - Presentation Template
Softworx Enterprise Asset Management 101 - Presentation TemplateSoftworx Enterprise Asset Management 101 - Presentation Template
Softworx Enterprise Asset Management 101 - Presentation TemplateEnterprise Softworx Solutions
 
Cctk support for setting hdd password
Cctk support for setting hdd passwordCctk support for setting hdd password
Cctk support for setting hdd passwordartisriva
 
HITB2012AMS - SatanCloud: A Journey Into the Privacy and Security Risks of Cl...
HITB2012AMS - SatanCloud: A Journey Into the Privacy and Security Risks of Cl...HITB2012AMS - SatanCloud: A Journey Into the Privacy and Security Risks of Cl...
HITB2012AMS - SatanCloud: A Journey Into the Privacy and Security Risks of Cl...Marco Balduzzi
 
HTTP Parameter Pollution Vulnerabilities in Web Applications (Black Hat EU 2011)
HTTP Parameter Pollution Vulnerabilities in Web Applications (Black Hat EU 2011)HTTP Parameter Pollution Vulnerabilities in Web Applications (Black Hat EU 2011)
HTTP Parameter Pollution Vulnerabilities in Web Applications (Black Hat EU 2011)Marco Balduzzi
 

Viewers also liked (20)

Avian flu Type A-H5N1 epidemiological model: Puerto Rico as a case study
Avian flu Type A-H5N1 epidemiological model: Puerto Rico as a case studyAvian flu Type A-H5N1 epidemiological model: Puerto Rico as a case study
Avian flu Type A-H5N1 epidemiological model: Puerto Rico as a case study
 
Pentru tine
Pentru tinePentru tine
Pentru tine
 
A New Form of Dos attack in Cloud
A New Form of Dos attack in CloudA New Form of Dos attack in Cloud
A New Form of Dos attack in Cloud
 
AIS Exposed. New vulnerabilities and attacks. (HITB AMS 2014)
AIS Exposed. New vulnerabilities and attacks. (HITB AMS 2014)AIS Exposed. New vulnerabilities and attacks. (HITB AMS 2014)
AIS Exposed. New vulnerabilities and attacks. (HITB AMS 2014)
 
Cybercrime in the Deep Web (BHEU 2015)
Cybercrime in the Deep Web (BHEU 2015)Cybercrime in the Deep Web (BHEU 2015)
Cybercrime in the Deep Web (BHEU 2015)
 
Possessive adjectives
Possessive adjectivesPossessive adjectives
Possessive adjectives
 
HTTP(S)-Based Clustering for Assisted Cybercrime Investigations
HTTP(S)-Based Clustering for Assisted Cybercrime Investigations HTTP(S)-Based Clustering for Assisted Cybercrime Investigations
HTTP(S)-Based Clustering for Assisted Cybercrime Investigations
 
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin Ahmed
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin AhmedBackup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin Ahmed
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin Ahmed
 
чынгыз айтматов Small
чынгыз айтматов Smallчынгыз айтматов Small
чынгыз айтматов Small
 
Christmas
ChristmasChristmas
Christmas
 
ОО" Шоола Кол" презентация Результаты поиска Санкт-Петербург 14 октября
ОО" Шоола Кол" презентация Результаты поиска Санкт-Петербург 14 октябряОО" Шоола Кол" презентация Результаты поиска Санкт-Петербург 14 октября
ОО" Шоола Кол" презентация Результаты поиска Санкт-Петербург 14 октября
 
Abusing Social Networks for Automated User Profiling
Abusing Social Networks for Automated User ProfilingAbusing Social Networks for Automated User Profiling
Abusing Social Networks for Automated User Profiling
 
Softworx Enterprise Asset Management 101 - Presentation Template
Softworx Enterprise Asset Management 101 - Presentation TemplateSoftworx Enterprise Asset Management 101 - Presentation Template
Softworx Enterprise Asset Management 101 - Presentation Template
 
Presentation1
Presentation1Presentation1
Presentation1
 
Cctk support for setting hdd password
Cctk support for setting hdd passwordCctk support for setting hdd password
Cctk support for setting hdd password
 
Personal informatic
Personal informaticPersonal informatic
Personal informatic
 
Adauga un text
Adauga un textAdauga un text
Adauga un text
 
HITB2012AMS - SatanCloud: A Journey Into the Privacy and Security Risks of Cl...
HITB2012AMS - SatanCloud: A Journey Into the Privacy and Security Risks of Cl...HITB2012AMS - SatanCloud: A Journey Into the Privacy and Security Risks of Cl...
HITB2012AMS - SatanCloud: A Journey Into the Privacy and Security Risks of Cl...
 
Family tree
Family treeFamily tree
Family tree
 
HTTP Parameter Pollution Vulnerabilities in Web Applications (Black Hat EU 2011)
HTTP Parameter Pollution Vulnerabilities in Web Applications (Black Hat EU 2011)HTTP Parameter Pollution Vulnerabilities in Web Applications (Black Hat EU 2011)
HTTP Parameter Pollution Vulnerabilities in Web Applications (Black Hat EU 2011)
 

Similar to Why AIS is not always enough

Vessel Traffic Management System
Vessel Traffic Management SystemVessel Traffic Management System
Vessel Traffic Management SystemRolta
 
Centralized Fault Management of Docks in Marine Sensor Networks
Centralized Fault Management of Docks in Marine Sensor NetworksCentralized Fault Management of Docks in Marine Sensor Networks
Centralized Fault Management of Docks in Marine Sensor NetworksIOSR Journals
 
2013 Basic Presentation-A
2013 Basic Presentation-A2013 Basic Presentation-A
2013 Basic Presentation-AJim Stockstill
 
Maritime Surveillance PG24 MTR Sept 15 ARTICLE ONLY
Maritime Surveillance PG24 MTR Sept 15 ARTICLE ONLYMaritime Surveillance PG24 MTR Sept 15 ARTICLE ONLY
Maritime Surveillance PG24 MTR Sept 15 ARTICLE ONLYMarianne Molchan
 
DIGITALISATION IN SHIPPING & LOGISTICS
DIGITALISATION IN SHIPPING & LOGISTICSDIGITALISATION IN SHIPPING & LOGISTICS
DIGITALISATION IN SHIPPING & LOGISTICSrohith30
 
Maritime Security Challenge - Thales
Maritime Security Challenge - Thales Maritime Security Challenge - Thales
Maritime Security Challenge - Thales Digital Catapult
 
Sirm15 A new concept of Fleet Management System
Sirm15 A new concept of Fleet Management SystemSirm15 A new concept of Fleet Management System
Sirm15 A new concept of Fleet Management SystemGaetano Volpe
 
Automatic-identification system gr1.pptx
Automatic-identification system gr1.pptxAutomatic-identification system gr1.pptx
Automatic-identification system gr1.pptxMarkFrenlyLompot
 
presentations-amp_imo_presentation
presentations-amp_imo_presentationpresentations-amp_imo_presentation
presentations-amp_imo_presentationJeff Douglas
 
Thales Maritime Security
Thales Maritime SecurityThales Maritime Security
Thales Maritime SecurityAntonio Rocha
 
IRJET- Development of Fishermen Border Alert and Speed Reduction System using...
IRJET- Development of Fishermen Border Alert and Speed Reduction System using...IRJET- Development of Fishermen Border Alert and Speed Reduction System using...
IRJET- Development of Fishermen Border Alert and Speed Reduction System using...IRJET Journal
 
Case Study: Making use of satellite data and big-data analytics
Case Study: Making use of satellite data and big-data analyticsCase Study: Making use of satellite data and big-data analytics
Case Study: Making use of satellite data and big-data analyticsInnoTech
 
20220613_CYBER SECURITY THEORETICAL TRAINING_rev8.pptx
20220613_CYBER SECURITY THEORETICAL TRAINING_rev8.pptx20220613_CYBER SECURITY THEORETICAL TRAINING_rev8.pptx
20220613_CYBER SECURITY THEORETICAL TRAINING_rev8.pptxpeterdsouza28
 
automatic identification system.pdf
automatic identification system.pdfautomatic identification system.pdf
automatic identification system.pdfks91172
 

Similar to Why AIS is not always enough (20)

Vessel Traffic Management System
Vessel Traffic Management SystemVessel Traffic Management System
Vessel Traffic Management System
 
F010133036
F010133036F010133036
F010133036
 
Centralized Fault Management of Docks in Marine Sensor Networks
Centralized Fault Management of Docks in Marine Sensor NetworksCentralized Fault Management of Docks in Marine Sensor Networks
Centralized Fault Management of Docks in Marine Sensor Networks
 
2013 Basic Presentation-A
2013 Basic Presentation-A2013 Basic Presentation-A
2013 Basic Presentation-A
 
C sigma short abstract - v. 2
C sigma short abstract - v. 2C sigma short abstract - v. 2
C sigma short abstract - v. 2
 
20 slides canadá tecnologia portos 05 mai 2015
20 slides canadá tecnologia portos 05 mai 201520 slides canadá tecnologia portos 05 mai 2015
20 slides canadá tecnologia portos 05 mai 2015
 
Maritime Surveillance PG24 MTR Sept 15 ARTICLE ONLY
Maritime Surveillance PG24 MTR Sept 15 ARTICLE ONLYMaritime Surveillance PG24 MTR Sept 15 ARTICLE ONLY
Maritime Surveillance PG24 MTR Sept 15 ARTICLE ONLY
 
DIGITALISATION IN SHIPPING & LOGISTICS
DIGITALISATION IN SHIPPING & LOGISTICSDIGITALISATION IN SHIPPING & LOGISTICS
DIGITALISATION IN SHIPPING & LOGISTICS
 
Maritime Security Challenge - Thales
Maritime Security Challenge - Thales Maritime Security Challenge - Thales
Maritime Security Challenge - Thales
 
Sirm15
Sirm15 Sirm15
Sirm15
 
Sirm15 A new concept of Fleet Management System
Sirm15 A new concept of Fleet Management SystemSirm15 A new concept of Fleet Management System
Sirm15 A new concept of Fleet Management System
 
Cyber-Attack.pptx
Cyber-Attack.pptxCyber-Attack.pptx
Cyber-Attack.pptx
 
Automatic-identification system gr1.pptx
Automatic-identification system gr1.pptxAutomatic-identification system gr1.pptx
Automatic-identification system gr1.pptx
 
presentations-amp_imo_presentation
presentations-amp_imo_presentationpresentations-amp_imo_presentation
presentations-amp_imo_presentation
 
Thales Maritime Security
Thales Maritime SecurityThales Maritime Security
Thales Maritime Security
 
IRJET- Development of Fishermen Border Alert and Speed Reduction System using...
IRJET- Development of Fishermen Border Alert and Speed Reduction System using...IRJET- Development of Fishermen Border Alert and Speed Reduction System using...
IRJET- Development of Fishermen Border Alert and Speed Reduction System using...
 
71166455 lrit
71166455 lrit71166455 lrit
71166455 lrit
 
Case Study: Making use of satellite data and big-data analytics
Case Study: Making use of satellite data and big-data analyticsCase Study: Making use of satellite data and big-data analytics
Case Study: Making use of satellite data and big-data analytics
 
20220613_CYBER SECURITY THEORETICAL TRAINING_rev8.pptx
20220613_CYBER SECURITY THEORETICAL TRAINING_rev8.pptx20220613_CYBER SECURITY THEORETICAL TRAINING_rev8.pptx
20220613_CYBER SECURITY THEORETICAL TRAINING_rev8.pptx
 
automatic identification system.pdf
automatic identification system.pdfautomatic identification system.pdf
automatic identification system.pdf
 

Recently uploaded

Call Girls In Yusuf Sarai Women Seeking Men 9654467111
Call Girls In Yusuf Sarai Women Seeking Men 9654467111Call Girls In Yusuf Sarai Women Seeking Men 9654467111
Call Girls In Yusuf Sarai Women Seeking Men 9654467111Sapana Sha
 
Call Girls Service Nagpur Maya Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Maya Call 7001035870 Meet With Nagpur EscortsCall Girls Service Nagpur Maya Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Maya Call 7001035870 Meet With Nagpur Escortsranjana rawat
 
VIP Call Girls Service Dilsukhnagar Hyderabad Call +91-8250192130
VIP Call Girls Service Dilsukhnagar Hyderabad Call +91-8250192130VIP Call Girls Service Dilsukhnagar Hyderabad Call +91-8250192130
VIP Call Girls Service Dilsukhnagar Hyderabad Call +91-8250192130Suhani Kapoor
 
06_Joeri Van Speybroek_Dell_MeetupDora&Cybersecurity.pdf
06_Joeri Van Speybroek_Dell_MeetupDora&Cybersecurity.pdf06_Joeri Van Speybroek_Dell_MeetupDora&Cybersecurity.pdf
06_Joeri Van Speybroek_Dell_MeetupDora&Cybersecurity.pdfFinTech Belgium
 
OAT_RI_Ep19 WeighingTheRisks_Apr24_TheYellowMetal.pptx
OAT_RI_Ep19 WeighingTheRisks_Apr24_TheYellowMetal.pptxOAT_RI_Ep19 WeighingTheRisks_Apr24_TheYellowMetal.pptx
OAT_RI_Ep19 WeighingTheRisks_Apr24_TheYellowMetal.pptxhiddenlevers
 
VIP Kolkata Call Girl Serampore 👉 8250192130 Available With Room
VIP Kolkata Call Girl Serampore 👉 8250192130 Available With RoomVIP Kolkata Call Girl Serampore 👉 8250192130 Available With Room
VIP Kolkata Call Girl Serampore 👉 8250192130 Available With Roomdivyansh0kumar0
 
Quarter 4- Module 3 Principles of Marketing
Quarter 4- Module 3 Principles of MarketingQuarter 4- Module 3 Principles of Marketing
Quarter 4- Module 3 Principles of MarketingMaristelaRamos12
 
Independent Lucknow Call Girls 8923113531WhatsApp Lucknow Call Girls make you...
Independent Lucknow Call Girls 8923113531WhatsApp Lucknow Call Girls make you...Independent Lucknow Call Girls 8923113531WhatsApp Lucknow Call Girls make you...
Independent Lucknow Call Girls 8923113531WhatsApp Lucknow Call Girls make you...makika9823
 
Independent Call Girl Number in Kurla Mumbai📲 Pooja Nehwal 9892124323 💞 Full ...
Independent Call Girl Number in Kurla Mumbai📲 Pooja Nehwal 9892124323 💞 Full ...Independent Call Girl Number in Kurla Mumbai📲 Pooja Nehwal 9892124323 💞 Full ...
Independent Call Girl Number in Kurla Mumbai📲 Pooja Nehwal 9892124323 💞 Full ...Pooja Nehwal
 
20240417-Calibre-April-2024-Investor-Presentation.pdf
20240417-Calibre-April-2024-Investor-Presentation.pdf20240417-Calibre-April-2024-Investor-Presentation.pdf
20240417-Calibre-April-2024-Investor-Presentation.pdfAdnet Communications
 
Malad Call Girl in Services 9892124323 | ₹,4500 With Room Free Delivery
Malad Call Girl in Services 9892124323 | ₹,4500 With Room Free DeliveryMalad Call Girl in Services 9892124323 | ₹,4500 With Room Free Delivery
Malad Call Girl in Services 9892124323 | ₹,4500 With Room Free DeliveryPooja Nehwal
 
The Economic History of the U.S. Lecture 17.pdf
The Economic History of the U.S. Lecture 17.pdfThe Economic History of the U.S. Lecture 17.pdf
The Economic History of the U.S. Lecture 17.pdfGale Pooley
 
(DIYA) Bhumkar Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(DIYA) Bhumkar Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(DIYA) Bhumkar Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(DIYA) Bhumkar Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
Call US 📞 9892124323 ✅ Kurla Call Girls In Kurla ( Mumbai ) secure service
Call US 📞 9892124323 ✅ Kurla Call Girls In Kurla ( Mumbai ) secure serviceCall US 📞 9892124323 ✅ Kurla Call Girls In Kurla ( Mumbai ) secure service
Call US 📞 9892124323 ✅ Kurla Call Girls In Kurla ( Mumbai ) secure servicePooja Nehwal
 
Booking open Available Pune Call Girls Shivane 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Shivane 6297143586 Call Hot Indian Gi...Booking open Available Pune Call Girls Shivane 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Shivane 6297143586 Call Hot Indian Gi...Call Girls in Nagpur High Profile
 
Instant Issue Debit Cards - School Designs
Instant Issue Debit Cards - School DesignsInstant Issue Debit Cards - School Designs
Instant Issue Debit Cards - School Designsegoetzinger
 
Log your LOA pain with Pension Lab's brilliant campaign
Log your LOA pain with Pension Lab's brilliant campaignLog your LOA pain with Pension Lab's brilliant campaign
Log your LOA pain with Pension Lab's brilliant campaignHenry Tapper
 
How Automation is Driving Efficiency Through the Last Mile of Reporting
How Automation is Driving Efficiency Through the Last Mile of ReportingHow Automation is Driving Efficiency Through the Last Mile of Reporting
How Automation is Driving Efficiency Through the Last Mile of ReportingAggregage
 
Russian Call Girls In Gtb Nagar (Delhi) 9711199012 💋✔💕😘 Naughty Call Girls Se...
Russian Call Girls In Gtb Nagar (Delhi) 9711199012 💋✔💕😘 Naughty Call Girls Se...Russian Call Girls In Gtb Nagar (Delhi) 9711199012 💋✔💕😘 Naughty Call Girls Se...
Russian Call Girls In Gtb Nagar (Delhi) 9711199012 💋✔💕😘 Naughty Call Girls Se...shivangimorya083
 
00_Main ppt_MeetupDORA&CyberSecurity.pptx
00_Main ppt_MeetupDORA&CyberSecurity.pptx00_Main ppt_MeetupDORA&CyberSecurity.pptx
00_Main ppt_MeetupDORA&CyberSecurity.pptxFinTech Belgium
 

Recently uploaded (20)

Call Girls In Yusuf Sarai Women Seeking Men 9654467111
Call Girls In Yusuf Sarai Women Seeking Men 9654467111Call Girls In Yusuf Sarai Women Seeking Men 9654467111
Call Girls In Yusuf Sarai Women Seeking Men 9654467111
 
Call Girls Service Nagpur Maya Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Maya Call 7001035870 Meet With Nagpur EscortsCall Girls Service Nagpur Maya Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Maya Call 7001035870 Meet With Nagpur Escorts
 
VIP Call Girls Service Dilsukhnagar Hyderabad Call +91-8250192130
VIP Call Girls Service Dilsukhnagar Hyderabad Call +91-8250192130VIP Call Girls Service Dilsukhnagar Hyderabad Call +91-8250192130
VIP Call Girls Service Dilsukhnagar Hyderabad Call +91-8250192130
 
06_Joeri Van Speybroek_Dell_MeetupDora&Cybersecurity.pdf
06_Joeri Van Speybroek_Dell_MeetupDora&Cybersecurity.pdf06_Joeri Van Speybroek_Dell_MeetupDora&Cybersecurity.pdf
06_Joeri Van Speybroek_Dell_MeetupDora&Cybersecurity.pdf
 
OAT_RI_Ep19 WeighingTheRisks_Apr24_TheYellowMetal.pptx
OAT_RI_Ep19 WeighingTheRisks_Apr24_TheYellowMetal.pptxOAT_RI_Ep19 WeighingTheRisks_Apr24_TheYellowMetal.pptx
OAT_RI_Ep19 WeighingTheRisks_Apr24_TheYellowMetal.pptx
 
VIP Kolkata Call Girl Serampore 👉 8250192130 Available With Room
VIP Kolkata Call Girl Serampore 👉 8250192130 Available With RoomVIP Kolkata Call Girl Serampore 👉 8250192130 Available With Room
VIP Kolkata Call Girl Serampore 👉 8250192130 Available With Room
 
Quarter 4- Module 3 Principles of Marketing
Quarter 4- Module 3 Principles of MarketingQuarter 4- Module 3 Principles of Marketing
Quarter 4- Module 3 Principles of Marketing
 
Independent Lucknow Call Girls 8923113531WhatsApp Lucknow Call Girls make you...
Independent Lucknow Call Girls 8923113531WhatsApp Lucknow Call Girls make you...Independent Lucknow Call Girls 8923113531WhatsApp Lucknow Call Girls make you...
Independent Lucknow Call Girls 8923113531WhatsApp Lucknow Call Girls make you...
 
Independent Call Girl Number in Kurla Mumbai📲 Pooja Nehwal 9892124323 💞 Full ...
Independent Call Girl Number in Kurla Mumbai📲 Pooja Nehwal 9892124323 💞 Full ...Independent Call Girl Number in Kurla Mumbai📲 Pooja Nehwal 9892124323 💞 Full ...
Independent Call Girl Number in Kurla Mumbai📲 Pooja Nehwal 9892124323 💞 Full ...
 
20240417-Calibre-April-2024-Investor-Presentation.pdf
20240417-Calibre-April-2024-Investor-Presentation.pdf20240417-Calibre-April-2024-Investor-Presentation.pdf
20240417-Calibre-April-2024-Investor-Presentation.pdf
 
Malad Call Girl in Services 9892124323 | ₹,4500 With Room Free Delivery
Malad Call Girl in Services 9892124323 | ₹,4500 With Room Free DeliveryMalad Call Girl in Services 9892124323 | ₹,4500 With Room Free Delivery
Malad Call Girl in Services 9892124323 | ₹,4500 With Room Free Delivery
 
The Economic History of the U.S. Lecture 17.pdf
The Economic History of the U.S. Lecture 17.pdfThe Economic History of the U.S. Lecture 17.pdf
The Economic History of the U.S. Lecture 17.pdf
 
(DIYA) Bhumkar Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(DIYA) Bhumkar Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(DIYA) Bhumkar Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(DIYA) Bhumkar Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
Call US 📞 9892124323 ✅ Kurla Call Girls In Kurla ( Mumbai ) secure service
Call US 📞 9892124323 ✅ Kurla Call Girls In Kurla ( Mumbai ) secure serviceCall US 📞 9892124323 ✅ Kurla Call Girls In Kurla ( Mumbai ) secure service
Call US 📞 9892124323 ✅ Kurla Call Girls In Kurla ( Mumbai ) secure service
 
Booking open Available Pune Call Girls Shivane 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Shivane 6297143586 Call Hot Indian Gi...Booking open Available Pune Call Girls Shivane 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Shivane 6297143586 Call Hot Indian Gi...
 
Instant Issue Debit Cards - School Designs
Instant Issue Debit Cards - School DesignsInstant Issue Debit Cards - School Designs
Instant Issue Debit Cards - School Designs
 
Log your LOA pain with Pension Lab's brilliant campaign
Log your LOA pain with Pension Lab's brilliant campaignLog your LOA pain with Pension Lab's brilliant campaign
Log your LOA pain with Pension Lab's brilliant campaign
 
How Automation is Driving Efficiency Through the Last Mile of Reporting
How Automation is Driving Efficiency Through the Last Mile of ReportingHow Automation is Driving Efficiency Through the Last Mile of Reporting
How Automation is Driving Efficiency Through the Last Mile of Reporting
 
Russian Call Girls In Gtb Nagar (Delhi) 9711199012 💋✔💕😘 Naughty Call Girls Se...
Russian Call Girls In Gtb Nagar (Delhi) 9711199012 💋✔💕😘 Naughty Call Girls Se...Russian Call Girls In Gtb Nagar (Delhi) 9711199012 💋✔💕😘 Naughty Call Girls Se...
Russian Call Girls In Gtb Nagar (Delhi) 9711199012 💋✔💕😘 Naughty Call Girls Se...
 
00_Main ppt_MeetupDORA&CyberSecurity.pptx
00_Main ppt_MeetupDORA&CyberSecurity.pptx00_Main ppt_MeetupDORA&CyberSecurity.pptx
00_Main ppt_MeetupDORA&CyberSecurity.pptx
 

Why AIS is not always enough

  • 1. How sole reliance on AIS data could undermine your organisation’s gBMP In order to mitigate the risk of money laundering and terrorist financing, and avoid the likely criminal, reputational, and commercial damage that would occur as a result of non-compliance, organisations with exposures to shipping (including ship finance, trade finance, commodity trading, chartering and insurance services) are investigating the use of ship tracking services as a part of their overall risk management strategy. Knowledge of a ship’s previous, current, and future trading patterns is required in order to achieve demonstrable best efforts, and is the foundation of any geospatial Best Management Practice (gBMP) programme. For those considering ship tracking services, you may have found that the range of commercial solutions available on the market appear to be limited to Automatic Identification System (AIS)-based services. AIS-only ship tracking services may offer an adequate source of information for basic ship tracking. However, if you are evaluating these services for compliance purposes, it is crucial to understand the vulnerabilities of AIS and be aware of alternative, more secure and comprehensive risk management solutions such as those commonly utilised by governments and major shipping companies. A recent critical report by Trend Micro (an independent internet content security and threat management consultancy) has drawn the attentions of the maritime and mainstream press to the vulnerabilities of AIS, in particular the security of the data and its susceptibility to hacking. In this bulletin, we explore the vulnerabilities of AIS and suggest how PurpleTRAC (a new risk management and sanction compliance solution from Pole Star) can help underpin your implementation of gBMP. 1
  • 2. Vulnerabilities of AIS AIS has several major vulnerabilities, including: AIS message transmission is not secure and can be falsified Trend Micro has drawn attention to “vulnerabilities that allow an attacker to tamper with valid AIS data and inject invalid AIS data”.1 During experiments, Trend Micro’s researchers proved that they were able to “hijack communications of existing vessels, create fake vessels, trigger false SOS or collision alerts and even permanently disable AIS tracking on any vessel”.2 According to Lloyds List, Trend Micro has highlighted “how easy it is to hack into the system that tracks the location of the world fleet”.3 AIS can be spoofed because it uses open standards (ITU M.1371 / NMEA0183) that can be obtained by anyone and used to decode the data. AIS equipment is not required to be continuously switched on AIS messages are transmitted using very high frequency (VHF) radio waves and received, without restriction, by anyone with an AIS receiver (who can then publish the data on the web and/or use the data for illegitimate purposes). Consequently, there are legitimate operational concerns that pirates and/or criminals could use this information to locate and target specific ships and cargoes. To counter this, the International Maritime Organization (IMO) issued regulatory guidance to ships masters that, if the ship was considered to be under threat, its AIS could be switched off. This does happen when ships transit high-risk areas where there is an obvious threat of piracy, when ships with high-interest cargo wish to avoid commercial detection, and when ships conducting illegal ship-to-ship transhipments attempt to conceal their activities.5 AIS was not designed to be a global tracking system AIS is recognised by the IMO for the purpose of collision avoidance and not as a global ship tracking system. Furthermore, when the IMO introduced ship tracking as an international security requirement (with the introduction of the Long-Range Identification and Tracking (LRIT) regulation) it specifically excluded the use of AIS due to its inherent insecurity, and employed the more secure, robust, and reliable Inmarsat-C technology instead. Satellite-AIS has message collection and latency limitations In high-density shipping areas where thousands of ships may be transmitting AIS messages, it is a challenge for S-AIS systems to efficiently collect, process, and download all of the messages. The result of this is that many messages are lost due to data collisions. Research indicates that typical S-AIS receivers are able to receive less than 50% of messages in medium to high-density areas.The S-AIS provider then has to clean (or “de-collide”) the data in order to extract useful information from it. This data processing exercise adds a delay (known as “latency”) to the delivery of the message. 2 Real world example: Ramtin It was recently reported that the Iranian crude oil tanker Ramtin, which is managed and owned by Tabuk Maritime (a company sanctioned by OFAC), had hacked its own AIS to disguise its activities near Singapore.4 1, 2 Vulnerabilities Discovered in Global Vessel tracking Systems, Trend Micro, 15 October 2013, http://blog.trendmicro.com/trendlabs-security-intelligence/vulnerabilities-discovered-in-global-vessel-tracking-systems 3 AIS can no longer be trusted, says hacking expert, Lloyds List, 18 October 2013 4 Iranian Tanker Hacks AIS to Disguise Itself Off Singapore, gCaptain, 25 October, 2013, http://gcaptain.com/iranian-tanker-hacks-disguise/ 5 Phantom Ships Expose Weakness in AIS Vessel-Tracking System, Bloomberg, 29 October 2013, http://www.bloomberg.com/news/2013-10-29/phantom-ships-expose-weakness-in-vessel-tracking-system-freight.html
  • 3. How AIS works The Automatic Identification System (AIS) is a VHF (very high frequency) radio tracking system that is used by ships and vessel traffic services to identify and locate other nearby ships for the primary purpose of collision avoidance. The AIS regulation requires equipment to be fitted aboard all ships of 300 gross tonnage and upwards engaged on international voyages, cargo ships of 500 gross tonnage and upwards not engaged on international voyages, and all passenger ships irrespective of size. The requirement became effective for all ships 31 December 2004. The regulation requires that AIS shall: • Provide information (including the ship's identity, type, position, course, speed, navigational status and other safety-related information) automatically to appropriately equipped shore stations, other ships and aircraft • Receive the above information automatically from other AIS enabled ships • Monitor and track ships • Exchange data with shore-based facilities Terrestrial (T-AIS) The AIS equipment aboard a ship broadcasts messages to AIS receivers on other ships and ashore (typically ports). Such T-AIS equipment can detect messages from up to 50 nautical miles and therefore provides effective ship-to-ship and coastal coverage. Satellite AIS (S-AIS) S-AIS systems use a network of satellite-based receivers to detect and collect AIS messages transmitted from ships. S-AIS is effective for basic and historical ship tracking. However, the system does have message collection and latency limitations in respect of near real-time tracking. Achieving demonstrable best efforts Avoiding sanctioned countries, either directly or by indemnification, is not sufficient. Organisations with exposures to shipping risk are expected to know if any business relationships are linked to such countries. By definition, this includes the physical asset (the ship) and related group beneficial owner, registered owner, operator, manager, and technical manager, and extends to the ship’s chartering, cargo, cargo financing, and associated insurances including hull, P&I, cargo, war risk, and K&R. 3 Satellite AIS Limited coverage • Public • Unsecured Terrestrial AIS Limited range • Public • Unsecured
  • 4. The solution: PurpleTRAC PurpleTRAC is a geopolitical risk management and economic sanctions compliance solution designed by and for organisations with exposures to shipping risks. Delivered as a Software-as-a-Service (SaaS) hosted application to registered users on a subscrip- tion-only basis, PurpleTRAC consists of three integrated processes: ship screening, ship tracking and archiving & reporting. Screening Screening consists of a series of automatic checks to provide critical and advisory information regarding a selected ship’s current and past exposure to risk. Global Sanctions: screens the ship and its associated group beneficial owner, registered owner, operator, ship manager, and technical manager against a comprehensive range of 37 international sanctions lists8 , and generates an alert if a positive match is returned. Flag State, Class Society, and Ship Quality Performance: screens the ship against a range of flag, class, and Port State Control (PSC) inspection deficiency and detention databases9 and blacklisted ports and generates an alert if a positive PSC match is returned. Ship Movement History: screens the ship against OFAC sanctioned countries and US Port Security Advisory bulletin ports listings using the last 90-days of available Automatic Identification System (AIS) position data and generates an alert if a positive match is returned. A comprehensive Screening Report is available on the user interface, via download and by email. Tracking PurpleTRAC actively tracks ships on a continuous or voyage-based basis. Hybrid Track technology: combines data from multiple satellite tracking services (including the ship’s secure Inmarsat-C terminal and its AIS equipment) into a single coherent position track (whilst managing minor inconsistencies and reporting major anomalies). Detection & alerts: actively monitors the ship’s movements for key pre-defined events (e.g. approach or entry to high-risk areas10 ). Daily screening: daily screening against the full range of global economic sanctions lists. A Management Report is available on the user interface, via download and by email. Archiving & Reporting PurpleTRAC maintains an up-to-date record of all users’ historical and on-going activities, providing a tamper-resistant, auditable and verifiable statement of your organisation’s geopolitical risk management and sanctions compliance activity. A Trade Report is available on the user interface, via download and by email. 4 Find out more about PurpleTRAC at http://purpletrac.polestarglobal.com 8 Data supplied by Dow Jones Risk & Compliance 9 Data supplied by IHS 10 As defined by the London Joint War Committee