top of page

cyber security physical systems

The complexities of systems on board ships are generally related to size and operation. A ship requires systems to provide and control propulsion, steering, ballast, etc. however as soon as you add passengers you add to the quantity and complexity as systems are added to provide facilities and to manage the human cargo. The ship by its very nature has to work untethered from land and the only connection provided when at sea is via one of many possible communications channels providing both voice and data exchange. The ship may therefore from a cyber perspective be considered as a 'system of systems' operated in a contained environment. For the purposes of developing appropriate and proportionate cyber security measures, each of the technical systems in place may be considered as largely located in, or directly related to one of the following categories:

  1. Communication systems;

    1. Satellite ​

    2. VHF/UHF

    3. S-band / X-band

    4. 3G/4G-LTE

  2. Navigation systems;

    1. VDR​

    2. ECDIS

    3. AIS/GPS

    4. RADAR

  3. Plant systems;

    1. ICS​

    2. HVAC

  4. Safety systems;

    1. GMDSS​

    2. AMVER

    3. SSAS

  5. Cargo systems;

  6. Passenger management systems;​​

  7. Passenger / crew access systems.

So a complex and disparate set of systems are communicating via augmented encapsulated TCP/IP protocols to exchange information about almost every critical operation of the ship.Much of the protocols are legacy serial over TCP (e.g. MODBUS) designed without security in mind. In the process of selecting a cyber physical security solution PERIMETROS asked:

  1. What ship systems are involved in the creation, use, maintenance, storage and transmission of ship data?

  2. To what extent are each of these systems dedicated to a single ship?

  3. Are the ship systems shared by different activities?

  4. Are the systems accessible by any third parties, aboard the ship, ashore, or on another ship?

  5. What is the typical operating life of each system?

  6. When is it likely that each system will become unsupportable, obsolete or need to be replaced for business and/or operational reasons?

  7. What channels, technologies and parts of the overall spectrum are used to communicate and share ship data between ship systems and with any users who need to access or use it?

  8. What channels, technologies and parts of the electro-magnetic spectrum are used to control and integrate ship systems?

  9. To what extent are the communications confined to the ship, and will remote access to, or remote processing of, communications be required?

  10. What information and data, including sensor data, do the ship systems require to function?

  11. What other information and data is held, for example, personal data?

  12. What legal requirements are there with regards to the information and data held?

  13. How are information and data encoded?

  14. How and where are information and data stored?

  15. How are the data/information to be protected whilst at rest, in transit or in use?

  16. What will the consequences be if information and/or data was lost and therefore no longer available?

  17. Who owns the information and data?

  18. How are information and data made available and what restrictions are there on their use?

  19. How long do information and data need to be kept?

  20. What information and data need to be securely removed when no longer required?

Reliable hybrid systems are hard to come by. The way they are deployed should allow for maximum information gathering, zero operational interruption, minimal administration, efficient communication with the outer world and true IT/OT protection.   


rugged protection


The ruggedised appliance is communicating with all the ship's critical systems via standard and proprietary maritime protocols such as NMEA 0183 over TCP, MODBUS TCP and Kongsberg Net I/O and collects data about cyber security, performance and resilience. Normal signals are processed  and archived and violations are captured, filtered, compressed, encrypted and reported in real time back to the 24/7 security operation centre for analysis. After an appropriate learning period the system is switching from detection to prevention and stops malware and other type of automatic or manual attacks before they cause harm to any of the ship's critical systems.    

bottom of page