Models of cyberattacks on the automatic identification system network

The study examines cyber threats within the network of the maritime Automatic Identification System (AIS). A review of available data on identified AIS vulnerabilities has shown a lack of a well-structured formal description and classification of threats. At present, the existing scenario-based attack models do not encompass the full spectrum of possible threats, while most approaches to AIS cybersecurity — both organizational and technical — are limited to information-security measures implemented directly on board the vessel. Five independent models of external attacks on AIS are proposed, representing typical levels of cyber threats ranging from low (single-signal spoofing) to high (combined multistage attacks employing several methods). In addition to external threats, the study also considers internal threats related to unauthorized penetration into the ship’s computer network followed by destructive actions. These cases are discussed separately, as they require specific methods of analysis and mitigation. New approaches and recommendations for AIS protection are proposed. Counteracting cyber threats requires a balanced combination of organizational and technical measures, conventionally divided into software-algorithmic and hardware-architectural categories. The former includes methods for improving the AIS protocol and software, such as message authentication and encryption, anomaly filtering, and intrusion detection systems. Another important direction involves the development of algorithms for detecting falsified AIS data. This requires the creation of additional monitoring systems capable of continuously analyzing incoming information for signs of anomalies, such as the absence of a previous route, illogical maneuvers, data duplication, or desynchronization with radar observations. Future AIS cybersecurity is expected to rely on more detailed regulations and guidelines issued by classification societies, as well as on enhanced software and hardware solutions implemented both on board vessels and in shore-based centers, such as Vessel Traffic Management Systems (VTMS).

1. IMO. Resolution MSC.428(98). Maritime Cyber Risk Management in Safety Management Systems. 2017. Web. 27 Aug. 2025 https://wwwcdn.imo.org/localresources/en/OurWork/Security/Documents/Resolution%20MSC.428(98).pdf.

2. IALA. Guideline 1082 — An Overview of АИС, Ed. 2.0. Saint-Germain-en-Laye, France: IALA, June 2016. Web. 27 Aug. 2025 https://navcen.uscg.gov/sites/default/files/pdf/IALA_Guideline_1082_An_Overview_of_АИС.pdf.

3. IEC. International Standard IEC 61162–450:2018. Maritime navigation and radiocommunication equipment and systems — Digital interfaces — Part 450: Multiple talkers and multiple listeners — Ethernet interconnection (Lightweight Ethernet). Geneva: IEC, 2018.

4. IEC. International Standard IEC 61162–460:2015. Maritime navigation and radiocommunication equipment and systems — Digital interfaces — Part 460: Multiple talkers and multiple listeners — Ethernet interconnection — Safety and Security (Security gateway). Geneva: IEC, 2015.

5. Storm D. Hack in the Box: Researchers attack ship tracking systems for fun and profit Web. 27 Aug. 2025 https://www.computerworld.com/article/2500102/hack-in-the-box—researchers-attack-ship-tracking-systems-for-fun-and-profit.html.

6. Semyonov, S.A. “Setevaya ugroza: kak zashchitit’ morskie suda ot kiberatak? “ Transportnaya bezopasnost’ i tekhnologii 2(53). (2018): 86–91.

7. Antipov A. Vozmozhnye ugrozy dlya morskogo sudohodstva, iskhodyashchie ot vzlomannoj sistemy AIS. SecurityLab. Web. 27 Aug. 2025 https://www.securitylab.ru/analytics/497745.php.

8. Kessler, G. C. and D. M. Zorri. “AIS Spoofing: A Tutorial for Researchers.” 2024 IEEE 49th Conference on Local Computer Networks (LCN) — 2024: 1–7. DOI: 10.1109/LCN60385.2024.10639747.

9. Oruc, A., G. Kavallieratos, V. Gkioulos and S. Katsikas. “Perspectives on the Cybersecurity of the Integrated Navigation System.” Journal of Marine Science and Engineering 13.6 (2025): 1087. DOI: 10.3390/jmse13061087.

10. Munro K. Ships can’t be hacked. Wrong. Pen Test Partners Blog. Web. 27 Aug. 2025 https://www.pen-testpartners.com/security-blog/ships-cant-be-hacked-wrong/.

11. Hemminghaus, C., J. Bauer and E. Padilla. “BRAT: a BRIDGe attack tool for cyber security assessments of maritime systems.” TransNav the International Journal on Marine Navigation and Safety of Sea Transportation 15.1 (2021): 35–44. DOI: 10.12716/1001.15.01.02.

12. Harish, A. V., K. Tam and K. Jones. “Literature review of maritime cyber security: The first decade.” Maritime Technology and Research 7.2 (2024): 273805. DOI: 10.33175/mtr.2025.273805.

13. Smolentsev, S. V., D. V. Isakov and M. B. Solodovnichenko. “Problems of using automatic identification system messages in the task of forecasting vessel movement trajectories.” Vestnik gosudarstvennogo universiteta morskogo i rechnogo flota im. admirala S. O. Makarova 17.2 (2025): 163–174. DOI: 10.21821/2309-5180-2025-17-2-163-174.

14. Smolentsev, S. V., E. O. Ol’khovik, et al. “ Algorithm for analyzing the automatic identification system data to identify typical scenarios for vessel divergence and testing the systems of autonomous shipping.” T-Comm 18.3 (2024): 50–59. DOI: 10.36724/2072-8735-2024-18-3-50-59.

15. Ol’khovik, E., A. Butsanets and A. Zhidkova. “Assessment of the Possibility of Using a Waterway for Operation of Autonomous Ships.” Transportation Research Procedia 68 (2023): 383–388. DOI: 10.1016/j.trpro.2023.02.051.

16. The Guidelines for Formal Safety Assessment (FSA) for use in the IMO rule-making process. London: IMO, 2018.

17. Rukovodstvo po obespecheniyu kiberbezopasnosti. ND № 2–030101–040. Saint-Petersburg: FAU «Rossijskij morskoj registr sudohodstva», 2021.

18. Pravila klassifikacii i postrojki morskih sudov, chast’ XXI «Kiberustojchivost’». ND № 2–020101–174. Saint-Petersburg: FAU «Rossijskij morskoj registr sudohodstva», 2025.