Maritime Cyber Security: A Comparative Analysis of U.S. and International Regulation on AIS Data Receptors

Abstract

Cyber security is a problem within the maritime industry because of the introduction and continuous implementation of technologies, including automation and digitization of processes among others. This consequently adds new vulnerabilities within ports, ships, offshore rigs and submersibles systems. As a result, recent number of incidents show that commercial shipping has taken a more reactive than proactive approach. Compared to other industries, the maritime sector does not employ centralized monitoring of information flow through traffic controllers, like aviation. This means that any device using Internet of Things (IoT) can transmit and receive information that is captured and shared for various (unknown) purposes. This is the case with Automatic Identification System (AIS) data that has proliferated. and has potentially become a target for cyber-attack. Is every ship equipped with AIS devices? Are there rules for sending and receiving the AIS data? What is/are the enforcement mechanisms? Why should commercial maritime companies care? In this sense, this research examines the regulation on AIS data transmitters and receptors. The analysis is conducted with a comparison of international and national laws. The International reference is the IMO (International Maritime Organization) and as National (the United States), as one of the top countries targeted for cyber-attacks. The results show that international regulation is broad and United States regulation is more restrict and specific.