As we need to start by looking at the basic capabilities of an ECDIS, we can identify the following main functionalities:
- Maritime spatial data display
- Safe Passage Planning (Appraisal)
- Visualization of route and voyage
- Anti-grounding capability
- Monitoring of position and of surrounding target (AIS and radar)
- Monitoring and display of navigational sensors
- Visualization of warnings and temporary changes (Navtex, NtM, information overlays)
- Chart-update management and control
- Track recording
- Alarm management
In summary: an ECDIS is a planning, visualization and decision-support system, which (in competent hands) improves the safety of navigation.
The transfer of content from one source media to a target machine remains the most critical process with regard to IT security and system integrity.
The risk that a USB stick, intended to be used for safe navigation, is in fact faulty and carries a virus, is a threat to avoid by every possible means. It can pose a great risk to the ship and the crew.
Therefore, if you want to connect your navigation system to a data link, you have to undertake cyber-security measures.
The technical way of connecting the ship’s ECDIS with infrastructure onshore is the use of Virtual Private Networks (VPN). The data exchange is then handled via a File Transfer Protocol (ftp).
You will also want to protect your ECDIS from getting infected via the ship’s communication computer (which is then acting as the media server of the satellite comms). This may be a shared computer for the tasks of email communication, social networking and other functions; so it is recommended to use a firewall to protect your vulnerable ECDIS.
The industry offers type-approved Gateways (IEC 61162-460) which will support secure data exchange between ship and shore and make the bridge “USB-free”, removing the risk of harm to system integrity.