Ship Tracking Gone Awry
Vulnerabilities in AIS highlighted.
Ship Tracking Gone Awry: Reliance on AIS Data Undermines Maritime Security
Opinion piece by Ami Daniel, co-Founder and CEO, Windward
Ships have been sailing the oceans for millennia, but until very recently there was no tracking system in place to identify a ship’s location while at sea. And so, ships quite literally disappeared once they sailed out of sight, creating a critical information vacuum for security and intelligence organizations worldwide.
A system put into place by the International Maritime Organization (IMO) in 2002 began providing data on the whereabouts of ships at sea for the first time in history. The system, known as the Automatic Identification System (AIS), mandates that ships over 300GT, and all tankers and passenger ships, provide near-constant transmission of their key statistics – ship identity, position, vessel type, course and speed – to nearby ships and on-shore receiving base stations. Since the commercialization of micro and nano satellites in 2010 this data is also collected by commercial satellites and used by navies, coast guards, intelligence communities, customs and law enforcement agencies worldwide for the purposes of maritime domain awareness with its vastly important operational implications.
However, AIS has had two critically important yet little understood unintended consequences. The first is the birth of Maritime Big Data. Where once security agencies had an information vacuum – a dark screen – today’s AIS-equipped ships generate well over 100 million data points per day. And that number is expected to continue growing with changes to local and international regulation. In order to make sense of this data avalanche, security agencies must now employ deep analytical systems that can sift through the big data and identify the specific ships whose behavior is anomalous or suspicious based on past patterns, current behavior, shipping trends and regional sensitivities. Big Data is largely meaningless without Big Data analytics.
More troubling, however, are the huge vulnerabilities of the AIS data. Because AIS was designed with safety in mind – to ensure that ships avoid collisions in bad weather or when a nearby ship is out of sight – its protocol involves a simple, and easily manipulated, exchange of electronic data via unsecured connections. What’s more, the reporting itself is based solely on the honors system: a ship is required to transmit its information, but there is no system to validate whether that information is accurate. A ship that identifies as a fishing vessel sailing to West Africa, for example, could be telling the truth. It could just as easily be a ship involved in smuggling activities and sailing to another destination.
And this goes well beyond anecdotal evidence. Windward recently published a research report that examines, for the first time, real-world AIS/satellite manipulation, the magnitude of the problem, and its far-reaching implications. According to our research, there are a variety of ways in which ships manipulate AIS data. The ‘top five’ methods include obscuring destinations by neglecting to transmit a ship’s final destination, ‘going dark’ by shutting off AIS transmissions, creating ‘ghost ships,’ and manipulating the GPS information.
The attached image provides a striking visualization of GPS manipulation: the ships within the satellite’s footprint are clustered, as you’d expect, in one area of the Atlantic Ocean. However, two ships, indicated in blue, appear to be near Mexico. Because it’s physically impossible for the satellite to pick up ship transmissions outside of its footprint, this image indicates that the two ships marked in blue must have inserted false positioning information into their ships’ GPS systems in order to appear to be hundreds of miles away from where they were actually located.
Identity fraud, the last of the five practices, is another frequently-used method for manipulating the data. Here ships transmit false IMO or MMSI numbers, which ships may be incentivized to do if they are on a watch list or are known for safety violations. Over the past year alone, there has been a significant rise in this form of manipulation, with 1% of AIS-transmitting ships now reporting false identification data. This would be like having over 1,000 people per day travelling through John F. Kennedy International Airport with fake IDs.
The result? Security agencies responsible for maritime-related safety, from navies to coast guards to customs and intelligence agencies are, unwittingly and unknowingly, relying on data that is increasingly inaccurate and intentionally manipulated. Once some of the data is manipulated, all of the data becomes suspect and must be vetted.
This growing trend has a few key implications for anyone using AIS data in the security world: AIS data cannot be trusted ‘as is,’ since it is impossible to know which data is being manipulated without vetting all of it. Watch lists, a widely used tool in the maritime security world, have become largely invalid, as ships can simply change their identity to avoid being identified. And ships can erase their digital footprints and even create ‘ghost ships’ that cloud the global maritime picture for decision makers.
We expect this trend to continue. Ships are increasingly aware that they are being ‘watched’ via their AIS transmissions and for those wishing to conceal their identity or location the incentive to manipulate the data is growing. What’s more, today’s AIS manipulators are likely just the ‘early adopters’ of a tactic for gaming the system that will continue to spread, making the maritime picture – as reflected from AIS data – increasingly unreliable.
We have come full circle: from an information vacuum in the pre-AIS days to a massive and unreliable data picture, based solely on ships’ self-reporting, which is creating an illusion of knowledge for today’s decision makers. The blank screen has been replaced by a screen full of data, which is increasingly manipulated by the very ships it is intended to track. Security agencies don’t rely on the ‘honors system’ in any other arena, and the critically important maritime domain should be no exception. It is time that we tackle this growing global challenge.
To read the executive summary, please click here.
