Information security - VMS
The security of VMS data is important both to fishing vessel operators and to fishery management authorities.
Depending on the target species and nature of fishing operations, the position of fishing vessels can be valuable and sensitive commercial information. Monitoring agencies must make efforts to ensure the physical and operational security of:
On board the vessels, intentional tampering with VMS equipment exists in several forms. The simplest methods are blocking the antenna, disrupting the power source, removing the unit from the vessel, or otherwise disabling the unit’s normal functionality. The blockage of normal transmissions can be difficult to prevent and identify, but some shipboard equipment has a built-in alerting function – if the antenna is disconnected or blocked, the end user is notified when it is reconnected or unblocked.
The disruption of power to shipboard electronics, including the VMS unit, is common on fishing vessels. Power failures are often accidental, but can sometimes be wilful. Like blocking the antenna, many VMS units will send a status report that power has been interrupted and restored. Physical removal or relocation of a unit is best detected by audits and inspections.
More egregious and technically more difficult types of tampering include the creation of unauthorized duplicate units (“cloning”), and the introduction of false information into data reports (“spoofing”). Cloning means the creation of a duplicate VMS unit, installed in some location that is legal from a fisheries management perspective and that appears to the management authority to report normally. During this time, the original unit aboard the regulated vessel is disabled and the vessel may be engaged in unlawful activity that is not detected via the VMS.
Safeguards against cloning lie mostly with the equipment manufacturers and their service representatives. Unique equipment identifiers are embedded in the system firmware, and this is known and accessible only by the manufacturer – this is designed to eliminate the possibility of creating duplicate units. Additionally, some fishery management agencies employ tamper seals or hardened enclosures to physically protect the shipboard equipment from tampering.
Spoofing means the insertion of false data into the VMS reports. Weak designs and construction in some models of shipboard VMS equipment have allowed for this type of tampering. Management agencies must continually evaluate both the hardware and firmware of equipment used in their VMS programme, to ensure that the insertion of false data is prevented. Again, the use of tamper seals or hardened enclosures can physically protect shipboard equipment from tampering.
It should be noted that tampering is sometimes difficult to distinguish from normal failures of the electronic equipment. Management authorities should conduct routine inspections of VMS equipment, and have Legal frameworks - VMS programmes for penalties that are appropriate for the various forms of documented tampering.Security of the data transmission from shipboard equipment to the FMC is usually the responsibility of the communications service providers. Various forms of encryption and redundant systems may be used to ensure that the data are not lost or altered.