FAO Home>Fisheries & Aquaculture
FOOD AND AGRICULTURE ORGANIZATION OF THE UNITED NATIONShelping to build a world without hunger
EspañolFrançais
 

The security of VMS data is important both to fishing vessel operators and to fishery management authorities.

Depending on the target species and nature of fishing operations, the position of fishing vessels can be valuable and sensitive commercial information. Monitoring agencies must make efforts to ensure the physical and operational security of shipboard equipment, communications, and fishery monitoring centres (FMC). This security guarantees that VMS data are protected from damage or loss, and not disseminated in an unauthorized manner to the fishing community or others.

Security is essential to the fishery management authorities, as they have a responsibility to ensure that the VMS information is:

  • Authentic and non-repudiated, i.e. the data were provided from a verifiable source, and that source cannot deny sending the data.
  • Of high integrity, i.e. the data have not been altered from vessel to FMC, false data have not entered the system, and the chain of data transfers is recorded and auditable.
  • Private, i.e. the data have been protected from unauthorized viewing.
The FMC should be housed in a physically secure location that ensures that only certain personnel can access the VMS data. These personnel should have the appropriate training and authorization to access the VMS. The FMC should also have operational and policy provisions to guarantee that the data are safe from damage or disclosure.
Fisheries Monitoring Centre
On board the vessels, intentional tampering with VMS equipment exists in several forms. The simplest methods are blocking the antenna, disrupting the power source, removing the unit from the vessel, or otherwise disabling the unit’s normal functionality. The blockage of normal transmissions can be difficult to prevent and identify, but some shipboard equipment has a built-in alerting function – if the antenna is disconnected or blocked, the end user is notified when it is reconnected or unblocked.

The disruption of power to shipboard electronics, including the VMS unit, is common on fishing vessels. Power failures are often accidental, but can sometimes be wilful. Like blocking the antenna, many VMS units will send a status report that power has been interrupted and restored. Physical removal or relocation of a unit is best detected by audits and inspections.

More egregious and technically more difficult types of tampering include the creation of unauthorized duplicate units (“cloning”), and the introduction of false information into data reports (“spoofing”). Cloning means the creation of a duplicate VMS unit, installed in some location that is legal from a fisheries management perspective and that appears to the management authority to report normally. During this time, the original unit aboard the regulated vessel is disabled and the vessel may be engaged in unlawful activity that is not detected via the VMS.

Safeguards against cloning lie mostly with the equipment manufacturers and their service representatives. Unique equipment identifiers are embedded in the system firmware, and this is known and accessible only by the manufacturer – this is designed to eliminate the possibility of creating duplicate units. Additionally, some fishery management agencies employ tamper seals or hardened enclosures to physically protect the shipboard equipment from tampering.

Spoofing means the insertion of false data into the VMS reports. Weak designs and construction in some models of shipboard VMS equipment have allowed for this type of tampering. Management agencies must continually evaluate both the hardware and firmware of equipment used in their VMS programme, to ensure that the insertion of false data is prevented. Again, the use of tamper seals or hardened enclosures can physically protect shipboard equipment from tampering.

It should be noted that tampering is sometimes difficult to distinguish from normal failures of the electronic equipment. Management authorities should conduct routine inspections of VMS equipment, and have legal provisions for penalties that are appropriate for the various forms of documented tampering.

Security of the data transmission from shipboard equipment to the FMC is usually the responsibility of the communications service providers. Various forms of encryption and redundant systems may be used to ensure that the data are not lost or altered.

Comments/inquiries
Site map
Login
e-Bulletin
© FAO, 2000-2009
powered by FIGIS