Cybersecurity challenges and vulnerabilities of the automatic identification system in maritime transport
DOI:
https://doi.org/10.61089/aot2026.1jaejy17Keywords:
Maritime Cybersecurity, Automatic Identification System, Spoofing and Jamming Attacks, Defense-in-Depth Strategies, Data Integrity and AuthenticationAbstract
The Automatic Identification System (AIS) has become a fundamental component of modern maritime navigation, supporting real-time vessel tracking, collision avoidance, and traffic management. However, its protocol was developed without cybersecurity considerations, resulting in structural vulnerabilities that increasingly threaten operational safety and reliability. AIS broadcasts are neither encrypted nor authenticated, allowing adversaries to intercept, manipulate, or fabricate messages with minimal technical effort. This exposes maritime operators to a spectrum of cyber threats, including identity spoofing, false-data injection, replay attacks, and targeted radio-frequency jamming. As AIS data is routinely integrated into Electronic Chart Display and Information Systems (ECDIS), Vessel Traffic Services (VTS), and autonomous navigation modules, these weaknesses propagate across interconnected maritime infrastructures, amplifying the potential consequences of compromised data integrity. This article provides a systematic assessment of the core vulnerabilities inherent in AIS communication, emphasizing the absence of cryptographic protections, the ease of broadcasting falsified vessel information, and the susceptibility of the VHF communication channel to intentional interference. The operational impacts of these threats are analyzed with regard to navigational decision-making, port coordination, surveillance accuracy, and maritime domain awareness. Particular attention is given to the risks resulting from excessive dependency on AIS as a primary sensor input, especially in automated or minimally manned operational environments. In response to these challenges, the study outlines a set of technical and organizational countermeasures. Proposed solutions include the integration of authentication layers and lightweight encryption into future AIS/VDES protocols, the deployment of anomaly-detection algorithms for real-time identification of spoofed or inconsistent data, the cross-verification of AIS information with independent sensors, and the systematic maintenance of AIS-capable equipment. Additionally, the article highlights the need for harmonized regulatory reforms and enhanced cybersecurity training for crews and port operators. Collectively, these measures aim to strengthen the resilience of maritime communication systems and ensure that AIS continues to serve as a reliable component of navigational safety in an increasingly digitalized and threat-exposed maritime domain.
References
1. Androjna, A., Perkovič, M., Pavic, I., & Mišković, J. (2021). AIS Data Vulnerability Indicated by a Spoofing Case-Study. Applied Sciences, 11(11), Article 11. https://doi.org/10.3390/app11115015
2. Balduzzi, M., Pasta, A., & Wilhoit, K. (2014). A security evaluation of AIS automated identification system. Proceedings of the 30th Annual Computer Security Applications Conference, 436–445. https://doi.org/10.1145/2664243.2664257
3. Banyś, P., Gucma, M., & Fowdur, J. S. (2024). Assessment of Possible Misidentification of AIS Transponders within AIS Data due to Bit Inversions of MMSI. Naše More, (71(1)), 30–37. https://doi.org/10.17818/NM/2024/1.5
4. Benterki, A. S., Visky, G., Vain, J., & Tsiopoulos, L. (2025). Using Incremental Inductive Logic Programming for Learning Spoofing Attacks on Maritime Automatic Identification System Data. In S. Bauk (Ed.), Maritime Cybersecurity (pp. 123–141). Springer Nature Switzerland. https://doi.org/10.1007/978-3-031-87290-7_7
5. Chang, T.-H., Kao, S. L., Chou, C.-C., & Chang, H. C. (2025). Genetic Algorithm for Ship Robbery Emergency Reporting System. TransNav, International Journal on Marine Navigation and Safety Od Sea Transportation, 19(2), 609–615. https://doi.org/10.12716/1001.19.02.33
6. Cichocki, R., & Wójcik, P. (2025). Cybersecurity in Maritime Transport Systems: Threats, Trends, and Countermeasures in the Last Decade. TransNav, International Journal on Marine Navigation and Safety Od Sea Transportation, 19(3), 715–722. https://doi.org/10.12716/1001.19.03.03
7. Dansarie, M. (2024). Security Issues in Special-Purpose Digital Radio Communication Systems: A Systematic Review. IEEE Access, 12, 91101–91126. https://doi.org/10.1109/ACCESS.2024.3420091
8. Emmens, T., Amrit, C., Abdi, A., & Ghosh, M. (2021). The promises and perils of Automatic Identification System data. Expert Systems with Applications, 178, 114975. https://doi.org/10.1016/j.eswa.2021.114975
9. Final Rule: Cybersecurity in the Marine Transportation System – Implementation Timeline. (n.d.). United States Coast Guard News. Retrieved 11 August 2025, from https://www.news.uscg.mil/maritime-commons/Article/4247529/final-rule-cybersecurity-in-the-marine-transportation-system-implementation-tim/
10. Glomsvoll, O., & Bonenberg, L. K. (2017). GNSS Jamming Resilience for Close to Shore Navigation in the Northern Sea. The Journal of Navigation, 70(1), 33–48. https://doi.org/10.1017/S0373463316000473
11. Goudosis, A., & Katsikas, S. (2020). Secure AIS with Identity-Based Authentication and Encryption. TransNav, International Journal on Marine Navigation and Safety Od Sea Transportation, 14(2), 287–298. https://doi.org/10.12716/1001.14.02.03
12. Junaidi, A., Yudo, H., & Ab-Samat, H. A. (2024). Identify the Trends on Maritime Safety Management System Studies: A Review. TransNav, International Journal on Marine Navigation and Safety Od Sea Transportation, 18(4), 775–784. https://doi.org/10.12716/1001.18.04.03
13. Kessler, G. C. (2020). Protected AIS: A Demonstration of Capability Scheme to Provide Authentication and Message Integrity. TransNav, International Journal on Marine Navigation and Safety Od Sea Transportation, 14(2), 279–286. https://doi.org/10.12716/1001.14.02.02
14. Lázaro, F., Raulefs, R., Bartz, H., & Jerkovits, T. (2023). VDES R-Mode: Vulnerability analysis and mitigation concepts. International Journal of Satellite Communications and Networking, 41(2), 178–194. https://doi.org/10.1002/sat.1427
15. M.1371: Technical characteristics for an automatic identification system using time division multiple access in the VHF maritime mobile frequency band. (n.d.). Retrieved 25 February 2026, from https://www.itu.int/rec/R-REC-M.1371
16. M.2092: Technical characteristics for a VHF data exchange system in the VHF maritime mobile band. (n.d.). Retrieved 25 February 2026, from https://www.itu.int/rec/R-REC-M.2092
17. Maritime cyber risk. (n.d.). Retrieved 25 February 2026, from https://www.imo.org/en/ourwork/security/pages/cyber-security.aspx
18. Neumann, T. (2024). Cybersecurity in Maritime Industry. TransNav, International Journal on Marine Navigation and Safety Od Sea Transportation, 18(4), 765–774. https://doi.org/10.12716/1001.18.04.02
19. NIST Releases Version 2.0 of Landmark Cybersecurity Framework. (2024). NIST. https://www.nist.gov/news-events/news/2024/02/nist-releases-version-20-landmark-cybersecurity-framework
20. Oruc, A., Kavallieratos, G., Gkioulos, V., & Katsikas, S. (2025). Perspectives on the Cybersecurity of the Integrated Navigation System. Journal of Marine Science and Engineering, 13(6), 1087. https://doi.org/10.3390/jmse13061087
21. Raiyn, J. (2024). Maritime Cyber-Attacks Detection Based on a Convolutional Neural Network. In M. E. Cornejo, L. T. Kóczy, J. Medina, & E. Ramírez-Poussa (Eds), Computational Intelligence and Mathematics for Tackling Complex Problems 5 (pp. 115–122). Springer Nature Switzerland. https://doi.org/10.1007/978-3-031-46979-4_16
22. Sciancalepore, S., Tedeschi, P., Aziz, A., & Di Pietro, R. (2022). Auth-AIS: Secure, Flexible, and Backward-Compatible Authentication of Vessels AIS Broadcasts. IEEE Transactions on Dependable and Secure Computing, 19(4), 2709–2726. https://doi.org/10.1109/TDSC.2021.3069428
23. Soner, O., Kayisoglu, G., Bolat, P., & Tam, K. (2024). Risk sensitivity analysis of AIS cyber security through maritime cyber regulatory frameworks. Applied Ocean Research, 142, 103855. https://doi.org/10.1016/j.apor.2023.103855
24. Spravil, J., Hemminghaus, C., von Rechenberg, M., Padilla, E., & Bauer, J. (2023). Detecting Maritime GPS Spoofing Attacks Based on NMEA Sentence Integrity Monitoring. Journal of Marine Science and Engineering, 11(5), 928. https://doi.org/10.3390/jmse11050928
25. Steiner, J., Havlíček, J., Duša, T., & Heinrichs, G. (2023). The Vulnerability of Inland Waterway AIS to GNSS Radio Frequency Interference. Engineering Proceedings, 54(1), 26. https://doi.org/10.3390/ENC2023-15461
26. Stupak, T. (2014). Influence of Automatic Identification System on Safety of Navigation at Sea. TransNav, International Journal on Marine Navigation and Safety Od Sea Transportation, 8(3), 337–341. https://doi.org/10.12716/1001.08.03.02
27. Sun, J., Yi, Z., Zhuang, Z., & Jiang, S. (2025). Securing Automatic Identification System Communications Using Physical-Layer Key Generation Protocol. Journal of Marine Science and Engineering, 13(2), 386. https://doi.org/10.3390/jmse13020386
28. Svanberg, M., Santén, V., Hörteborn, A., Holm, H., & Finnsgård, C. (2019). AIS in maritime research. Marine Policy, 106, 103520. https://doi.org/10.1016/j.marpol.2019.103520
29. Tsiopoulos, L., & Vaarandi, R. (2025). A Scope Review of Secure Broadcasting Protocols for the Automatic Identification System. In S. Bauk (Ed.), Maritime Cybersecurity (pp. 103–121). Springer Nature Switzerland. https://doi.org/10.1007/978-3-031-87290-7_6
30. UR E27 Rev1. (n.d.). Safer and Cleaner Shipping - IACS. Retrieved 25 February 2026, from https://iacs.flumeserver.co.za/publications/ur-e27-rev1/
31. Wimpenny, G., Šafář, J., Grant, A., & Bransby, M. (2022). Securing the Automatic Identification System (AIS): Using public key cryptography to prevent spoofing whilst retaining backwards compatibility. The Journal of Navigation, 75(2), 333–345. https://doi.org/10.1017/S0373463321000837
Downloads
Published
Issue
Section
License
Copyright (c) 2026 Archives of Transport journal allows the author(s) to hold the copyright without restrictions.

This work is licensed under a Creative Commons Attribution 4.0 International License.


