Raising the Standard of Maritime Voyage Data Recorder Security

Voyage Data Recorders (VDRs), often referred to as the ‘black boxes’ of the shipping
industry, collect and store vital data from key sensors and locations around the ship. This data
plays a pivotal role in incident investigation, as was seen in the grounding of the Costa Concordia in
2012, and the sinking of the El Faro in 2015. With such an important role to play, the International
Maritime Organization (IMO) has mandated that all SOLAS registered ships carry a VDR, which
can demonstrate compliance with internationally agreed standards. Without a VDR compliant with
these standards a ship cannot sail. However, the rise in the number, and sophistication, of digital
devices are making the sector increasingly vulnerable to cyber-attacks. This paper will demonstrate a
number of high-risk VDR cyber security vulnerabilities and review the current international technical
standards covering all VDR devices being manufactured and used today, drawing attention to the
minimum security requirements. The paper will go on to discuss how these standards fail to promote
the necessary levels of cyber security needed to protect VDRs from today’s cyber risks, amidst
increased demands for digital connectivity for remote and autonomous operations. The paper will
conclude by proposing several amendments (technical and non-technical) to the current standards
which, if adopted, will help increase the minimum level of security of VDRs. Industry opinions were
gathered on this topic, and their beliefs have been included across this paper.