With more technically advanced, integrated and “connected” boats, security becomes a major concern. Recent high profile automotive hacks have highlighted security weaknesses in some CAN based systems.
The NMEA Organisation have responded to this threat by establishing a Cyber Security Working Group to identify and mitigate the risks of maritime attacks
N2K Protect is the World’s first cyber security product, focused on NMEA 2000, to be developed as part of this NMEA initiative.
N2K Protect is a self-contained, bus powered, unobtrusive black box that receives and analyses all NMEA 2000 network data. It has three key functions:
- Test and validate the NMEA 2000 network during installation
- Tools for NMEA 2000 configuration and network monitoring/analysis
- On going 24/7 monitoring and protection for the life of the vessel
INSTALLATION TESTS AND CANSHOT
N2K Protect carries out the following device certification, network topography and general tests:
Certified Devices – This test interrogates all devices on the network and checks if they are listed in the NMEA 2000 Certified Product database. Un-Certified devices will be identified as they represent a possible cause of network errors and interoperability issues. The identified devices can continue to be used on the network but it is recommended that special care is taken to ensure that they are operating correctly and not causing network issues.
Name Verification – This test scans the NMEA Name (64 bit binary number) of each device on the network and will report any non-standard or rogue NMEA names that might indicate a malicious device. Any devices reported should be immediately investigated and removed from the network.
Gateway Validation – Gateways are potentially a weak point in an NMEA 2000 network and can allow hackers to inject malicious data or control a network. For this reason, N2K Protect can identify and validate any NMEA 2000 Gateway in the system.
Duplicate Device Instances – Multiple devices on the network sharing the same class and function codes and the same device instance can cause issues with data source identification and could be used to inject spoof data on to the network. This test will identify any duplications and the Instance Configuration Tool can be used to give a duplicate device a unique device instance.
Duplicate PGNs – Multiple devices outputting duplicate PGNs can cause issues with data source selection and result in some devices showing wrong or no data. This test will identify any duplicate PGNs and the Commanded Address Change Tool can be used to change a device’s CAN address reducing or increasing its priority.
Data Sources – This test in conjunction with the other Network Topography tests can be used to identify which devices will be automatically selected as the primary data source for GNSS, depth, wind, boat speed and heading. Based on the PGNs they output and their CAN Address, N2K Protect will identify the devices that are the primary data sources and the Commanded Address Change Tool can be used to change which device is the primary data source.
Devices Outputting “No Data” – This test checks all of the devices that are outputting navigational PGNs with “No Data” in the key field i.e. transmitting a Depth PGN with the depth field showing “No Data” If a higher priority device is outputting ‘No Data’ it can result in the data from the device you want to use, not being displayed.
Product Firmware Audit – This test will query every device on the network and create a simple list of the Firmware Version reported in each device’s Product Info PGN. This is useful for checking that all devices on the network are fully up to date or if a firmware update has been done and caused problems since the current CANshot™ was taken.
Total LEN – This test queries the LEN value of all devices on the network and calculates the total LEN value for the network. This can be useful in ensuring the network is properly designed and constructed and will not suffer from voltage drops or data corruption.
Once the installation tests are complete and the installer is happy with network performance, the CANshot option is run. This “snapshots” the network and stores the results internally. This report can also be saved and printed.
N2K Protect then enters 24/7 monitor mode and will alert audibly and also store alerts in an event log for analysis. If connected to a Digital Yacht 4GX or 5GX system, optional SMS alerts can be enabled for remote monitoring
N2K Protect continuously monitors your NMEA 2000 network.
A new device, change to existing device or strange network behaviour will trigger N2K Protect to take action.
Depending on threat level, this could be a pop-up warning, transmission of an NMEA 2000 Alert PGN, sounding its internal buzzer or even an SMS message to designated mobile phone via our 4Gx/5GX systems.
The last 16 events are stored in a Network Events Log.
CONFIGURATION AND DATA TOOLS
N2K Protect also features the following configuration and data analysis tools:
Configuration Info Programming – Allows you to change the Configuration Info text in any of the devices. Not all devices support this function but it has now been mandated in the N2K specification so will become increasingly important.
Instance Configuration – Changes the Device Instance of an N2K device Not all devices support this but most engine gateways and devices that use instances do.
Commanded Address Change – Allows you to change the address of a device and all devices should support this to meet certification standards
Network Device List – Shows a list of devices on the network with address, manufacturer name, CAN name, class and function
PGN List – Shows time stamped PGN number and source, description with drill down data
Data Logging – Create and save a full data log of raw binary data
- World’s first NMEA 2000 Cyber Security Device
- Tests & validates the NMEA 2000 network during installation
- Allows configuration of other NMEA 2000 devices
- View and analyse the NMEA 2000 network with device and PGN displays plus raw data logging
- 24/7 monitoring of the NMEA 2000 network
- Integrated WiFi antenna can create its own WiFi network or join vessel’s wireless network
- Configuration and monitoring via built-in web interface
- 92dB internal buzzer for alerts
- Ability to generate SMS alert messages when used with a Digital Yacht 4GX or 5GX product for remote alerts
- Self-contained, bus powered, unobtrusive IP54 rated black box
- Future proof design, with easy to update firmware via web interface to keep unit aligned with current threats