1

ENC Encryption/ISO 19379

Julia Powell

Office of Coast Survey

Marine Chart Division

2

Issue

• Do NOAA ENCs and RNCs need to be encrypted

• Are mariners at risk because NOAA ENCs and RNCs are distributed for free over the internet without encryption

3

IHO S-63 Data Protection Standard

Purposes:• Piracy Protection

– To prevent unauthorized copying of data

• Selective Access– Restrict access to ENC information to only those charts

for which a customer has acquired chart permits

• Authentication– Use of digital signatures to provide assurance that the

ENC data came from an approved source

4

S-63 Pertaining to NOAA• Piracy Protection

– Does not apply• NOAA does not copyright data

• Selective Access– Does not apply

• NOAA distributes ENCs for free via the Internet

• Authentication– Mariners can download their own– Mariners can purchase from a “Trusted Supplier”,

CED/CEVAD can use encryption as part of their service

5

Four Potential Scenarios

NOAA ENCs could be corrupted:• During Production• During Internet Download• At the ENC distributor’s site• At the End User

6

During Production

• Would require internal tampering, e.g. disgruntled employee

• Multiple layers of review as part of the quality control process

• Encryption would not prevent corruption during the production process

• No known instance of such sabotage by Coast Survey employees

7

During Internet Download

• CRC-32 check described by IHO S-57– Checks that data has been transmitted correctly

– Values stored separately from the data

• Would have to defeat server security and have knowledge to alter CRC values– Unlikely that corrupted data could be downloaded from

NOAA

8

At the ENC Distributors Site

• Final Rule for CED/CEVAD distributorship license– Allows for Encryption– Follows the European RENC model

• European Hydrographic offices supply the Regional ENC coordinating centers with unencrypted data

• RENC encrypts prior to distribution

– Becomes a trusted partner

• Neither NOAA nor the RENCs inspect or quality control such redistributed data

9

At the End User Site

• ECDIS performance standard allows for the updating of the base system ENC

• Encryption will not prevent the end user from keying incorrect data into the system

10

Conclusion

• Encryption would minimize the user base

• Designed mainly to protect copyright and control access, not the data

• CED/CEVAD allows for encryption if mariner’s prefer

• NOAA’s distribution policy is at least as secure as the RENC’s

11

ISO 19379

• Some private companies argue that privately made charts should be accepted for meeting federal chart carriage regulations

• They believe if they meet the ISO 19379 standard their data would be “guaranteed,” thus suitable for meeting federal regulations

• NOAA does not support, believing that regulated carriage should require official data

12

What is ISO 19379

• International Organization for Standardization

• Developed by industry with government participation and support

• Standard for “ECS databases – Content, quality, updating and testing.”

13

What is ISO 19379

• The purpose “is to clearly define the minimum acceptable requirements for electronic chart data…”

• Not intended to meet IMO requirements for ECDIS and is not “intended to satisfy the SOLAS V requirement to carry a navigational chart.”

14

Using ISO 19379 to Certify Private Data

• Three technical reasons for not certifying data compliant to ISO 19379 for official carriage regulations– Data Quality– Attribution and Display Issues– Frequency of Updating

15

Data Quality

• NOAA ENC is maintained from highly accurate original source

• Original Source is not available to private chart makers

• ECS databases use precompiled paper or electronic charts

• Use of official nautical charts as source is not required

• NOAA has highly trained cartographers to deal with source interpretation

16

Attribution and Display

• ISO 19379 is not tied to an encoding or display standard such as S-57 and S-52

• Without such ties, nobody can guarantee that the mariner will be served effectively– No guarantee of consistent display or content across

systems and software

– No guarantee of consistent encoding of the database for charting features

17

Frequency of Updating

• USCG publishes LNM’s weekly• ISO 19379 mandates only “at least one per month”• ISO 19379 will not meet the weekly update

interval required by the Coast Guard• By following this standard the mariner is not

guaranteed to be getting the latest critical information

• Would not comply with Federal Regulations

18

NOAA’s Alternative:CED/CEVADs

• Mechanism for private companies to become Certified ENC Distributors

• Intent is to allow for the redistribution of official NOAA ENC’s while retaining official status

• CED/CEVAD data is suitable for chart carriage• Private companies would not have to be ISO

19379 certified

19

Conclusion

• Privately made electronic charts meeting ISO 19379 should not be accepted for meeting federal carriage regulations– Not linked to a recognized display or encoding

standard– Monthly updates– Not using original source, such as NOAA

surveys, USACE channel surveys, etc…