NET Protect – Cyber Security System

NET Protect carries out the following device certification, network topography and general tests:

Certified Devices – This test interrogates all devices on the network and checks if they are listed in the NMEA 2000 Certified Product database. Un-Certified devices will be identified as they represent a possible cause of network errors and interoperability issues. The identified devices can continue to be used on the network but it is recommended that special care is taken to ensure that they are operating correctly and not causing network issues.

Name Verification – This test scans the NMEA Name (64 bit binary number) of each device on the network and will report any non-standard or rogue NMEA names that might indicate a malicious device.  Any devices reported should be immediately investigated and removed from the network.

Gateway Validation – Gateways are potentially a weak point in an NMEA 2000 network and can allow hackers to inject malicious data or control a network.  For this reason, N2K Protect can identify and validate any NMEA 2000 Gateway in the system.

Duplicate Device Instances – Multiple devices on the network sharing the same class and function codes and the same device instance can cause issues with data source identification and could be used to inject spoof data on to the network.  This test will identify any duplications and the Instance Configuration Tool can be used to give a duplicate device a unique device instance.

Duplicate PGNs – Multiple devices outputting duplicate PGNs can cause issues with data source selection and result in some devices showing wrong or no data.  This test will identify any duplicate PGNs and the Commanded Address Change Tool can be used to change a device’s CAN address reducing or increasing its priority.

Data Sources – This test in conjunction with the other Network Topography tests can be used to identify which devices will be automatically selected as the primary data source for GNSS, depth, wind, boat speed and heading.  Based on the PGNs they output and their CAN Address, N2K Protect will identify the devices that are the primary data sources and the Commanded Address Change Tool can be used to change which device is the primary data source.

Devices Outputting “No Data” – This test checks all of the devices that are outputting navigational PGNs with “No Data” in the key field i.e. transmitting a Depth PGN with the depth field showing “No Data”  If a higher priority device is outputting ‘No Data’ it can result in the data from the device you want to use, not being displayed.

Product Firmware Audit – This test will query every device on the network and create a simple list of the Firmware Version reported in each device’s Product Info PGN.  This is useful for checking that all devices on the network are fully up to date or if a firmware update has been done and caused problems since the current CANshot™ was taken.

Total LEN – This test queries the LEN value of all devices on the network and calculates the total LEN value for the network.  This can be useful in ensuring the network is properly designed and constructed and will not suffer from voltage drops or data corruption.

Once the installation tests are complete and the installer is happy with network performance, the CANshot option is run.  This “snapshots” the network and stores the results internally.  This report can also be saved and printed.

NET Protect then enters 24/7 monitor mode and will alert audibly and also store alerts in an event log for analysis.  If connected to a Digital Yacht 4GX or 5GX system, optional SMS alerts can be enabled for remote monitoring