Voyage Data Recorders (VDRs), often referred to as the ‘black boxes’ of the shipping industry, collect and store vital data from key sensors and locations around the ship. This data plays a pivotal role in incident investigation, as was seen in the grounding of the Costa Concordia in 2012, and the sinking of the El Faro in 2015. With such an important role to play, the International Maritime Organization (IMO) has mandated that all SOLAS registered ships carry a VDR, which can demonstrate compliance with internationally agreed standards. Without a VDR compliant with these standards a ship cannot sail. However, the rise in the number, and sophistication, of digital devices are making the sector increasingly vulnerable to cyber-attacks. This paper will demonstrate a number of high-risk VDR cyber security vulnerabilities and review the current international technical standards covering all VDR devices being manufactured and used today, drawing attention to the minimum security requirements. The paper will go on to discuss how these standards fail to promote the necessary levels of cyber security needed to protect VDRs from today’s cyber risks, amidst increased demands for digital connectivity for remote and autonomous operations. The paper will conclude by proposing several amendments (technical and non-technical) to the current standards which, if adopted, will help increase the minimum level of security of VDRs. Industry opinions were gathered on this topic, and their beliefs have been included across this paper.



Publication Date


Publication Title

Journal of Marine Science and Engineering

Embargo Period


Organisational Unit

School of Engineering, Computing and Mathematics

Creative Commons License

Creative Commons Attribution 4.0 International License
This work is licensed under a Creative Commons Attribution 4.0 International License.