Why are automatic identification systems (AIS) considered vulnerable to cyber threats?

The reason automatic identification systems (AIS) are considered vulnerable to cyber threats primarily revolves around the fact that they broadcast vessel information without encryption. This lack of encryption means that the data transmitted by AIS, which includes critical information such as vessel identity, location, course, and speed, can be intercepted by anyone with an appropriate receiver. Consequently, this openness makes it easier for malicious actors to exploit the system for various purposes, such as spoofing a vessel's identity or tracking its movements without authorization.

In contrast, the other choices highlight aspects that do not directly relate to the vulnerability of AIS to cyber threats. For instance, not requiring maintenance does not inherently create a security risk; rather, it reflects the system's operational reliability. The fact that not all vessels use AIS may limit the scope of its vulnerabilities but does not directly affect its susceptibility to cyber threats among those that do. Lastly, while AIS may use satellite data, it operates primarily through terrestrial radio frequencies, which is unrelated to its vulnerability due to unencrypted transmissions. Thus, the security concern arises fundamentally from the way AIS disseminates information without protective measures like encryption.