If you wanted to cause a ship to alter course, wouldn't it be easier to spoof local GPS signals? This would have to be done slowly and carefully in a sneaky way, which is quite possible.
I wonder when the AIS system was designed and its methods and protocols decided on. If it was some years ago, then the 'modern' security concerns of terrorism and piracy would have been hardly considered if at all.
I also wonder if the mandatory AIS system has IP that is owned and licensed by a cosy cartel that keeps on milking its cash cow and has no interest in spending money to make it better. After all, why did it need Trend Micro to figure all this out and do experiments and investigations.