While handling 90 percent of the global economy daily, maritime industry ashore and afloat remains increasingly vulnerable to cyber disruptions and attacks from “neerdowells and bad actors” that threaten financial markets and the country’s national security, the head of the Maritime Administration said last week.
Lacking a coordinated code affecting all modes of transportation and ports and terminals, the “movement of our armed forces” can be disrupted “by a few key strokes of bad actors” that can affect ship operations, cargo handling and on-shore facilities, retired Rear Adm. Mark Buzby said during a Sept. 24 virtual event hosted by The Atlantic Council.
Cyber disruptions in San Diego and Barcelona port operations in 2018 and continuing ransomware attacks on European transport companies underscore the vulnerability of these interlocked modes of economic movement, Coast Guard Capt. Jason Tama, commander of Sector New York, and Heli Tiirmaa-Klaar, Estonia’s ambassador-at-large for cyber diplomacy, added.
Speaking as part of the online forum, Kathy Metcalf, president and chief executive officer of the Chamber of Shipping of America, said all too often cyber security is thought of as the takeover of a ship and ramming it into the Verrazano-Narrows Bridge, which connects Brooklyn and Staten Island at the entrance to New York’s harbor.
The real need is for “collaboration” on all the details affecting small links in a supply chain or parts used in maintenance. “The system will only be as good as its weakest link,” Metcalf said.
The maritime industry includes many links — some more than 30 years old that remain extremely vulnerable, while others are brand new and hardened, Xavier Bellekens, lecturer at the Institute for Signals, Sensors and Communications, University of Strathclyde, said at the forum.
Looking only at ships, using open source information, Bellekens said anyone “can relatively easily … learn very fast about,” a ship at sea. Using slides, Bellekens selected one ship operating from a Southeast Asian port and in less than a day followed its course outbound, obtained biographical data on its captain, information on the makeup of the crew, current cargo, destinations and the ship’s current position.
The data are potentially useful to hackers, pirates, criminals, terrorists or hostile nation-states.
As he was speaking, Bellekens presented a news photo of the aftermath of a collision at sea between a Russian frigate and merchant ship in Danish waters that occurred the day prior. He used the photo, which was available within a few hours of the mishap, to emphasize the point that “there are many ways to gather open source information.”
Master Mariner Capt. Alex Soukhanov, managing director at Moran Cyber, said that while designers and builders have understood for decades the need for safety, segmentation or compartmentalization in ship work, “cyber and networks” were “not priorities” for years. Those legacy systems are still operating today.
“It really doesn’t matter who the bad guy is” in hacking the vessel itself, from propulsion to navigation systems, port management, terminal capacity of cargo, to a maintenance facility’s work schedule because “all of these systems are connected together.”
Tama said, “we’re years behind other sectors,” like finance, in understanding these connections and the need for collaboration between ship owners, vessel operators, ship builders and designers, terminal and port authorities, and companies and law enforcement.
The reluctance to collaborate in the private sector and even in public-private partnerships with law enforcement agencies, including coast guards, has been shifting, Metcalf, Tama and Tiirmaa-Klaar agreed.
The impact of ransomware demands in all manners of business — from health care to utilities to transportation — has been a key factor in this shift.
Even reducing this to cybersecurity on ships alone, Metcalf said, “not all the ships are the same” because they were built at different times for different operations. An example of “flesh on the bones” for vessels could be drawn from the International Safety Management agreement to improve cybersecurity afloat.
Moreover, Metcalf said the reality aboard a ship is that the first questions a captain or master ask if the ship’s operations are disrupted aren’t about cyber. They will instead ask about restoring that capability or how to work around it. In addition, most officers and crew “don’t realize how important [a part, a system, etc., are] until it’s no longer working.”
For all the activities involved in maritime operations, “you can set up some general principles” and “the right place is in the [International Maritime Organization],” she added.