| Jointly sponsored by CCICADA Center at
Rutgers University and American Military University
Uncertainty – it is our Maritime Cyber Security Reality
Maritime Cyber Security is an emerging field of study and, as such, is characterized by significant uncertainty. The topic itself is as broad and as deep as the oceans and waters in which we operate. The threat is real and motivated by crime, economic exploitation, mischief and worse. We have evidence that proves our maritime systems are vulnerable – in ports, cargo management systems have been hacked and manipulated; in the energy domain, oil rigs have been infiltrated and operations interrupted; and at sea, modern ships can be shanghaied and diverted from their safe navigational paths.
To bring clarity to these murky waters, we must understand better our maritime systems – we know well enough what they do for us but how can they be manipulated by bad actors? What are their vulnerabilities? What information do they transmit and how? What are the interconnections to other systems? What are their safeguards? It is through this better understanding of our systems that we can then understand the vulnerabilities and then assess the maritime cyber security risk – the possibility, probability and severity of the cyber threat. This will, in turn, permit us to focus our efforts on detecting attacks and defending systems.
The Resilience Imperative in the Maritime-Cyber Domain
The mounting risk associated with cyber-attacks on physical systems is commanding attention of national security and homeland security planners and compelling a reexamination of both the priorities and tactics for safeguarding critical infrastructure. Whereas the dominant paradigm in recent years has centered around devising protection measures based on explicit threat assessments, lately Washington has placed new emphasis on bolstering resilience. For example, in February 2012, the Obama administration released an executive order (EO-13636) and presidential policy directive (PPD-21) that focus national attention on improving critical infrastructure and cyber resilience. Despite the high stakes, the maritime domain has been largely overlooked when it comes to assessing the risk and devising measures that better assure its capacity to withstand, respond, recover, and adapt to the growing array of cyber threats. This presentation will outline the strategic elements of meeting the resilience imperative in the maritime-cyber domain.
Placing Maritime Cyber Security and Technological Change in Context: Reflecting on Historical Trends to offer a Framework for Thinking about the Future
In 2013, the Office of the Secretary of Defense sponsored four war games that examined the future of technology, conflict, and war. As part of my role in these games, I presented a framework for looking at the evolution of technology and how it may impact conflict and security. This tutorial will place the evolution of maritime technology in this framework, and then consider the unique intersection of the problems of cyber insecurity and the increasing technical nature of complex military and maritime systems. The emerging reality of cyber insecurity in conjunction with the rapid move to autonomous and ‘smart’ technology may require a strategic redirection that seems counterintuitive but has historical precedent. These ideas and frameworks to be discussed have been briefed on to multiple audiences, to include several groups at USCYBERCOM and other government and military organizations.
Maritime Cyber Security (MCS): Vulnerabilities, Mitigation and Resilience
This Maritime Cyber Security (MCS) event is another important milestone toward identifying issues and fostering an industry culture of increased awareness. This presentation will look at various MCS issues for the maritime sector with a focus on vulnerabilities of oceangoing vessels and offshore energy sectors including radio frequency (RF) cyber threats.The attacks of September 11, 2001, the USS COLE just the year before, the M/V LIMBURG the year after ushered in a new era of concerns for the world and specifically the global maritime industry. Recently, the terrorist attacks and thwarted plots in the Suez Canal highlight the ever-present threat to the maritime industry from continuing deliberate assaults of all kinds. Everyone agrees, we must be ever vigilant and fully prepared to deal with whatever might come.
Although it was not much more than a decade ago, the words “Maritime Security” represented a new concept. Since then, the maritime community responded with terrorism and piracy awareness campaigns, training for seafarers and new onboard personnel responsible for vessel security. Today, with the rapid expansion of advances in technology throughout the maritime environment, we need to see a strong emphasis and dedicated effort toward full identification of the sector’s Maritime Cyber Security (MCS) known vulnerabilities and aggressively develop cyber policies addressing their mitigation. Generally preparing for unknown cyber vulnerabilities is also crucial.
Maritime Sector cyber vulnerabilities need to be fully recognized throughout the industry to help stimulate the increasing awareness of susceptibilities among the many stakeholders, assess the risks, evaluate potential impacts and deal with them. Once identified, it is essential we train personnel to improve equipment and processes to afford as much industry resilience as possible.
This presentation will provide an overview on differences between maritime cyber threat issues and traditional cyber threat issues supporting why Maritime Cyber Security (MCS) merits its own acronym, its own agreed-upon definition and its own cyber policies dealing with the unique nature or this industry. Maritime cyber security’s (MCS) definition has not yet been agreed upon since much of marine environment information transfer is via radio frequency (RF) and not a dedicated hard-line internet or directional microwave dish. A good example of this understanding is positioning by satellite systems. Interference with data being sent to/from shipboard computers and technology is cyber, but MCS’s definition will likely be more complex to include traditional and evolving perceptions.
Capt. David B. Moskoff is a professor in the Marine Transportation Department at the U.S. Merchant Marine Academy. He is an expert on maritime cyber security. He holds a U.S. Coast Guard unlimited master license and has commanded steam and diesel ships. Moskoff is president of MARITECH, a marine consulting and services firm. The views expressed are his own and do not reflect the views of any government entity.
Copyright © CCICADA. Website designed and maintained by The Lubetkin Media Companies LLC. All rights reserved..