Should workboat operators be concerned about potential cyber attacks?

In her story that begins on page 28, Dale DuPont writes that maritime cybersecurity is a growing concern worldwide. She cited two reports that say U.S. ports are vulnerable to cyber attacks, and we are not doing enough to prevent them. A GAO report said that the U.S. should pay “greater attention to potential cyber-based threats.” And Coast Guard Cmdr. Joseph Kramek, in a policy paper published last summer, said in most U.S. ports “basic cybersecurity hygiene measures are not being practiced.” Of the ports studied, none had a cyber attack response plan.

The Coast Guard has a cyber command unit, but it needs to do more, the GAO said. In particular, the Coast Guard should assess cyber-related risks and issue appropriate guidance, and Congress should give it the authority to enforce cybersecurity standards the same way it enforces physical security.

The GAO said the Coast Guard should get more serious about the risks and perform a detailed assessment. The Coast Guard, the only military organization within the Department of Homeland Security, is currently developing a cybersecurity strategy and guidance on how to do assessments.

The reports concentrated mainly on the Coast Guard and ports, but as Bill Pike wrote in the June issue, offshore operations appear to be the next big hacking target. GPS and other navigation systems are vulnerable.

According to a Reuters report, hackers recently shut down a floating rig by inducing a list. Another offshore rig’s computer system was so compromised by malware that it took 19 days to make it seaworthy again.

“This is a hot spot in the industry. The regulators don’t have a clue,” said Michael Van Gemert, senior vice president of Northwest Technical Solutions, a consulting company that focuses on the offshore energy industry. “All the newest rigs are running on high-speed data networks. Most advanced companies have done a good job closing these holes. But there are a lot of workboats with old systems.”

While some are seeking solutions to offshore hacking threats, “you will not see anybody blazing trails in leadership until they get hit,” Van Gemert said.