Achieving cybersecurity on the water

If Russia can hack its way into our elections and digital mischief makers in China can deface the White House website, what chance do vessel operators have of maintaining cybersecurity within their fleets?

Once we’re networked, there probably is no such thing as absolute security, but given our dependence on digital data for everything from navigation to vessel maintenance — to say nothing of life safety — we cannot ignore the need to protect our operations from exploitation or attack.

As part of its mission to promote human safety, marine safety and environmental safety, the U.S. Coast Guard, with the support of the Transportation Security Administration, is leading the charge for cybersecurity in the maritime community.

During a presentation Tuesday at the Passenger Vessel Association Annual Meeting at MariTrends in Savannah, Ga., Lt. Cmdr. Brandon Link, a marine safety expert with the Coast Guard’s Critical Infrastructure Branch, said the stars are aligning for such an effort by passenger vessel operators, among others. The Coast Guard is developing specific cybersecurity “profiles” for maritime sectors and has completed three, for maritime bulk liquid transfers, offshore operations and passenger vessels.

The next profile will focus on navigation and automation.

“The cybersecurity framework profiles are designed to assist organizations in assessing cyber risks and offer guidance on how to allocate limited resources in order to improve their cyber resiliency,” Link said.

Link said the profiles are designed to facilitate implementation. They leverage existing standards and recommended practices. In the case of passenger operations, for example, the profile was developed in consultation with the Cruise Line Industry Association and the PVA. “We cannot stress enough our appreciation to the stakeholders from all sectors of industry for their assistance in drafting these profiles,” he said.

Moreover, he said, cost-effectiveness was critical, as was the need to avoid creating a lot of new regulations. “We do hope this is a useful tool,” he told PVA attendees.

You can access more information on the Coast Guard’s cybersecurity effort, as well as offer feedback, at the Maritime Commons blog.

About the author

Jerry Fraser

Jerry Fraser is the publisher of WorkBoat Magazine and WorkBoat.com.

2 Comments

  1. Capt. Robert Russo on

    The major threat is not Russian or Chinese government hackers but cyber criminals using ransomeware. Think about this sceanario. A criminal decides to go after a Tug company. Using open source data and social networks, he identifies a HR person and an employee. By creating a phony web account, he sends an email to an employee from what looks like the HR department asking an innocuous question with malware loaded onto this email. The email asks the employee to log into his corporate account to verify something. That brings the malware into the company’s data base and then shuts down the company till a ransom is paid.
    The only way to protect against this type of serious and realistic threat is a company policy and education.

    • glynda allison on

      As a documentation service provider Ransomware is a very real threat to secure information – such as finance, tax, and social security numbers. we are having to actively redact all sensitive information as soon as documentation is issued. This creates a necessary backlog that also jams processing of return customers because all needed information has been destroyed. What has made our services easier to process on return customers is now making them more vulnerable in the digital age.

Leave A Reply

© Diversified Communications. All rights reserved.