The global maritime industry faces constant threats, as evidenced by terrorist attacks and thwarted plots in the Suez Canal last year. Deliberate assaults of various kinds pose an ever-present danger, underscored by incidents like the Sept. 11, 2001 attacks, the USS Cole attack the year before, and the tanker Limburg attack the following year. These events ushered in a heightened era of concern for global security, particularly within the maritime sector. However, it’s not just deliberate attacks that we must be wary of; our ports, terminals, rig fields, and vessels of all types are also vulnerable to natural disasters, mishaps, accidents, and other unintentional occurrences. In recent years, these reminders have become increasingly urgent, highlighting the need for comprehensive security measures to protect against all manners of threats.

• Maritime Security: How to Ensure It?

Maritime Security: How to Ensure It?

In recent years, maritime cyber security (MCS) has emerged as a critical focus area, driven by technological advancements and the sector’s unique cyber characteristics. Unlike other industries, the maritime sector relies heavily on radio frequency (RF) for data transfer, rather than hardlines or directed microwaves, making it vulnerable to cyber threats. Consequently, the evolving technologies and inter-connectivity within the maritime sector have become a double-edged sword. While they have revolutionized operations and communication, they have also exposed the industry to new risks and vulnerabilities. This shift has been preceded by over a decade of awareness campaigns and training initiatives targeting terrorism and piracy. However, as the maritime community continues to adapt to these traditional security challenges, it must now turn its attention to the growing threat of cyber attacks. To address this, a comprehensive approach to maritime cyber security is imperative, encompassing robust policies, advanced technologies, and continuous training and awareness.

In our increasingly digital world, the marine industry faces unique challenges as it strives to protect critical operations from cyber vulnerabilities. From navigation to engine control, cargo handling, and communications, every system is potentially exposed to risks that could disrupt or even halt vital processes. That’s why a proactive approach to cyber security is essential.

Historically, cyber security awareness in the maritime sector has lagged behind other industries, as many professionals have been focused on the day-to-day demands of running their ships and businesses. However, as both governments and private enterprises begin to recognize the gravity of these threats, there’s a growing momentum to address the issue.

A continuous process of readiness and preparedness is key for all involved, ensuring that every individual and system is equipped to handle potential breaches. This begins with awareness, as understanding the scope and nature of these vulnerabilities is the first step in building a robust defense.

By prioritizing cyber security and fostering a culture of vigilance, the marine industry can not only mitigate current risks but also stay ahead of emerging threats. This proactive approach is crucial in maintaining the safety, efficiency, and reliability of maritime operations in our increasingly connected world.

In an effort to enhance maritime security, various initiatives are being taken to protect navigation systems and raise awareness among seafarers. Notably, the House recently passed legislation aimed at preserving infrastructure for a Positioning, Navigation, and Timing (PNT) system, designed to complement GPS through robust land-based signals. This development comes as a response to growing concerns over the vulnerability of GPS systems. Meanwhile, the Ship Owners Cooperative Program (SOCP) has unveiled a new computer-based training (CBT) tool, funded by a grant from the U.S. Maritime Administration. This ISSA (Merchant Mariner Information Systems Security Awareness) CBT comprehensively covers topics such as workplace computer security, network safety, and best practices for creating strong passwords. By providing this training, SOCP aims to equip mariners with the knowledge and skills necessary to mitigate cyber threats. Furthermore, several shipping companies have been proactive in upgrading their cyber threat matrices and refining their security programs. These efforts are particularly crucial in light of demonstrations by the University of Texas, under Assistant Professor Todd Humphreys, which have exposed the potential for GPS spoofing attacks. Such attacks could have severe consequences for maritime safety, making it imperative to stay vigilant and proactive in addressing these emerging threats.

Maritime security remains a paramount concern in today’s interconnected world, with cyber vulnerabilities posing a significant threat to vessels and facilities alike. The U.S. Coast Guard, in recognition of this evolving challenge, emphasized cyber security in its 2014-2015 Proceedings and issued COMDTNOTE 5510 on “Cyber Security and the Marine Transportation System (MTS).” This strategic move underscores the need for a comprehensive approach to identifying and assessing cyber risks. Captains of the Port (COTPs) are urged to engage vessel and facility operators in inventorying their cyber systems, pinpointing those that could potentially trigger a Transportation Security Incident (TSI), and evaluating their resilience against attacks, misuse, or failures. This case-by-case approach ensures a thorough understanding of the unique vulnerabilities inherent in each cyber system, paving the way for effective mitigation strategies. After all, vulnerabilities can lurk at any level, in any area, making a proactive and tailored response crucial for maritime security.

The proliferation of RF jammers has been raising concerns worldwide, increasing the likelihood of serious maritime sector jamming incidents. Vessel positioning and navigation operations depend on Global Navigation Satellite Systems (GNSS) such as GPS, and interference with weak GPS RF signals can have significant impacts. Both state and non-state actors, including hacker organizations, have vowed to attack all forms of energy production worldwide, intensifying the global issue of RF jamming. North Korea has proven the effectiveness of long-range jamming through its relentless attacks on South Korea in recent years, while Iran and Iraq are also expert state jammers among many others. Criminals have already learned how to compromise RF tracking systems of cars, containers, and other cargo, and rigs and drill ships exchange massive amounts of RF data with shore-side partners to conduct operations. As the use of RF technology continues to grow, the need for effective countermeasures against jamming becomes increasingly urgent.

Electronic charting (ECDIS/ECS) systems, automatic identification systems (AIS) for collision avoidance, as well as GPS receivers and GPS compasses, are all vulnerable to compromise from both unintentional and intentional events, unless an unaffected secondary positioning source is immediately available. For instance, on April 1, the Russian GNSS GLONASS experienced an unprecedented total disruption of its entire system, rendering positioning worthless for almost 11 hours. While reports suggest it was an error by a GLONASS engineer, others challenge this, questioning if it was the result of a cyberattack or a powerful solar flare that erupted at about the same time. A thorough cyber assessment of navigation bridges may reveal that GPS signal loss, jamming, or spoofing could impact some or all of the other navigation units, including gyrocompasses, steering systems, radar/ARPAs, echo sounders, DSC VHF radios, etc.

To enhance resilience in the industry, it’s crucial to identify and quietly share MCS vulnerabilities among stakeholders, leading to combined threat awareness and improved risk assessment, impact potentials, and solutions. A robust terrestrial positioning system, eLoran, offers a proven, jam-resistant, and GPS-accurate alternative, filling GNSS voids in urban canyons, dense structures, tunnels, underground, and underwater areas. Unlike satellite systems, eLoran isn’t affected by extreme space weather, ensuring reliable positioning. Manufacturers can also contribute by providing signal strength alarms on new GPS receivers. Employment of inertial navigation systems, RF jamming detectors, and alternate positioning systems like eLoran are among the mitigations. Threat identification supports training personnel, improving systems, equipment, and processes for industry resilience. As awareness grows, stakeholders can mature in their understanding of combined threats, leading to better enhancements in risk assessment and solutions.

Capt. David B. Moskoff, an expert in maritime cyber security and president of marine consulting firm Maritech, emphasizes the importance of a four-step process to ensure optimal preparedness against known and unknown maritime cyber threats. This involves compiling MCS response plans, conducting regular drills, including unannounced ones, and implementing new systems like eLoran to complement GPS and other GNSS PNT systems. The final step is to ensure continuous improvement of the MCS readiness process. Moskoff, who holds a U.S. Coast Guard unlimited master license and has extensive experience commanding ships, stresses the need for constant vigilance and preparation in the industry to effectively counter these evolving threats.

His views are personal and do not represent any government entity’s stance, as expressed in his statements.