By Dmitry Filipoff
From March 1-9, CIMSEC featured a series of pieces submitted in response to our call for articles on maritime cybersecurity, issued in partnership with Cyber Nation Central as a part of Project Trident.
Authors highlighted the ever-changing landscape of cyber threats and countermeasures. The maritime sector is particularly critical to defend because of its extensive and broad linkages. Yet ships require steady upgrading of their systems and defenses in order to a pace threat that is constantly evolving. Crews require regular training to prepare for possible worst-case scenarios, many of which could be precipitated by a seemingly friendly email. As state and commercial actors seek to reinforce their resilience against cyber threats in the maritime domain, they can look to improve their cross-stakeholder relationships with one another, and consider enhancing international law to provide more common ground for interpretation and action.
Below are the authors who featured during the topic week. We thank them for their excellent contributions.
“Sieges, Containerships, and Ecosystems: Rethinking Maritime Cybersecurity,” by LCDR Ryan Hilger
“…as cyberattacks only continue to grow in pace, scope, and impact, we must engineer and operate for resilience to ensure that the company or mission does not irrevocably lose the credibility and trust needed to survive in the ecosystem. Beyond practical approaches like expansive defense in depth, zero trust architectures, and redundancy or watchdog mechanisms to balance against complex or emergent behaviors, the approach must separate the systems from the information.”
“Sea Blind: Pacing Cybersecurity’s Evolving Impact on Maritime Operations,” by Mark McIntyre and Joe DiPietro
“Just as the sextant enabled celestial navigation of ships far from shore, and signal flags and lights allowed ships to communicate with one another more effectively, the adoption of digital technology has allowed sailors to shoot, move, and communicate even more rapidly. While this technology allows seafarers to navigate more precisely and communicate and coordinate with others more easily, it introduces new vulnerabilities to modern warships. Just as these systems assist personnel onboard ships, they potentially offer nefarious actors an attack vector to introduce malicious code into these systems.”
“Perils of A New Dimension: Socially Engineered Attacks in Maritime Cybersecurity,” by Leonid Vashchenko
“Their objective will be to obtain unsanctioned admittance into the vessel’s systems. The targeted person can either be blackmailed or contacted by a fake profile of a trusted contact with the aim of dispatching malware via the victim’s access. An untrained and unaware navigational officer could install the malicious software to the navigational computer, under the guise of ‘colleague’s friendly tip.’”
“Tackling Maritime Cyber Threats: A Call for Cross-Stakeholder Cooperation,” by Henrik Schilling
“Apart from the law itself, implementing cyber operations into international law would create a certain degree of consent between international actors regarding the handling and use of cyber operations. These measures will not solve illegal cyberattacks, but they might provide actors a common ground of action in terms of defending against such attacks or initiating consequences or counterattacks.”
Dmitry Filipoff is CIMSEC’s Director of Online Content. Contact him at Content@cimsec.org.
Featured Image: Marines with Marine Corps Forces Cyberspace Command pose for photos in cyber operations room at Lasswell Hall aboard Fort Meade, Maryland, Feb. 5, 2020. (USMC photo by Staff Sgt. Jacob Osborne)