By Jimmy Drennan
Submissions Due: Extended to February 22, 2021
Week Dates: March 1-5, 2021
Article Length: 1000-3000 words
Submit to: [email protected]
CIMSEC is partnering with Cyber Nation Central to launch the latest Project Trident call for articles, this time on the impact of cybersecurity on future international maritime security. Cyber Nation Central “focuses on industry and government leadership in cyberspace defense, and its mission is to create cyber-secure renditions of physical nations for the U.S. and its global partners.” Cyber Nation Central seeks to spur cybersecurity innovation and bring practical transformation, think tank expertise, and strategic advice to corporations and governments to solve the most pressing problems in national cybersecurity infrastructure, specifically the autonomous and connected systems in transportation, defense, and healthcare sectors.
The December 2020 reveal of a major cyberattack on U.S. federal networks reaffirmed the ever-growing importance of cybersecurity. The need to defend computer networks against attack now influences almost every aspect of the global political and economic landscape, and the maritime sector is no exception.
Maritime networks are inherently distributed and vulnerable to attack. One cybersecurity firm noted after a year of investigation that “shipping is so insecure we could have driven off in an oil rig.” Criminals, terrorists, and nation-states are taking note. In the last three years, cyberattacks on maritime infrastructure and shipping have increased 900 percent. Norwegian Cruise Line and Carnival Corporation each suffered network breaches in 2020; the cruise industry is a particularly desirable target due to the amount of personal and financial data they carry. Shipping companies have already incurred hundreds of millions of dollars in losses resulting from computer virus infections, and some speculate that the financial impact of coordinated attacks on certain ports could rise into the billions.
Cybersecurity has rapidly become an essential element of naval warfare as well. Not only must navies be able to defend their own networks, but they must also maintain offensive and maneuver capabilities in the cyber domain. Given the dependence of modern warships on electronic data and networks, achieving maritime superiority in conflict may soon be impossible without first achieving cyber superiority.
Authors are invited to write on any topic related to maritime cybersecurity, particularly the following:
1. What investments, infrastructure, and technological innovation should governments and private entities pursue to achieve maritime cybersecurity
2. How could cybersecurity shape future naval conflict and naval force development?
3. Given the global rise in cyber whaling,1 what measures should be taken to “cybersecure” maritime senior leaders and executives from threats specifically targeting them as the holders of the most sensitive “digital crown jewels” (data, access, etc.)? What domino effect could this method of cyber warfare cause in maritime security?
4. Is cyber “security” even possible in the burgeoning cyber “arms race”?
5. With cyber-hacking becoming less and less prevalent as a technical problem and, instead, 97 percent of hacking crimes done via social engineering, what behavioral training should maritime entities undergo to foster a culture of cybersecurity?
6. What maritime cybersecurity policy areas should lawmakers rethink or consider introducing, and to what end?
7. What improvements could be made in cybersecurity technology distribution speed and effectiveness? How can the cyber supply chain be improved?
8. What cybersecurity recruitment and talent management strategies should maritime entities pursue?
Authors are invited to answer these questions and more as we consider the future of maritime cybersecurity. Send all submissions to [email protected].
Jimmy Drennan is the President of CIMSEC. Contact him at [email protected].
Endnotes
1. Phishing that targets the most senior stakeholders of organizations through their (1) professional networks/devices, (2) personal networks/devices containing professional information, and (3) families’ home networks/devices, allowing hackers to exploit the information to breach the broader organizational network.