View non-flash version
www.marinelink.com 17ready have a Homeport account. You then send an email to homeportcy-berscurity@uscg.mil, asking to join. Members are provided with recom-mendations and activities helping them keep abreast of cybersecurity issues.All of this may appear overwhelm-ing to a ship owner or operator. After all, what is the likelihood that a terror- ist will target your particular company or vessel or facility? Admittedly, the odds are low, but not zero. We know from the terrorist attacks of Septem-ber 11, 2001, as well as the maritime attacks on the destroyer USS Cole in Aden on October 12, 2000, the super- tanker Limburg off Yemen on October 6, 2002, and the supertanker M Star in the Strait of Hormuz on July 28, 2010, that terrorists seek soft targets. Marine facilities have not been exempt from terrorism, with attacks on Ashod, Israel (March 13, 2004); the Iraqi Khawr al Amaya crude oil terminal (April 24 2004); and the Karachi East Wharf in Pakistan (May 26, 2004). If your com-pany or vessel or facility appears to be hardened, the terrorist will probably go elsewhere. There is plenty of evidence that the average maritime company or vessel or facility is vulnerable, particu-larly to a cyberattack. Terrorism aside, there is a sel Þ sh rea- son for hardening your company, ves- sel, or facility against cyberattack. By taking such steps, you also may harden your operation against such threats as spurious electronic signals, malicious activity, industrial espionage, and criminal activities.On May 10, 1993, the Coast Guard promulgated a regulation that came into effect on July 9, 1993 provid- ing, among other things, that tankers equipped with an integrated navigation system (INS) could, under certain cir- cumstances, use the INS with the auto pilot engaged while in the navigable waters of the United States. A suspen- sion of the effectiveness of that regula- tion was issued on July 6, 1993 after a vessel utilizing its INS experienced a sudden, unintended, and drastic course change when the INS malfunctioned as a warship in the vicinity emitted a strong electromagnetic pulse. In its suspension order, the Coast Guard stated that currently (in 1993) ?there is no performance standard for a ship-board INS in terms of accuracy, integ- rity, or reliability. Although the Coast Guard recognizes that the use of INS with an autopilot offers the potential to improve navigation safety, adequate testing and evaluation of this technol-ogy has not been conducted. The Coast Guard intends to conduct further rule-making concerning necessary testing and methodology for certifying that performance standards have been met and will provide further opportunity for public input.? There have been no further developments regarding INS performance standards since 1993.In the June 2003 edition of Maritime Reporter & Engineering News, I au-thored an article entitled: ?AIS ? Pan-acea or Pandora?s Box.? I pointed out that, when operating as intended, the Automatic Identi Þ cation System (AIS) was an important navigational safety tool, particularly with respect to collision avoidance. I also pointed out, though, that because of the way the transceiver was conÞ gured, much of the data being transmitted could be manipulated. SpeciÞ cally, I questioned reliance on AIS as a maritime security tool. I didn?t know the half of it. It has recently been demonstrated that spurious AIS signals can be transmit- ted showing vessels to be far from their actual location and on incorrect cours-es and speeds. AIS signals can also be generated showing phantom ships. One can no longer inherently trust the AIS signals being received by your transceiver and displayed on your EC-DIS. The system needs to be revised to incorporate an authentication program.In the September 2013 edition of this same magazine, I authored an article entitled: ?GPS spooÞ ng.? I pointed out that it is now possible to spoof Global Positioning System (GPS) and other space-based positioning, naviga-tion, and timing (PNT) services. As with AIS, these PNT services must incorporate an authentication system or adopt other measures to avoid ac-cidental or intentional presentation of erroneous data. Work is currently un- derway to address these issues. Even then, it will likely only make spooÞ ng more difÞ cult, but not impossible. I do not claim to be prescient. I am only reporting the work of others, more technologically proÞ cient than myself. I am saying, though, that steps should be taken by members of the maritime community to enhance their cybersecu-rity. There is a growing threat to ma- rine safety, security, and environmental protection from the over-reliance on electronics to accomplish operational tasks. Adopting appropriate cyberse- curity measures will reduce business risks.MR #12 (10-17).indd 17MR #12 (10-17).indd 1712/2/2013 10:19:00 AM12/2/2013 10:19:00 AM