Welcome to the home page for the Maritime Cyber Security and Infrastructure Committee
We expect that this committee will be of interest to members from a wide range of domain areas and of a wide range of expertise. One of our key goals is to be a centralized resource for information that will be useful to members with different needs, to be the ``one-stop shop". Our petition for approval by MTS has more missions, goals and planned activities.
We're just getting started and the field is very broad but we wanted to start providing some value ASAP. Here are a few things to get you started:
DHS has just released its strategy for cybersecurity efforts.
Here are some comments from John Jorgensen (ABS) that came up in committee discussion. They give a good overview of the complexity and urgency of the cyber security issues we're considering. (And constitute our first blog post!)
And here is a paper by Phil McGillivary (USCG) from Ocean Science 2018. The context is scientific vessels but addresses many of the same issues John does for commercial vessels.
On November 15, 2017 the Committee held our first event. The Technology Innovation Breakfast on The Future of Maritime Cyber Security Requirements took place in Arlington, Virginia. The panel included topic experts from USCG, J2, DHS and TAMU, moderated by our vice-chair Max Bobys from Hudson Analytix. A video of the entire program can be viewed here.Basic Resources
If you or your organization are just getting ready to ramp up on security, there are a lot of good resources available online. Here are a couple that are useful for small and mid-sized businesses and government agencies:
From the US Department of Homeland Security: Stakeholder engagement and cyber infrastructure resilience.
From the UK National Cyber Security Centre: NCSC Guidance. It includes printable posters and a broad range of advice.
And if you're getting a little deeper into the issues, you can look at the Be Cyber Aware at Sea page. It has lots of links to guidelines, best practices, etc.
The US Department of Homeland Security has posted a Long-Range Broad Agency Announcement under the Science and Technology Directorate.
As noted in the announcement, this invitation is especially open to original proposals and they have a specific interest in maritime cyber security.
The Coast Guard has put out a draft for a Navigation and Vessel Inspection Circular on "Guidelines for addressing cyber risks at MTSA facilities" (NVIC 05-17). Comments are closed but links to the NVIC and the public comments can be found here.OT and IT
Cyber security is challenging enough when it just involves protecting headquarters data. It gets more complicated when security is needed “beyond the digital fortress”. Here are a couple of papers that deal with integrating OT and IT. (See also discussion at the Innovation Breakfast.)
Aarushi Goel works in security by design and security infrastructure. Here’s a very interesting presentation on cyber security in the oil and gas industry given at the recent Dynamic Positioning conference.
PAS Global specializes in industrial control systems. Their focus isn’t specifically maritime but many of the same issues arise in maritime cyber security as well. Here’s an interesting discussion of these issues from an industrial control point of view.
Homeland Security has a site for cyber emergency response for industrial control systems (ICS-CERT) and a page for recommended practices. It's not specifically maritime but many of the control system issues will be similar.
As reported in the press, Naval Dome has demonstrated the maritime industry's security problems with a series of cyber penetration tests on systems in common use aboard tankers, containerships, superyachts and cruise ships. Test results showed that hackers can access and over-ride ship critical systems including live, in-operation systems used to control a ship's navigation, radar, engines, pumps and machinery, signals to fuel and ballast pumps and the Machinery Control System.
For further information check out the Naval Dome report.
And in another announcement, ``Maritime cyber security specialist Naval Dome has confirmed it has signed a contract with Piraeus-based Stamco Ship Management to install its maritime cyber defence system aboard 55 Pure Car and Truck Carriers (PCTC). Stamco Ship Management provides technical and commercial ship management services to various companies like NYK, MOL, K-Line, China Shipping, Höegh Autoliners, WWL, Eukor and Glovis. Naval Dome will install the security system onboard the vessels' bridge, navigation, communication and machinery control systems to deliver maximum, multi-layered protection from any existing or future cyber security threat. Earlier this month a security industry report revealed that ransomware is now the most common type of malware, accounting for 39 percent of malware-related hacks. The Verizon report found that attacks are also moving into business-critical systems, which encrypt file servers or databases, inflicting more damage and commanding bigger ransom requests."Educational Initiatives Stevens Institute of Technology Summer Research Institute.