Imagine this scenario. Your ship is operating out of Long Beach, Calif. It’s a sunny day with calm winds and a flat sea. Suddenly your Electronic Chart Display and Information System (ECDIS) and Automatic Identification System (AIS) show your vessel off the coast of Nigeria. What happened? Well, this scenario isn’t that farfetched. In June 2019, the offshore supply boat Princess Janice was operating from a Nigerian oil terminal when the AIS abruptly showed the ship circling above Point Reyes, Calif. and then eventually deviating to above Utah. This false AIS reading lasted for almost 400 hours. On that same…

The maritime industry has been busy during May and June relative to cybersecurity. I recently came across an interesting opinion article on csoonline.com entitled “Legacy Systems are the Achilles heel of critical infrastructure cybersecurity” by Christopher Burgess. As I read the article and pondered the headline, I immediately thought that “legacy systems” are also an Achilles heel in both shipboard and seaport digital environments. So, the first section of this commentary is an expansion of this thought. Secondly, in June, there was an announcement about a new maritime cybersecurity group called the International Maritime Cyber Security Organization (IMCSO). I’ll tell…

April was a remarkably busy one for maritime cyber and physical security news. For this column, the focus will be on the U.S. Coast Guard Cyber Command’s annual Cyber Trends and Insights in the Marine Environment (CTIME) report. A high-level overview of this 60-page report is provided below with some recommendations for actions by shipping companies, seaports and other maritime stakeholders. Cyber Trends On April 22, the U.S. Coast Guard announced the release of the third annual CTIME report, available at https://bit.ly/4b19aVg. The report’s intention is to provide relevant information and lessons learned about cybersecurity risks to maritime security, while…

Setting the Stage The frenzied buzzing of the seaport manager’s cell phone interrupted his weekly staff meeting. There were urgent text messages and voice mails signaling that there was a major problem at Container Terminal 5. One text message said, “Crane 5A has stopped functioning! Crane 5C can’t be stopped! Help!” Apparently when one of the world’s largest container ships containing over 20,000 Twenty-Foot Equivalent Units (TEUs) docked at Terminal 5, all hell broke loose. But why? Even though this is a hypothetical story, the U.S. Government and FBI are worried that such a scenario could come true. On Feb.…

The maritime industry continues to be a target for cyberattacks. In 2023, the industry witnessed increased cyberattacks, with ransomware and distributed denial of service (DDoS) attacks being the most predominant. We hope to raise awareness about these threats, focusing on the incidents that occurred in 2023, while providing some insights into effective defense strategies. Of note, a useful resource to view a record of global maritime cyberattacks is in the NHL Stenden, University of Applied Sciences Maritime Cyberattack Database at http://tinyurl.com/dejyercr. It’s a free resource that was referred to when preparing this article. Cyberattacks: Financial and Business Consequences An October…

“Quishing” and a summary report. Cyber and physical security concerns are still actively in play in the maritime industry. Ships, seaports and supporting organizations are all exposed to cyber-attacks and threats to their physical security. In this column, we examine a new cyber phenomena, followed by a seminal report sponsored by market data firm Thetius, risk management company CyberOwl and international law firm HFW. Phishing and “Quishing” Due to its increasing digitization and connectivity, the maritime sector has become more vulnerable to cyber threats, including phishing and the newly emerging threat of “quishing.” Phishing is a common method used by…

The maritime industry exists to move goods and people via the oceans, lakes and rivers. These goods range from breakbulk—such as wheat, coal, gravel—to thousands of containers moving high-value cargo. Unfortunately, cargo theft in the U.S. is a $15 to $35 billion enterprise that affects seaports, airports, trucking companies and shipping companies daily. The cargo thefts are not necessarily focused on high-value goods such as semi-conductors and precious metals, but also on food and beverages. For instance, in the Seattle area, one thief posed as a Safeway employee and attempted to steal more than $700,000 of king crab for resale.…

The late spring and early summer months have been busy for the maritime industry. Over the past few months there have been a series of reports issued by Allianz, DNV and the U.S. Coast Guard that examine trends and offer insights on maritime cyber and physical security that are likely of interest to Pacific Maritime readers. Before we begin to detail these reports, let’s examine the ransomware attack at the Japanese Port of Nagoya on July 5. Nagoya Port Ransomware Attack On or about July 5, the Port of Nagoya was shut down by a ransomware incident infecting computers that…

Recently on my YouTube channel, I posted a video about 10 cybersecurity threats today’s executive needs to keep in mind (https://bit.ly/3HQ4Z2e). As I thought about this list, I realized it also applies to those of you in the maritime community. So, here is a review of those threats for your awareness. The list of cybersecurity threats is broad; however, here are 10 select threats discussed in this article: Nation-state attacks Artificial intelligence attacks Zero-day exploits Supply-chain attacks Insider threats Social engineering attacks Cloud security threats Internet-of-things (IoT) attacks Ransomware attacks Phishing attacks In November 2022, the Secretary of the U.S.…

I just finished reading the book Intelligent Automation by Pascal Bornet. It’s a fascinating look at the future implementation of artificial intelligence in today’s and future businesses. Since my role is to assess and understand the cybersecurity threats on the maritime sector, Bornet’s book caused me to look for analysis and resources regarding autonomous ships and their implementation. I was surprised at how much has been written on this subject. As an experiment, I suggest you do a Google search on terms such as “autonomous ships,” “autonomous seaports,” etc. I think you’ll be surprised. What I’d like to provide in this…