For the last several years the Coast Guard has become increasingly concerned about cybersecurity and the maritime industry. Coast Guard personnel have come to my dock to discuss cybersecurity and have distributed documents and information on the subject. They have even sent me a cybersecurity questionnaire. Clearly, cybersecurity is keeping them up at night.
I understand the negatives associated with a cyberattack on my company’s electronic financial systems, but I have struggled with understanding how a cyberattack might affect my company’s marine operations, given that our vessels are older and essentially use “cables and chains” for engine commands and steering. Our radar system and GPS could possibly be corrupted by such an attack, but these technologies are essentially used as backups for navigation, since nothing works better than looking out your pilothouse window.
I welcome new marine technologies, yet I look back fondly on my time on the Delta Queen in the 1970s when I would sneak away to the pilothouse to learn from experienced captains. I learned the importance of knowing where you are and what is outside the pilothouse windows. I was mentored by those who knew the rivers inside and out. They were familiar with the locations of every snag, and they knew the names of all the creeks and tributaries. In other words, they were well prepared to cope with any navigational challenge that cropped up. It is important that today’s mariners have a similar foundation in the basics of safe navigation and not rely solely on technology.
At the same time, technology and the internet are thoroughly woven into the fabric of our society, including the maritime industry. That is why cybersecurity is of growing concern to both business and government.
Everyone in our industry should take a good hard look at their systems that interface with the internet to determine how vulnerable they are to outside attacks. A cybersecurity assessment will provide answers to these questions. You may find that you do not have many vulnerabilities, but you may also identify some areas that need to be firmed up.
There are tools available to help you assess your company’s cyber weaknesses. For example, the Passenger Vessel Association (PVA) provides its members with cybersecurity guidelines and a cyber risk assessment tool that can be used to identify any vulnerabilities.