Page 37: of Maritime Reporter Magazine (September 2018)
Maritime Port & Ship Security
The Slow Boat to
Ports are making up for lost time
BY PATRICIA KEEFE
Despite the critical role the maritime transporta- both maritime security plans required by law, and tion. Years have also been spent publishing cy- tion system plays in the economic health of the regulation generally, also did not identify or ad- ber security guides and checklists, strengthening
United States, and despite its fairly recent em- dress those same issues. regulatory directives, completing ? ve-year facil- brace of all things automated – cranes, vehicles, ity security plans, conducting cyber risk assess- surveillance and even vessels – the sector has “...Two If By Sea” ments, deploying mitigation efforts, and building been slow to warm to the need to protect its digi- Perhaps spurred by those two reports, concern relationships in the far-? ung, highly complex tal systems and assets. about lax port cyber security exploded in 2015, as and competitive port community through par-
Post 9/11, security concerns about the nation’s the alarm was sounded loudly one after another, ticipation, in part, in the USCG’s Area Maritime borders, air space and infrastructure, including by a raft of industry organizations, government Security Committees (AMSC), and their cyber ports, moved front and center for a brief moment agencies here and abroad, academia, insurance subcommittees, which can be found in most key before other concerns, like the search for victims companies, standards groups, think tanks and re- port areas. ASMCs are comprised of representa- and perpetrators, the cleanup of the site and city, searchers. Almost simultaneous, together they re- tives from the USCG, government agencies, law and legislative debate over homeland security leased a wave of reports, seminars, white papers, enforcement, shippers, port authorities, terminal needs versus long-held citizen rights, pushed in- primers, strategic plans, directives, resolutions, operators, harbor vessels, even some clients, all frastructure to a back burner. and even some legislative calls for assessment working to identify and address security issues,
Still, critics kept up a steady drumbeat of worry and information sharing - all addressing what as well as share information and create best prac- over the safety of the nation’s ports. In the en- they saw as a deeply worrisome lack of aware- tices, in their areas of operation. suing years, as port automation grew, physical ness, concern and action addressing the cyber se- Some of the changes we’ll see this year into security was upgraded and nailed down, helped curity vulnerabilities of the nation’s ports. next is a much greater emphasis on cyber risk in part by the government’s Port Security Grant Particularly alarmed were participants in a management, resiliency and collaboration, as the program. Maritime Cyber Security Symposium hosted in cyber security community tries to defend against
Mostly talk about cyber security plodded along 2015 by the Command, Control and Interoper- complacency (even the best security efforts will under the radar until the publication of two damn- ability Center for Advanced Data Analysis (CCI- take a hit at some point) by getting maritime com- ing reports that took the nation’s ports, the U.S. CADA), where speakers warned that “Maritime panies and ports to create contingency plans to
Coast Guard and Homeland Security Department Cyber Attacks Occur in a World of the ‘Quick and enable them to recover as painlessly as possible to task for not aggressively or adequately ad- the Dead,’ and that “Cyber Attacks on Ports and from a successful attack, and to encourage them dressing port cyber vulnerabilities. Ships Could be Catastrophic.” to work collaboratively on building best practices
Published in 2013, the Brookings Institution’s Maritime executives too came in for their share and sharing information about attempted and suc- “The Critical Infrastructure Gap: U.S. Port Facili- of criticism for failing to take the lead in making cessful cyber attacks.
ties and Cyber Vulnerabilities,” is still considered cyber security a priority, while the sloppy cyber valid today. Published in 2014 by U.S. General hygiene of employees on the front line got them
Accounting Of? ce, “Maritime Critical Infrastruc- labeled as the weakest link.
ture Protection” (GAO-14-459), directed its cri- Wherever you looked, regardless of source, the tique primarily at the U.S. Coast Guard, which it message was loud and clear – do something about said had failed to conduct a risk assessment that cyber security or face serious business conse- “fully addressed cyber threats, vulnerabilities and quences – regulation even! consequences.” The GAO also complained that By 2016, the focus was squarely on educa- © Bits and Splits/AdobeStock www.marinelink.com 37
MR #9 (34-41).indd 37 MR #9 (34-41).indd 37 9/5/2018 11:43:36 AM9/5/2018 11:43:36 AM