Coast Guard cybersecurity specialists recently boarded a vessel before admitting it to port, to ensure the cyberattack it had suffered hadn’t impacted its control systems and wouldn’t spread to other vessels, said Vice Admiral Daniel Abel, deputy commandant for operations of the U.S. Coast Guard.
“We recently had one [vessel] that anchored out, we had a cyber boarding team that went out, worked with the vessel, confirmed all the cyber effects were isolated to that vessel, they made sure that the handling of the vessel and the control systems of the vessel were not at risk, they got a green light, and the captain of port let them come in,” Abel told an event this week at the Brookings Institution.
Abel did not provide any details, but the first of its kind “cyber boarding” highlights growing concerns about cybersecurity in the maritime sector, he said.
“As it stands now, we do get reports from shippers and ships that say ‘I’ve had a cyber breach and I’m inbound to your port.’ We quickly work with that, our intel center can tell us how many fellow ships from that particular shipping line are due into U.S. ports, we work with the company about what vulnerability is there,” he said.
In the maritime sector, as in other parts of the U.S. economy, information technology has become the vital “spinal cord” without which industry can’t function, Abel said, which makes cybersecurity as important to the safety and security of vessels as hull integrity.
He noted that “Now, our marine inspectors go on board and they say ‘Show me your cyber protection plan,’ along with ‘Show me your lifejackets,’ and ‘Show me how you’re going to do firefighting.’ We’re recognizing the fact that that’s a vulnerability that needs to be inspected. And the fact that we’re getting reports from industry that they’ve had a cyber breach indicates that the industry is taking it seriously [too],” Abel said.
In the cyber arena, just like every other area of its operations, the watchword of the Coast Guard is partnership.
“Just like any other potential breach of security, cyber is the same way,” Abel explained. “If you have a breach of security you call the Coast Guard, we’ll work with the company, we’ll work with the operators, to make sure that we work around that. We manage the risk and we come in.”