The National Maritime Cybersecurity Plan issued on the 2nd of December and recently made available joins a list of national strategies and plans addressing security for the 95% of all U.S. trade that depends on maritime. It outlines a number of challenges and threats the nation must address. None are trivial.
Challenges include a too-small workforce, confused federal-level governance, and information/intelligence sharing. Also, a highly varied set of commercial and other governmental stakeholders, many of which might find it difficult to establish a credible cybersecurity program.
Threats are many and varied to both Information Technology (IT), and Operational Technology (OT) systems. A category of threat is described as coming through electromagnetic spectrum system (EMS). Threats via EMS include communications systems and GPS.
At one point the plan describes how, in 2016, the Department of Homeland Security predicted that loss of GPS signals would bring port operations to a halt if a backup system wasn’t available. This wasn’t a difficult prediction because the U.S. Coast Guard had already seen it happen in 2014.
Elsewhere the plan describes jamming and spoofing navigation as significant problems. Also how 14 maritime groups petitioned the U.S. Coast Guard Commandant to raise the issue at the International Maritime Organization (IMO). GNSS interference was later described by IMO as an urgent and safety of life issue.
It is good to see another national document including GPS disruption as a cyber issue. Disruptions:
- Interfere with IT and OT systems’ ability to communicate,
- Interfere with end use devices (computers and equipment of all kinds), and
- Can insert false data into systems.