The Department of Homeland Security considers marine transportation to be among the most critical infrastructure sectors in the nation. Disruption or incapacitation of vessel navigation, cargo inventory and port facility systems, should it happen, affects homeland security, personal safety — and the economy.
And cyberthreats to maritime vessels and facilities continue to rise.
A recent ransomware attack against one of the world’s largest shipping companies nearly incapacitated its vessel and terminal operations at 76 ports worldwide, including the ports of Los Angeles/Long Beach and the port of New York/Newark, causing extensive shipping delays and costing the company nearly $300 million in lost revenue.
"Advances in autonomous surface vessels make maritime cybersecurity even more critical," notes Stevens Institute of Technology maritime systems professor and security expert Barry Bunin.
Now Stevens is playing a significant role in the effort to build that security.
"Stevens, as lead institution for the Maritime Security Center (MSC), a Department of Homeland Security National Center of Excellence in Maritime and Port Security, is actively engaged in solving problems related to cyberthreats that face the maritime sector," notes MSC Director Hady Salloum.
Battling the rising maritime cyberthreat
Two major projects are currently underway at the university.
Working in conjunction with the Houston-based American Bureau of Shipping (ABS), MSC is developing cyber-awareness training for the U.S. Coast Guard as well as risk-based performance standards tailored to vessel owners and port facility operators.
The project focuses on identifying and understanding cybersecurity risks in maritime asset functions such as navigation, propulsion and steerage that operational technologies support, then developing a risk model to bolster and adjust cybersecurity protections across those assets.
The practical risk model developed, a "virtual vessel," will be based on new understandings of cyber risk uncovered in the research — and will replace decades-old risk equations by considering and integrating current maritime realities.
Stevens will go on to develop a simplified set of cybersecurity standards the Coast Guard can utilize to conduct security reviews of port facilities and vessels; educate and inform port partners as they plan, maintain and upgrade their cybersecurity postures; and provide additional guidance in enforcing the physical and operational safety and security of the nation's marine transport systems.
Education, workforce development also addressed
MSC also partners with Stevens faculty to tackle marine cybersecurity from educational and workforce-development perspectives.
The National Science Foundation (NSF) has awarded Stevens nearly $500,000 for a multi-year project to study the challenge, and to develop new research and new curricula around maritime cybersecurity. The project will be a collaboration among the MSC, Stevens, Rutgers University and Texas Southern University. Principal investigators from Stevens include computer science department chair Giuseppe Ateniese, cybersecurity program director professor Susanne Wetzel, Bunin, and MSC education director Beth Austin-DeFares.
Among the products of the NSF effort will be the creation of two new interdisciplinary programs on the undergraduate and graduate-levels in maritime cybersecurity; workshops, seminars and course materials; a new internship program; and focused research that will inform better systems and awareness across the maritime enterprise.
The work will also help build a cybersecurity workforce specifically tailored to both the maritime domain's public components (such as the Coast Guard and U.S. Customs & Border Protection) and its industry members, notes Austin-DeFares.
The project, "Building Capacity in Critical Infrastructure Protection," will run through at least 2019.