A US congressman has questioned lawmakers’ and government agencies’ readiness to deal with maritime cyber security threats
John Garamendi, a Democratic representative from the US state of California said understanding cyber threats fell short among his colleagues in congress as well as within the federal government’s security apparatus, during a panel discussion on US strategies for securing maritime commerce held at the Brookings Institution in Washington, DC.
Asked if he was confident in congress’ oversight of cyber security risks and action on protecting maritime commerce, Representative Garamendi said the group is “aware but not adequately engaged and not adequately addressing the problem”.
Speaking about the US executive branch's agency that oversees and co-ordinates the country's various security agencies, he said “we have questions about whether the Department of Defense is up to speed on cyber”.
Mr Garamendi, a member of the congressional Subcommittee on the Coast Guard and Maritime Transportation, described key maritime infrastructure – “the entire network … for delivering everything to the ports and to the ships” – as being vulnerable to cyber attack.
“Every shipment is in the private domain and readily available and anybody who wants to know where anything is going [can],” he said. “We know this is a major vulnerability … Are we up to speed? No. Are we dealing with it? We’re moving – inadequately, in my estimation.”
Mr Garamendi characterised the threats as ‘very severe’ and cited the potential spread of known threats including GPS spoofing – which, he said regularly takes place in Russia.
“We should assume that spoofing could occur in the United States, and ships that are totally dependent, as they are today, on GPS will find spoofing is a problem. So that's just one of many, many examples of cyber security [threats],” he said.
United States Coast Guard (USCG) Vice Admiral Daniel B Abel, also taking part in the discussion, said training and regular assessment of inspectors were keys to keeping vessels and ports protected from an expanding cyber risk, recounting confusion on the part of the industry when the USCG required cyber security plans.
“As we added the cyber element, both shoreside and vessels were like, ‘What do you expect from us?’” he said. To which, the coast guard’s response was “Well, if something is not going well, you've got to tell us. And how do you plan to recover from it?”
Vice Admiral Abel said the USCG responds to cyber security threats in the same manner as all potential security breaches, working with companies and operators to manage the risk.
He described a recent threat attended to by a USCG ‘cyber boarding team’.
“We recently had [a vessel] that anchored out [with a cyber security threat]. We had a cyber boarding team that went out, worked with the vessel, confirmed all the cyber effects were isolated to that vessel; they made sure that the handling of the vessel and the control systems of the vessel were not at risk, they got a green light, and the captain of port let them come in,” he said.
The industry representative on the panel – Ms Jennifer Carpenter, executive vice president of industry body American Waterways Operators – said the industry focus is on risk management.
“Cyber is a risk that has to be managed, and it has to be managed really no matter what part of the system you are operating in and no matter the size of your company,” she said.
“Any company is vulnerable to a cyber incident, whether that is extortion, whether that is a security incident. And so it's extremely important that all companies are looking at this.”
How secure are your systems from cyber attack? Book now for the forthcoming Cyber Risk Management Forum in London on 25 June