Proceedings magazine is a communication tool for the Coast Guard's Marine Safety & Security Council. Each quarterly magazine focuses on a specific theme of interest to the marine industry.
Issue link: https://uscgproceedings.epubxp.com/i/528099
49 Summer 2015 Proceedings www.uscg.mil/proceedings I suggest that a modern ship is, in effect, a global, mobile, industrial control system. As mariners, we faithfully attend to all manner of vital systems and equipment, from the navi- gation light on the masthead to the shaft seal. Cyber systems deserve the same attention. Cyber dependencies and vulnerabilities don't end at the dock. American ports, terminals, and support systems are vital components of our nation's critical infrastructure, national security, and economy. Facilities use computers and cyber systems to move and track containerized cargo, operate pumps, and monitor tank levels for crude oil and refned products, control gate access, and operate various communications, security, safety, and other vital processes. Jamming blocks an incoming signal, spoofing creates a data signal that fools the receiver. Threats and Consequences Unfortunately, cyber threats are as ubiquitous as cyber vul- nerabilities. The media gives much attention to the potential for organized terrorist cyber attacks. While these threats are Cyber security needs to be part of an overall culture of safety and security. GPS and Navigation Among all the cyber-related vulnerabilities that threaten vessel operations, the Global Positioning System (GPS) is probably the most evident and the most prevalent. GPS has been with us for years, but what was once a stand-alone supplement to tried-and-true navigation techniques is now a fully integrated system that reaches into many aspects of ship operations. A GPS failure due to signal inter- ference, malware inserted into shipboard electron- ics, or simple technical failure could cause serious problems for the modern ship. For example, GPS, as a satellite-based system, trans- mits at low power and therefore has an inherent vulnerability to jamming. Although illegal, GPS jamming devices are available and simple to oper- ate. Indeed, there have been a number of well- reported incidents of localized GPS outages due to jamming. Spoofng is another GPS-related risk. While jam- ming overpowers and blocks an incoming signal, spoofing creates a data signal that fools a receiver into accepting the false signal as legitimate. If an autopilot or inattentive mariner fails to recognize the erroneous sig- nal and adjusts course based on the false information, the results can be bad. In addition to signal interference, malware can also affect GPS-dependent systems on a vessel. Among the cyber-related vulnerabili- ties, GPS is the most prevalent. Other Cyber-Dependent Systems Beyond the GPS position, navigation, and timing data, cyber-dependent systems are the basis for many other ship- board operations, including propulsion, steering, cargo and ballast, communications, fre detection, security, envi- ronmental monitoring, HVAC, and more. The DHS Cyber Emergency Response Team defnes an industrial control system as "… an information system used to control indus- trial processes such as manufacturing, product handling, production, and distribution or to control infrastructure assets." 1 While this defnition has a decidedly "land" favor, GPS-dependent systems