Page 20: of Maritime Reporter Magazine (October 2017)

The Marine Design Annual

Read this page in Pdf, Flash or Html5 edition of October 2017 Maritime Reporter Magazine

Captain Drew Tucci is the USCG Cap- Professor Scott Blough is a faculty Dr. Joe DiRenzo is the Director of Re- tain of The Port for Sector Long Island member at Tif? n University, directing search Partnerships for the U.S. Coast

Sound. Center for Cyber Defense & Forensics. Guard R&D Center.

route into the system. This technique Charter is the seminal document that Security Act (MTSA) is to prevent and bypasses ? rewalls and other security dictates this collective defense. Since prepare for a Transportation Security controls, typically found in components Article 5 was written in 1949 when Incident (TSI), which is “a security in- of the MTS, due to the ability to make NATO was formed, it addressed only cident resulting in a signi? cant loss of outgoing connections that are typically physical attacks. In 2013, NATO pub- life, environmental damage, transpor- encrypted. This type of attack was used lished the Tallinn Manual, which was tation system or economic disruption”. in the Flame malware in 2012 and is designed to delineate legally justi? able The ISPS Code serves a similar function often associated with nation states. In responses to cyber attacks. The Tallinn for the IMO. Despite obvious bene? ts essence, the attackers were able to wea- Manual 2.0 was published in early 2017 for overall security, both regimes are ponize software updates. and attempted to expand on the ? rst edi- focused on terrorism and similar threat

Additionally, many researchers have tion and de? ne the new cyber world in actors rather than routine criminal activ- noted that the backend of the ransom- legal terms. Although it attempts to pro- ity, which has dominated cyber attacks ware associated with NotPetya is ex- vide a secondary source of law for cyber up to this point.

tremely crude. Given the complexity of con? ict, it did not explicitly answer the The NotPetya attack shows that rou- the weaponization of the MeDoc soft- question of employing Article 5 in the tine cyber crime can have MTS-wide ware update and the multiple attack event of a cyber attack. Since NATO consequences, and that cyber crime can vectors of NotPetya, one would assume has not determined the appropriate level mask attacks whose actual purpose is to that if the purpose was to collect money, of response to cyber attacks against its disrupt the MTS or otherwise weaken more effort would have gone into de- members covered under Article 5, Rus- our trade patterns and infrastructure. In signing the backend payment method. sia’s risk of NATO retaliation would be other words, cause a TSI.

Thus, we are left to wonder if it was ran- minimal given Ukraine’s partner status. The MTSA achieves its goals by ad- somware scheme or something entirely dressing security risks at the individual different. There is also the symbolism Mitigation Strategies and the Mari- vessel and port facility level, and at factor involved in this maritime cyber time Transportation Security Act port-wide risks. Individual vessel and attack. Ukraine established a partner- While it may not be possible to objec- facility operators conduct a security as- ship through the NATO Ukraine Char- tively determine the motivation behind sessment and develop a security plan for ter, which was signed in 1997, much to the NotPetya attack, the incident shows Coast Guard approval. These guidelines

Russia’s displeasure. A cyber attack on that the consequences of cyber attacks will take time to ? nalize and implement,

Ukrainian infrastructure could be seen go beyond credit card and ? nancial but in the meantime, class societies and as a low risk form of retaliation by Rus- fraud. While the attackers may have industry groups have already begun to sia, given that the Ukrainian partnership gained little in bitcoin, the event was a establish their own programs.

status with NATO would not invoke Ar- signi? cant economic and marine trans- At the port level, Area Maritime Se- ticle 5. Since NATO is a collective de- portation system disruption. curity Committees serve as risk as- fense organization, an attack on one is In the United States, one of the ob- sessment, information sharing, and an attack on all. Article 5 of the NATO jectives of the Maritime Transportation communication forums. In 2013 they

EVENT Maritime Risk Symposium

Tif? n University, a member of the Department of Homeland Security generation of maritime cyber space. The event will also include a stu-

Coastal Resilience Center of Excellence, in collaboration with Ameri- dent poster contest to encourage additional academic research in this can Military University, other local, state, and federal authorities, along growing area of cyber security. with industry, will host the 8th Annual Maritime Risk Symposium (MRS 2017) on November 13-14, 2017 at Tif? n University. This event will fo- Maritime Risk Symposium Panels cus on maritime cyber security and the maritime transportation system. Panel 1: Threats in Maritime Cyber (Case Studies)

MRS 2017 will bring together local, state, and federal authorities, Panel 2: A? oat Cyber Vulnerabilities academics, and industry to discuss the threats and challenges to mari- Panel 3: Legal & Insurance Issues in Maritime Cyber time cyber security and the marine transportation system. With a focus Panel 4: Advancing Maritime Cyber Security Education & Research on the articulation of current and future maritime cyber challenges and Panel 5: Maritime Cyber: An Industry Perspective threats, the symposium will outline the implementation and operation- Panel 6: Maritime Cyber Risk: The Holistic View alization of a sound maritime cyber strategy. Panel 7: Maritime Cyber Risk: The National Labs Panel

The symposium will assess threats, vulnerabilities, and recent ad- www.tif? n.edu/criminaljustice/maritime-risk-symposium-2017 vancements in both attack vectors and maritime cyber security re- search to inspire ideas for innovative research that will de? ne the next 20 Maritime Reporter & Engineering News • OCTOBER 2017

MR #10 (18-25).indd 20 MR #10 (18-25).indd 20 10/5/2017 2:24:39 PM10/5/2017 2:24:39 PM

Maritime Reporter

First published in 1881 Maritime Reporter is the world's largest audited circulation publication serving the global maritime industry.