Computer Security · cyber security · Cyber warfare · Cybersecurity · cyberwar · Information operations

Maritime Cybersecurity “low, to non-existent”.


According to the European Network and Information Security Agency or ENISA, “Maritime cyber security awareness is currently low, to non-existent.”

LNG Tanker

Imagine, if you will, a huge behemoth of a ship – a tanker or a cargo ship – controlled by hackers.  Imagine a LPG or LNG  ship being used as a remotely controlled bomb. Instead of buying a ship for the relatively cheap price of $15 million, one could simply take control of the ship remotely and guide it into a target from thousand of miles away. Imagine the boom that 135 million cubic yards of natural gas could make if an LNG ship were run aground beneath the George Washington Bridge, on the West side of Manhattan.  Not only would the main thoroughfare up and down the East Coast potentially be obliterated, the blast could conceivably emulate a nuclear blast in its bursting radius.  A major part of Manhattan would disappear, as would a critical portion of New Jersey.  Oh, I forgot to mention, people, LOTS of people, might die.  This would probably be considered an act of war, more people could conceivably be killed than on 9/11/2001.

This is especially disturbing, as the International Maritime Organization (IMO) has mandated the transition from the primary use of paper charts to the Electronic Chart Display and Information System (ECDIS) beginning in 2012. On the surface this is a fine and noble cause, updates received from weather satellites and reports of pirates enable a ship to avoid hazardous areas, this could be deemed rerouting for safety and security.

This is where the disconnect first appears. The ENISA is calling for a merger between their standards and the IMO.  This is fine, until one reviews the IMO documents for remote operations – THERE IS NO MENTION of CYBER-SECURITY.  Not one.  IMO mentions ‘cyber’ as a developing problem in a total of two documents in the forms of warnings, but other than the training of the Ship, Company and Facility Security Officer, there is no mention of a security functionality and there is absolutely no mention of cybersecurity anywhere.

ENISA has first exposed a problem in their report, IMO still has to address this problem.

3 thoughts on “Maritime Cybersecurity “low, to non-existent”.

  1. You might want to double check your first link, to the European Network and Information Security Agency. It is redirecting to http://www.enisa.europa.eu/media/press-releases/2008-prs/201cinside-the-matrix-privacy-data-protection-challenges201d/index.htm which returns “Page Not Found”.

    Thank you for a good post about maritime security. Maritime law, maritime news, maritime anything receives little media coverage, attention. But it is so important in terms of revenues AND necessity for critical global trade flows e.g. food and energy!

Comments are closed.