PORT , TERMINAL, TANKER, AGENCY , VESSEL TRAFFIC CONTROL, AND OFF SHORE OIL OPERATIONS ARE ALL VULNERABLE AND A FEW OPERATIONS HAVE ALREADY FELT THE STING.
Adult supervision is needed in Washington
The commercial maritime world like the rest of business globally is highly cyber dependent and increasingly more so. The maritime industries are also critical to the economic survival of most nations, particularly the Western nations. For example the United States requires 77 strategic bulk materials to support its economy, 66 of those come by sea. Moreover both the United States and the EU have extensive inland river and canal, as well as coast-wise shipping for internal domestic distribution of many commodities. The U.S. built the Intracoastal Waterways to provide tank barge transport of critical military fuels on a route too shallow for submarines. Canals and coastal water ways are a very difficult system to destroy with traditional attacks. Individual terminals and vessels can be destroyed, but unlike a rail line it is difficult to destroy the system transport right of way. But with shipping reliant on computers and communications between computers hacking becomes a potential "weapon of mass disruption" by terrorist bent on damaging a nation's economy to the point of imperiling defense budgets. There may be no physical damage to the marine transportation and off shore oil infrastructure in such an attack, but the attack renders the systems inoperative for a while and the losses and costs to government can be in the billions, hence mass disruption vice destruction. The Chinese, the Russians share this vulnerability with the U.S. and the EU but prepare to make such attacks on the West , drill, train, and test annually. The Islamic terrorist have capability and intent as well. Defense is complicated for the West because our maritime industries, while vital to the national economy, defense and security are in law and reality collections of highly competitive private companies with little uniformity or cross communication in dispatch and traffic management. Out on the U.S. public right of way constituted by our coastal and inland waterways there is coordination of traffic by the U.S.Coast Guard for collision avoidance, congestion reduction and movement safety of hazardous materials cargoes. That public system is vulnerable to cyber attack as well. The offshore oil industry has actually experienced some hacking recently.
In 2009 a hacker was charged in federal district court in California with sabotaging computer systems on offshore producing platforms off of Santa Barbara , California. He hacked into the rig to shore communications net work and disabled leak detection systems for the "gathering platforms" that consolidate production from a field of producing wells and send it ashore via pipeline. Production offshore is particularly vulnerable to attack due to the number of unmanned remotely managed platforms involved and the heavy reliance on cybernetic systems. Drilling and exploration now use computers in positioning, station keeping, well logging , and a dozens of other applications. Part of "station keeping" for semi submersible mobile offshore drilling units is stability, keeping the floating rig level as wind and wave conditions change, drilling fluids are taken on and expended, etc. According to news stories reported by Reuters off of Somalia floating rigs have had lists induced remotely. Also off Somalia one rig's general computer system was so compromised by malware that operations were halted 19 days for repair. In naval terminology we'd call that a "mission kill". Nineteen days of down time represents millions of dollars in economic loss, so we can say that an element of the offshore oil industry has already experienced its first "mission kill".
One source of economic damage in the event of cyber attacks is the uninsured nature of much of the damages. If a terrorist hacker succeeded in disabling a semi submersible's stability system and it resulted in capsize, the owner would probably be covered to the face value of his policy under his "all risk" hull policy (depending on how it is written). But if all the hacker accomplished was a "mission kill" few companies at the moment would have insurance coverage for the expenses of system repairs and replacements, and may not have full coverage for non electronic related damages, or business disruption caused by computer malfunctions from any cause including deliberate attack. The industry is quietly seeking security against this threat. The maritime insurance industry needs to be fully aboard. Providing coverage against cyber attacks and computer induced damages and standards for assessing risk for reasonable premiums is a task for the insurance industry and an opportunity. The maritime insurance industry could be a major deterrent to "mission kill" type attacks if it can be demonstrated that through a combination of industry wide protective measures the attacks are more difficult than they are now , and through intelligent and affordable insurance programs much of the economic damage from a terrorist induced "mission kill" could be mitigated. If they can't cause real economic damage, such attacks for the terrorist could prove a waste of time and resources.
In the case of the United States, the Congress could create a big disincentive for such attacks. Eliminate defense spending from the sequestration equation. Defense spending is only 17% of the federal budget right now. Yet under the sequestration rules 50% of the budget cuts required by sequestration must come out of defense. This is national suicide. Our enemies know that economic disruption attacks can multiply the effects of sequestration, reducing profitability to companies and thus taxes to the U.S. treasury. The resulting adjustments are sprung disproportionately on an ever shrinking defense budget. What an opportunity to reduce U.S. armed forces to something that the terrorist actually believe they could defeat or at least render ineffective. Since the Congress has proven that it periodically can't avoid sequestration the national defense should be pulled from the sequestration sources. There are lots of other places to cut .