Ravenair - Liverpool Aviation Services’ Post

Comprehensive summary and good updates, worth reading! #redsea #shipping #bestpractice #bmp #security #riskmangement

The context of the investigations and the RCA is key here!

Control system incidents can significantly impact the functionality, reliability, and safety of critical infrastructures, including altering ships’ positions via GPS hacks and enabling unauthorized control of equipment. These incidents highlight the importance of robust cyber security measures. So the Dali Container Incident could’ve easily be in that category

Could the Dali container ship incident have been a control system cyberattack – YES! The impacts from control system incidents are obvious, but their causes are usually less clear, especially when they might be cyber-related. However, control system cyber incidents have impacted the behavior and operation of ships as well as critical infrastructures. GPS hacks have altered ships’ positions and displays. Some Chinese critical infrastructure such as port cranes and large electric transformers have backdoors to take control of equipment. The Dali had multiple control system cyber vulnerabilities and threats including maintenance performed in China, loading containers from Chinese port cranes, use of cyber vulnerable ship equipment, etc. In the case of analyzing the Dali incident, expertise is needed in all facets of ship monitoring and control, logistics, reconstruction, and cyber security (IT and control systems). It is critical that maritime cyber security requirements include control system field devices and be expeditiously reviewed considering the Dali incident. This assessment is not unique to the Dali but can also be used for other ship incidents like the April 8, 2024 case of the APL Qingdao in New York.   https://lnkd.in/gGtXVZEH    

This is an interesting perspective. Maybe for control systems the nindset must change. First check for a cyber incident and then look at other causes.

This just in… The latest on #transportion #security, #cybersecurity, leveraging under-vehicle inspection #tech to detect threats and data-driven video #technology that enhances #medevac helicopters' safety in this latest edition of Security Technology from Security Management magazine. Amtrak Transportation Security Administration (TSA) Schiphol Amsterdam Airport - AMS

Sharing a short piece on USG actions re: PRC-manufactured cranes. This equipment is ubiquitous at US ports (some 80% of market both here and internationally) and poses significant cybersecurity and supply chain risk. The administration’s new measures are sensible, but their successful implementation will require extraordinary industry cooperation and some heroic industrial policy to manufacture this equipment in the USA. https://lnkd.in/eNjbuxaJ

🌊 In the news: Industry feedback on new cyber-security regulations for US flagged vessels is critical of the level of burden, the practicality of implementation, and lack of alignment to existing measures. In late February, the U.S. Coast Guard (USCG) issued a Notice of Proposed Rulemaking (NPRM) regarding cyber security for US flagged vessels. The proposed wording of the new regulatory language is lengthy, building on the USCG observation that: 💬 “The maritime industry is undergoing a significant transformation that involves increased use of cyber-connected systems. While these systems improve commercial vessel and port facility operations, they also bring a new set of challenges affecting design, operations, safety, security, training, and the workforce.” 📰 Dive deeper into the proposed changes and industry concerns on Seatrade Maritime News: https://lnkd.in/eDwbeJ9s #CMAShipping #Maritime #Security #Risk #Cyber

Final edits are coming along for the 4th edition of Practical Aviation Security, my textbook due out later this year. Stay in the know on release dates by adding yourself to the notification list. https://buff.ly/3EOWyTn #airport #security #textbook

Cybersecurity at US ports is a topic I’m happy to see the Federal government is taking more of a leadership role in standard setting. That said, the crane discussion is a distraction. There are 2 issues here and I fully believe in ensuring the supply chain of critical equipment supporting our economy. So, if that involves establishing support in the US (or allied nations) to be able to ensure the US is never in danger of being unable to replace or invest in container cranes, then I am fully supportive. On the other topic of national security threats that Chinese (or any foreign) manufactured cranes pose; A few facts to remember, 1) most of these crane specifications are written by the buyer (US companies with staff that have TWICs), 2)the construction in China usually has oversight from buyer representative engineers that observe and test the systems as they are installed, 3) most of the specifications that I have seen in the US is to place European control systems in the cranes in lieu of the ZPMC system. 4) Remote troubleshooting capabilities and control of the systems are dependent on the permission of the buyer’s team here in the US and these skilled IT professionals are keenly aware of cybersecurity threats and have implemented tools/testing/processes to ensure that their networks are not penetrated by ANYONE (including unexplained network activity from their own equipment), 5) intelligence on useful economic data and container information like origin/destination/origin/contents of containers is available in the public domain through subscriptions. There is no capability for a crane to identify this and there is no need to try and install spyware to access this info. 6) access to any remote troubleshooting activity (similar to Apple or Microsoft's capabilities) is at the permission of the buyer's team, systems and firewalls, 7) most of the US cargo operations are not related to US government/military goods (a crane can’t tell if a container is US govt or full of lumber) and are generally not co-located with the major port complexes (with the exception of Norfolk) and so are not useful locations for spying on US military operations. Short story, no I don’t view foreign made container cranes a national cybersecurity risk (with the proper cybersecurity precautions in place for any purchase of critical equipment) for espionage. I do believe the US should always have availability of critical equipment and have a strategy to ensure that strategy remains in place.