I was driving home from work the other day when I heard a radio report about hackers taking control (with the driver’s permission) of a car on the highway.
Hackers Remotely Kill a Jeep on the Highway – With Me in It, written by Andy Greenberg in WIRED, an online news publication
This event, and other news reports about cyber systems in cars, demonstrates that “the internet of things” raises some significant safety concerns in transportation. Of course cyber vulnerabilities are not unique to cars. Ships and port facilities face similar risks, and the maritime community employs cyber technologies to perform safety and security critical functions, including navigation, propulsion and cargo control.
Prudent mariners and facility operators should take a serious look at their systems.
The first step is to recognize that, despite some technological complexity, cyber is just another risk factor. This is actually good news. Mariners and facility operators deal with risk on every watch and shift; they just need to make cyber part of that process. For any organization, my advice is to have operators sit down with IT professionals, safety and security specialists and other risk experts to look at what systems they have, what can go wrong and how to buy down that risk. In many cases smart policies, training, engineering solutions and manual backups may be better, more cost effective methods than high tech approaches. For low tech or high tech solutions, make cyber part of your company’s safety and security culture and existing risk management programs.
The Department of Homeland Security and the Coast Guard offer a number of resources to help address cyber risks. These include:
• United States Computer Emergency Readiness Team
• Industrial Control Systems Cyber Emergency Response Team
• Cybersecurity portion of the Coast Guard’s Homeport portal
I’d prefer not to hear about cyber hacking of cars on the highway or ships or port facilities on my next commute, but just to be safe, I rode my bike to work today.
This blog is not a replacement or substitute for the formal posting of regulations and updates or existing processes for receiving formal feedback of the same. Links provided on this blog will direct the reader to official source documents, such as the Federal Register, Homeport and the Code of Federal Regulations. These documents remain the official source for regulatory information published by the Coast Guard.