Another bridge incident requires urgent cybersecurity investigations into maritime incidents

The steel frame of the Francis Scott Key Bridge rests on a container ship after the bridge collapsed in Baltimore, Maryland, on March 26. The bridge collapsed after it was rammed by the Singapore-flagged container ship Dali, causing several vehicles and people to fall into the harbor below. There was no immediate indication that terrorism was the cause, but the disaster is nonetheless a reason to step up cybersecurity efforts. (Photo: Jim Watson/AFP/Getty Images)

Just as the Port of Baltimore was finally being cleared of the rubble following the shipping accident on March 26, in which the container ship Dali rammed the Francis Scott Key Bridge, killing six people, another bridge accident occurred.

On June 5, a container ship lost throttle control while traveling at speed under the Ravenel Bridge in the Port of Charleston, South Carolina. Fortunately, no one was injured and no significant damage was caused, but this near-miss is a reminder of how vulnerable our maritime infrastructure is and how cyber threats are often overlooked.

The frequency and severity of incidents involving critical infrastructure have increased noticeably, raising concerns about the robustness of our defenses and the rigor of our investigation processes.

From power outages and transportation disruptions to water and healthcare disruptions, the stakes have never been higher.

While traditional factors such as aging infrastructure and human error contribute to these incidents, there are growing concerns that malicious cyber activity also plays a significant role.

Given the complexity and interconnectedness of modern infrastructures, the consequences of these incidents are often far-reaching: they affect millions of people and cause billions of euros in economic losses.

When the Dali incident occurred, Baltimore was the 10th city.^th-busiest port in the USA, and Charleston, the 8th.^the- which was the busiest, could also have been closed.

The question is whether these and similar incidents in our nation’s critical infrastructure are mere coincidences or whether there are deeper, more sinister causes behind them, as U.S. government officials suggested in January at a hearing before the House Select Committee on Strategic Competition Between the United States and the Communist Party of China.

For example, the 2021 ransomware attack on the Colonial Pipeline caused significant disruption to fuel supplies in the Eastern United States while highlighting the vulnerability of critical infrastructure to cyber threats.

We must apply lessons learned and thoroughly investigate cyber effects as causes of maritime incidents. In particular, the National Transportation Safety Board’s preliminary report on the Francis Scott Key Bridge collapse made no mention of whether the possibility of a cyber attack was even investigated.

Last week’s near-miss at the Arthur Ravenel Jr. Bridge in Charleston underscores the urgency of addressing these multifaceted threats to our critical infrastructure.

To navigate this complex environment, agencies tasked with investigating maritime incidents, such as the National Transportation Safety Board and the Coast Guard, must have not only the resources, but also the knowledge, authority and willingness to cooperate to conduct thorough and comprehensive investigations.

Then-President Donald Trump’s 2020 National Maritime Security Plan underscores the importance of implementing priority actions in three key categories: risks and standards, information and intelligence sharing, and creating a maritime cybersecurity workforce.

Effective implementation of this plan and President Joe Biden’s Executive Order 14116 to strengthen U.S. ports cybersecurity will ensure that law enforcement agencies have the tools and framework necessary to comprehensively address and mitigate maritime cybersecurity threats.

These investigative agencies need modern forensic tools to quickly detect, analyze and accurately attribute cyber attacks.

In a phone interview, Rob Bair, former National Security Council director for intelligence and cyber policy, said, “When responding to a malicious cyber incident, time is certainly of the essence. Forensic evidence can be overwritten or lost due to routine or unplanned system changes. Other variables include the maturity of the victim’s security posture, the nature of the attack, and the sophistication of the threat actor.”

This underscores the importance of beginning a targeted response to an incident as soon as it is detected and confirmed in order to secure important evidence.

While robust investigation mechanisms are essential, they are only part of the solution. We must also take proactive steps to strengthen our defenses against cyber threats. This requires a multi-pronged approach that includes investments in cybersecurity infrastructure, workforce development, public-private partnerships, legislative action and technological innovation.

Policymakers must enact and enforce strong cybersecurity laws and regulations, including setting minimum standards for the cybersecurity of critical infrastructure and ensuring that there are consequences for non-compliance.

For its part, the Coast Guard is working through the legislative process to establish minimum cybersecurity requirements for U.S.-flagged vessels, facilities on the outer continental shelf, and U.S. facilities subject to the Maritime Transportation Security Act of 2002.

The alarming increase in incidents at sea is a stark reminder of our vulnerability in an increasingly interconnected world. To protect our society, it is essential that the authorities responsible for investigating these incidents are equipped with the necessary tools, powers and staff to detect and combat potential cyber threats.

Protecting our infrastructure requires accountability and transparency, especially in the face of today’s and tomorrow’s cyber threats. Continuing to accept the impact of cyberattacks is not a sustainable strategy. Now is the time to act.