Modern cars are like computers on wheels. From the dashboard displays to the steering wheel and even your car keys, a complex dance of computer parts and mechanical components work together to keep you safe and on the road. Today’s maritime ships are a similar blend of machinery and software. From computers to networks and satellites, the modern ship purrs with an electronic hum, but also includes more mechanical tools like winches, cranes, engines, and bilge pumps. But the very same seamless systems that help ships run smoothly can be compromised. Like cars, ships must be protected against potential hackers and other malicious actors.
Trusted CI, the NSF Cybersecurity Center for Excellence, has been working with operators of research vessels across the United States to defend ships from cyberattacks. They have been supporting ships before construction on "secure by design" approaches as well as cybersecurity in research vessel operations. Research vessels are floating laboratories and instruments for landlocked researchers to gather information about what lies beneath the waves. The U.S. Academic Research Fleet includes 17 vessels, which are built with the finest electronics and observational instrumentation. They depend upon strict safety protocols to keep them safe.
But as Sean Peisert, the director of Trusted CI explains, “There are the experiments and equipment that are brought onboard, many of which also have digital and computing elements in them, making them potentially vulnerable to cybersecurity issues.” The consequences of a successful cyberattack could range from loss of data in a scientific experiment to a ship being dead in the water without propulsion, with the implications ranging from loss of time and funding to dangers of the safety of those on board.
Cybersecurity for a ship isn’t easy. It’s hard enough just keeping a ship running without thinking about computers. Case in point, Trusted CI had plans to join a training cruise in 2024 that was cancelled due to weather conditions. These are the kinds of real-world issues that research vessel operators have to deal with on top of all of the computers and science equipment that makes research vessels so special and distinctive.
In 2023, Trusted CI worked with experts in maritime operational technology at Scripps Institution of Oceanography and Oregon State University to develop “The Operational Technology Procurement Vendor Matrix,” a guide to ensure protection against cyberattacks by a proactive procurement process. Additionally, Trusted CI’s staff has been involved in visiting ships to better understand just how technology operates in real-world conditions. Most recently, Trusted CI's visits have also included observation of ship inspections, which happen at regular intervals by the National Science Foundation, the U.S. Coast Guard, and the U.S. Navy.
What happens during one of these ship inspections? Peisert says that when he visited the Office of Naval Research’s R/V Sally Ride for a National Science Foundation and US Navy / INSURV inspection, they examined the vessel’s in-port and onboard elements. The inspection of the ship involved evaluating its performance while underway, including its engines, navigation equipment, and crew procedures, and verifying that it met Coast Guard requirements for communication and navigation, including a range of traditional and modern systems. A man-overboard drill was also conducted, including communications between the ship and the recovery team.
The inspection wasn’t just limited to computer systems; inspectors also checked the state of the vessel's physical assets. “It may be interesting to know that Coast Guard rules require not just satellite, modern GPS, and digital, topological navigation charts,” Peisert observes, “but that ships must also carry HF radios that can propagate for thousands of miles, as well as paper charts, and even a sextant for determining latitude.” Inspectors even conducted visual inspections of the ship’s overboard handling system (“A-Frame”) to check the metal for potentially corrosive rust.
So far, the Trusted CI team has visited the Office of Naval Research’s R/V Sally Ride and Oregon State University’s Hatfield Marine Science Center in Newport, Oregon, the future home port of the R/V Taani. Team members Mike Simpson and Mikeal Jones were present for the Office of Naval Research’s R/V Thomas G. Thompson inspection in September 2024. The Trusted CI team was also involved at the RVTEC 2024 Meeting hosted by the University of New Hampshire in October 2024.
The Trusted CI team is currently preparing for upcoming collaborations with research vessel teams. Simpson and Jones will be present in October for the National Science Foundation Inspection of the R/V Atlantic Explorer in Bermuda. Another Trusted CI team member, Ishan Abhinit will be involved in the National Science Foundation inspection of the R/V Rachel Carson this November. Finally, Mike Simpson will be involved in the National Science Foundation inspection of the Office of Naval Research’s R/V Armstrong in December 2025.
As for Trusted CI Director Peisert, he plans to join the crew of the R/V Sikulaq, operated by University of Alaska, Fairbanks, in the Spring. While on board, he plans to participate in a cyber-incident drill that will take place during the transit to exercise the crew's skills and procedures in responding to simulated cybersecurity threats while at sea. Peisert says, “Trusted CI looks forward to more of these visits going forward as it continues its ongoing support of the U.S. Academic Research Fleet to ensure that the vessels' cybersecurity programs are as robust as possible for ensuring ship safety and the progress of the ocean science being conducted on the vessels.
Stay tuned for more information about Trusted CI’s maritime activities. Want to check out the activities happening on land this fall? We are hosting a ‘birds of a feather’ session at the NSF Cybersecurity Summit and we will be presenting during Cyber Monday at RVTEC this November.
