Wednesday, March 27, 2024

Concerns that Baltimore incident was a cyberattack

Less than a day after a huge cargo vessel crashed into the Francis Scott Bridge in Baltimore, severing a major artery and putting one of America's most important ports out of action, some have suggested the incident was the result of a deliberate cyber attack. Six people, who were working on the bridge at the time of the incident, have been declared missing presumed dead. Two others were rescued, one of them in serious condition and who is being treated in hospital.

But focus has now shifted to recovery and determining the cause of the crash.

Authorities have dismissed the notion of the incident being a terrorist attack, though the investigation only began late in the day on Tuesday 26th March, hours after the vessel had struck the bridge bringing the entire structure into the water.

Power issues

Video from a web streaming camera showed that prior to the impact, the cargo vessel appeared to lose and regain power several times. Thick smoke was also seen to issue from a funnel just moments before the ship hit the bridge.  

Twenty two crew, all said to be Indian nationals, according to WION, were on board at the time, though it is not known how many would have been active at the time given it was making sail soon after midnight.

Cyberattack theories

While it is of course possible that the crash was merely a catastrophic accident, it could have also been a deliberate cyber attack.

Mitags, a website focused on maritime risk management raises a number of key risks concerning cargo vessels. One particular aspect, key to this incident, concerns "Propulsion, Machinery & Power Control Systems" which could be vulnerable to cyber attacks. "Since electronic programs control the physical actions of the ship, they can fall victim to a cyber attack and threaten ship control," the website claims.

"Cybersecurity has never been more critical to the marine sector. We depend on electronics for everything from vessel navigation to maintenance, and their proper function is essential to protect crew and vessel safety."

"As maritime technology advances, electronic OT — Operational Technology — systems that physically control the ship are being integrated with IT — Information Technology — systems. As vessels update their systems to more advanced, electronically controlled components, they'll need to increase their vigilance because IT systems can be attacked and controlled by outside parties."

This does not prove that the Baltimore incident was a cyber attack. But it does at least suggest it as a possibility.

Online conspiracies

Journalist Laura Logan is adamant that the crash was a direct result of a cyberattack. "I don't believe in coincidences," she says, while pointing to the facts that - deliberate or not - the incident has severed a major route for hazardous materials, eg petroleum, chemicals etc., and will cause major disruption for months. The I-695, that was cut when the bridge collapsed, is an auxiliary route of the I-95, a conduit running some 3,096 km along the eastern seaboard.

The closure, which could run into many months, if not years, will seriously affect the estimated 35,000 vehicles that traversed the bridge every day. Commercial vehicles carrying materials that are prohibited in the tunnel crossings, including recreation vehicles carrying propane, will now have to plan on using the I-695 (Baltimore Beltway) between Essex and Glen Burnie. This will add significant driving time [CBS]. There will also be significant disruption to shipping as other ports are forced to take up the slack.

There are around six cargo vessels that are stuck in the Baltimore harbour, as well as a number of navy ships and dozens of smaller vessels. But the knock on effect of the tragedy that occurred on the 26th March could be disruptive and costly.

Such issues were raised by Logan in a discussion with Steve Bannon on America's Voice  a right-wing to far-right streaming, cable and satellite television channel [Wikipedia].

Logan is seen as controversial for her backing a number of conspiracy theories, and Bannon too has been much criticised for his right wing political leaning. Well known conspiracy theorist Alex Jones has also speculated the ship was struck by a cyber attack.

And such theories have flooded the Internet concerning the collision [Newsweek].

While the White House has dismissed such theories, a cyberattack should not be immediately dismissed even if it is mostly being promoted by well known conspiracy theorists.

Past cyber attacks

Cyber attacks against shipping have occurred before. In fact the US military were last month reported to have launched a cyber attack on an Iranian ship according to NBC [YouTube].

The report claims an Iranian military ship that had been collecting intelligence on cargo vessels in the Red Sea and the Gulf of Aden, was targeted.

And according to Cydome, an Israeli startup which develops maritime cybersecurity solutions, cyber attacks have been targeted at a number of ships over the last few months [Cydome].

In fact according to Cydome maritime cyber attacks are on the rise with one said to occur every three days on average.

Previous reports have also highlighted the risk. While most cyber attacks have tended to be ransomware demands some are far more worrisome.

Ships at sea are susceptible to cyberattacks. Modern navigation relies on positioning systems, which has led to fears of jamming or altering location coordinates. An activity called spoofing refers to sending false data to navigation systems. In 2013, a test verified the possibility of spoofing a cruise ship's navigation system [Psiaki M. L. and Humphreys T. E. (2016) Protecting 'PS From Spoofers Is Critical to the Future of Navigation]. Two alleged but unconfirmed incidents, both involving a large number of vessels, have occurred; in 2016 near South Korea, and in June 2017 in the Black Sea.

In two other incidents, serious hacker involvement is suspected. In 2010, an oil rig on a voyage from Korea to South America suffered a delay of 19 days due to a system shutdown off the coast of Africa [Kaspersky Lab (2015) Maritime industry is easy meat for cyber criminals / Reuters].

And in February 2017, a German containership reportedly lost control of its navigation systems for 10 hours while sailing from Cyprus to Djibouti [KIISKI - PDF].

Spoofing & hacking

A spoofer's ability to overtake aeroplanes or ships to induce a crash might be something akin to a James Bond plot - see for example Tomorrow New Dies - but it is fast becoming a reality [Spectrum].

The Baltimore incident comes within days of reports that the Chinese have launched a series of serious hacking attacks against both the US and UK, something China denies [Guardian / BBC]..

But the coincidence of timing may not be lost on some.


It has been reported that the 'black box' has been recovered from the Singaporean registered Dali cargo vessel.

It may be that the official explanation will be something mundane as a technical fault. But this will not likely silence the theories circulating online [Daily Mail].

Whatever the cause, it will take some time to clear the channel. The salvage might take several weeks. But as for replacing the bridge, that could take years. The original bridge took five years to construct in the early 1970s.

Accident or attack, the effects of the incident will last for some time to come.

tvnewswatch, London, UK

No comments: