Advertisement

Journal of Transportation Security

, Volume 11, Issue 3–4, pp 65–83 | Cite as

Trojan horse risks in the maritime transportation systems sector

  • Lauren R. Shapiro
  • Marie-Helen Maras
  • Lucia Velotti
  • Susan Pickman
  • Hung-Lung Wei
  • Robert Till
Article

Abstract

This article sought to raise the awareness of vulnerabilities in the maritime transportation systems sector and to ask those involved in security and emergency management to answer for themselves, “What are your acceptable risks?” In particular, the review alerts security and emergency managers to the Trojan horse risks that expose maritime organizations, including shippers, mariners, and port employees, to dangers from physical, personnel, and cyber security problems and from natural and man-made disasters, which may appear as Trojan horses. The article first discusses maritime threat actors, motives, tactics, and targets. Next, vulnerabilities of the maritime transportation systems sector that could be exploited by those seeking to conduct a Trojan horse attack are examined. Finally, a variety of security measures used to protect the maritime transportation systems sector from Trojan horse attacks are described. Advice to those in security and emergency management for maritime organizations on how to recognize, plan, and mitigate Trojan horse issues is provided.

Keywords

Maritime security Transportation security Personnel security Cybersecurity Maritime threat actors Emergency management 

Notes

Acknowledgements

Part of this paper was presented on November 10, 2016 at the SUNY Maritime College Maritime Security Conference in Panel Discussion: Dealing with Trojan Horses in the Maritime Sector.

References

  1. Belmont KB (2016) Maritime cybersecurity: Cybercases in the maritime environment. American Association of Port Authorities. http://www.ahcusa.org/uploads/2/1/9/8/21985670/k._belmont__aapa_maritime_cybersecurity_final.pdf. Accessed 5 April 2018
  2. BIMCO (2016) The guidelines on cyber security onboard ships. https://www.marad.dot.gov/wpcontent/uploads/pdf/Guidelines_on_cyber_security_onboard_ships_version_1-1_Feb2016.pdf. Accessed 11 September 2017
  3. Brantingham PL, Brantingham PJ (2004) Environment, routine, and situation: towards a pattern theory of crime. In: Clarke RV, Felson M (eds) Advances in criminological theory, vol 5. Transaction Publishers, New Brunswick, pp 259–294Google Scholar
  4. Cohen SS (2006) Boom boxes: containers and terrorism. In: Haveman JD, Shatz HJ (eds) Protecting the nation’s seaports: balancing security and cost. Public Policy Institute of California, San Francisco, pp 91–128Google Scholar
  5. Cote AE (2008) Fire protection handbook. National Fire Protection Association (NFPA)Google Scholar
  6. DeAngelis T (2009) Understanding terrorism. APA Monitor on Psychology 40(10):60 http://www.apa.org/monitor/2009/11/terrorism.aspx. Accessed 11 September 2017Google Scholar
  7. Fischhoff B, Slovic P, Lichtenstein S, Read S, Combs B (1978) How safe is safe enough? A psychometric study of attitudes towards technological risks and benefits. Policy Sci 9(2):127–152CrossRefGoogle Scholar
  8. Fisher BS, Peek-Asa C (2011) Domestic violence and the workplace: do we know too much of nothing? In: Bowie V, Fisher BS, Cooper CL (eds) Workplace violence: issues, trends, strategies. Routledge, London, pp 97–120Google Scholar
  9. Hathaway OA, Crootof R, Levitz P, Nix H, Nowlan A, Perdue W, Spiegel J (2012) The law of cyber-attack. Faculty Scholarship Series, Paper 3852. http://digitalcommons.law.yale.edu/fss_papers/3852. Accessed 7 April 2018
  10. Haveman JD, Shatz HJ (2006) Protecting the nation’s seaports: balancing security and cost. Public Policy Institute of California, San FranciscoGoogle Scholar
  11. Haveman JD, Shatz HJ, Vilchis EA (2005) U.S. port security policy after 9/11: overview and evaluation. Journal of Homeland Security and Emergency Management 2(4):1–24CrossRefGoogle Scholar
  12. Haveman JD, Shatz HJ, Vilchis EA (2006) The government response: U.S. port security programs. In: Haveman JD, Shatz HJ (eds) Protecting the nation’s seaports: balancing security and cost. Public Policy Institute of California, San Francisco, pp 185–232Google Scholar
  13. Hoffman B (1998) Inside terrorism. Columbia University Press, NYGoogle Scholar
  14. Horgan J (2014) The psychology of terrorism. Routledge, LondonCrossRefGoogle Scholar
  15. Islam T, Ryan J (2015) Hazard mitigation in emergency management. Butterworth-Heinemann, WalthamGoogle Scholar
  16. Kendra JM, Wachtendorf T (2016) American Dunkirk: the waterborne evacuation of Manhattan on 9/11. Temple University Press, PhiladelphiaGoogle Scholar
  17. Kraska J (2009) Grasping “the influence of law on sea power”. Naval War College Review 62(3):113–135Google Scholar
  18. Kraska J (2013) International and comparative regulation of private maritime security companies employed in counter-piracy. In Guilfoyle D, E Elgar (eds) Modern high seas piracy. SSRN, pp 20–249Google Scholar
  19. Leamer EE, Thornberg C (2006) Ports, trade, and terrorism: balancing the catastrophic and the chronic. In: Haveman JD, Shatz HJ (eds) Protecting the nation’s seaports: balancing security and cost. Public Policy Institute of California, San Fransciso, pp 31–69Google Scholar
  20. Leonard TJ, Gallo P, Véronneau S (2015) Security challenges in United States sea ports: an overview. J Transp Secur 8:41–49CrossRefGoogle Scholar
  21. Lillie N (2004) Global collective bargaining on flag of convenience shipping. Br J Ind Relat 42(1):47–67CrossRefGoogle Scholar
  22. Lindell MK, Prater CS, Perry RW, Nicholson WC (2006) Fundamentals of emergency management. Federal Emergency Management Agency. https://training.fema.gov/hiedu/aemrc/booksdownload/fem/. Accessed 11 September 2017
  23. Lloyd’s Register (2016) LashRight: Ship container securing assessment software. http://www.lr.org/en/services/software/lashright.aspx. Accessed 9 September 2017
  24. Maras M-H (2014) Computer forensics: cybercriminals, laws, and evidence, 2nd edn. Jones and Bartlett, BurlingtonGoogle Scholar
  25. Maras M-H (2016) Cybercriminology. Oxford University Press, NYGoogle Scholar
  26. Maritime Transportation Security Act of 2002 46 USC 2101. 116 STAT. 2064. Public Law 107–295 https://www.congress.gov/107/plaws/publ295/PLAW-107publ295.pdf. Accessed 17 April 2018
  27. Martonosi SE, Ortiz DS, Willis JJ (2005) Evaluating the viability of 100 per cent container inspection at America’s ports. In: Richardson HW, Gordon P, Moore JE II (eds) The economic impacts of terrorist attacks. Edward Elgar Publishing, Cheltenham, pp 218–241Google Scholar
  28. McGraw G, Morrisett G. (2000) Attacking malicious code: a report to the Infosec Research Council. http://wwwusers.di.uniroma1.it/~vamd/TSL/maliciouscode.pdf. Accessed 9 September 2017CrossRefGoogle Scholar
  29. McNicholas M (2012) Terrorism and commercial transportation: use of ships, cargoes, containers to transport terrorists and materials. In: Uzer FB (ed) Maritime security and defense against terrorism. IOS Press, Amsterdam, pp 51–66Google Scholar
  30. Meade C, Molander RC (2006) Considering the effects of a catastrophic terrorist attack. RAND Center for Terrorism Risk Management Policy, Santa MonicaGoogle Scholar
  31. Medalia J (2005) Terrorist nuclear attacks on seaports: threat and response. CRS Report for Congress. Order Code. RS21293Google Scholar
  32. Miller R (2013) Novec, FM-200 gain acceptance as ‘green’ firefighting alternatives. Professional Mariner. http://www.professionalmariner.com/April-2013/Novec-FM-200-gain-acceptance-as-green-firefighting-alternatives/. Accessed 17 April 2018
  33. Mintzberg H (1987) The strategy concept II: another look at why organizations need strategies. Calif Manag Rev 30(1):25–32CrossRefGoogle Scholar
  34. Moghaddam FM (2005) The staircase to terrorism: a psychological exploration. Am Psychol 60(2):161–169CrossRefGoogle Scholar
  35. Moghaddam FM, Marsella AJ (2004) Understanding terrorism: psychological roots, consequences, and interventions. American Psychological Association, Washington, DCCrossRefGoogle Scholar
  36. Mousavi M, Ghazi I, Omaraee B (2017) Risk assessment in the maritime industry. Engineering, Technology & Applied Science Research 7(1):1377–1381Google Scholar
  37. Nater FP (2010) Workplace violence prevention a training management commitment. https://www.securitymagazine.com/articles/81408-workplace-violence-prevention-a-training- management-commitment-1. Accessed 18 April 2018
  38. National Maritime Center, The (2017) Standards of training, certification, and watchkeeping (STCW). http://www.dco.uscg.mil/Portals/9/NMC/pdfs/stcw/stcw_history_implementation_and_structure.pdf?ver=2017-06-23-095328-760. Accessed 8 September 2017
  39. Nelson ES (2012) Maritime terrorism and piracy: existing and potential threats. Journal of Global Security Studies 3(1):15–28Google Scholar
  40. Nemeth C. P (2017a) Physical security. In: Private security: an introduction to principles and practice. CRS Press, Boca Raton, pp. 231–271Google Scholar
  41. Nemeth CP (2017b) Human resources and personnel. In: Private security: an introduction to principles and practice. CRS Press, Boca Raton, pp. 273–332Google Scholar
  42. Noonan T, Archuleta E (2008) The insider threat to critical infrastructure. National Infra-structure Advisory Council, April 9, 2008. www.dhs.gov/xlibrary/assets/niac/niac_insider_threat_to_critical_infrastructures_study.pdf. Accessed 8 April 2018 4/8/2018)
  43. O’Connell ME, Arimatsu L (2012) Cyber security and international law. International Law Meeting, Chatham House https://www.chathamhouse.org/sites/files/chathamhouse/public/Research/International%20Law/290512summary.pdf. Accessed 7 April 2018Google Scholar
  44. Operational Analysis Division of Homeland Security (2016) Consequences to seaport operations from malicious cyber activity. OMB Control No. 1670–0027. https://homeport.uscg.mil/Lists/Content/Attachments/2203/OCIA_Consequences%20to%20Seaport%20Operations%20from%20Malicious%20Cyber%20Activity.pdf. Accessed 8 April 2018
  45. Ostergaard DJ (2016) Business and security in the age of terrorism: the long-term effects of the September 11th terrorist attacks on seaport governance and control. Doctoral dissertation, University of South Carolina. http://scholarcommons.sc.edu/cgi/viewcontent.cgi?article=4906&context=etd Accessed on 11 September 2017
  46. Pate A, Taylor B, Kubu B. (2008) Protecting America’s ports: Promising practices. A Final Report Submitted by the Police Executive Research Forum to the National Institute of Justice, 29. https://www.ncjrs.gov/pdffiles1/nij/grants/221075.pdf. Accessed 11 September 2017
  47. Robin ML (2012) Clean agents in total flooding applications. International fire protection, pp. 29-32. http://www2.dupont.com/FE/en_US/assets/downloads/pdf/201208_IFP_mag_reprint.pdf. Accessed 17 April 2018
  48. Rose A, Wei D (2013) Estimating the economic consequences of a port shutdown: the special role of resilience. Econ Syst Res 25(2):212–232CrossRefGoogle Scholar
  49. Rudd D (2015) Maritime non-state actors: a challenge for the Royal Canadian Navy? J Mil Strateg Stud 16(3):45–62 ISSN: 1488-559XGoogle Scholar
  50. Sakhuja V (2010) Security threats and challenges to maritime supply chains. Disarmament Forum 59:1–12Google Scholar
  51. Schoen JW (2004) Ships and ports are terrorism’s new frontier. NBC News, June 21, 2004. http://www.nbcnews.com/id/5069435/ns/business-world_business/t/ships-ports-are-terrorisms-new-frontier/#.WEquCLIrKUk. Accessed on 11 September 2017
  52. Shapiro LR, Maras M-H (2018) Women’s radicalization to religious terrorism: an examination of ISIS cases in U.S. Studies in Conflict & Terrorism, Special Issue (in press)Google Scholar
  53. Stahl WM (2011) The uncharted waters of cyberspace: applying the principles of international maritime law to the problem of cybersecurity. Georgia Journal of International and Comprehensive Law 40:247–273Google Scholar
  54. Stowsky J (2006) Harnessing a Trojan horse: aligning security investments with commercial trajectories in cargo container shipping. In: JD Haveman, HJ Shatz, HJ (eds.) Protecting the nation’s seaports: balancing security and cost. Public Policy Institute of California, San Francisco: pp 129–154Google Scholar
  55. Szyliowicz J (2014) The dimensions of maritime security. In: Szyliowicz JS, Celibi O (eds) Global maritime security new horizons. Turkish Naval Forces Printing Office, Istanbul ISBN: 978-975-409-675-0Google Scholar
  56. Transportation Security Administration (TSA) (2014) Transportation Worker Identification Credential (TWIC). https://www.tsa.gov/for-industry/twic. Accessed 11 September 2017
  57. U.S. Customs and Border Protection (2009) Importer security riling and additional carrier requirements. https://www.cbp.gov/sites/default/files/documents/import_sf_carry_3.pdf. Accessed 17 April 2018
  58. U.S. Department of the Interior Bureau of Reclamation/USDIBR (2005) Co2 system operation and maintenance. https://www.usbr.gov/power/data/fist/fist5_12/5-12.pdf. Accessed 9 September 2017
  59. U.S. Environmental Protection Agency (2000) Carbon dioxide as a fire suppressant: Examining the risks. Report EPA 430-R-00-002. https://www.usbr.gov/power/data/fist/fist5_12/5-12.pdf. Accessed 9 September 2017
  60. U.S.C. Title 46: Shipping (2006) Office of the Law Revision CounselGoogle Scholar
  61. United Nations (2013) Combating transnational organized crime committed at sea. Vienna, Austria: United Nations Office on Drugs and Crime (UNODC). https://www.unodc.org/documents/organized-crime/GPTOC/Issue_Paper_-_TOC_at_Sea.pdf. Accessed 7 April 2018
  62. United States Coast Guard (2015) Vessel requirement for notices of arrival and departure, and automatic identification system: Final rule. Federal Registry, 80 (20), 5281 https://www.federalregister.gov/documents/2015/01/30/2015-01331/vessel-requirements-for-notices-of-arrival-and-departure-and-automatic-identification-system. Accessed on 11 September 2017
  63. United States Coast Guard (2016) Port state control in the United States. 2016 Annual Report Department of Homeland http://www.dco.uscg.mil/Portals/9/DCO%20Documents/5p/CG-5PC/CG-CVC/CVC2/psc/AnnualReports/annualrpt16.pdf. Accessed on 11 September 2017
  64. Urban T (2018) Maritime security and the convention on the law of the sea. In: Burgess J, Foulkes L, Jones P, Merighi M, Murray S, Whitacre J (eds) Law of the sea: a policy primer. The Fletcher School of Law and Diplomacy, Tufts University, Medford https://sites.tufts.edu/lawofthesea/chapter-six/. Accessed 7 April 2018Google Scholar
  65. Van de Voort M, Willis H, Ortiz D, Martonosi S (2007) Applying risk assessment to secure the containerized supply chain. In: Linkov I, Wenning RJ, Kiker GA (eds) Managing critical infrastructure risks: decision tools and applications for port security. Springer, Dordrecht, pp 79–96CrossRefGoogle Scholar
  66. Velotti L, Justice JB (2016) Operationalizing giddens’s recursive model of accountability. Public Performance & Management Review 40(2):310–335CrossRefGoogle Scholar
  67. Wei H-L, Lindell MK (2017) Washington households’ expected responses to lahar threat from Mt. Rainier. International Journal of Disaster Risk Reduction 22:77–94CrossRefGoogle Scholar
  68. Werse S, Phillips R, Luhta K (2016) Panel discussion: piracy today. SUNY Maritime Security Conference, Bronx, New YorkGoogle Scholar
  69. White House, The (2013) Presidential policy directive (PPD-21): critical infrastructure security and resilience. https://obamawhitehouse.archives.gov/the-press-office/2013/02/12/presidential- policy-directive-critical-infrastructure-security-and-resil. Accessed on 10 September 2017
  70. Willis HH (2014) Securing America’s ports, CT-410. RAND Corp, Santa MonicaGoogle Scholar
  71. Willis HH, Ortiz DS (2004) Evaluating the security of the global containerized supply chain, technical report. RAND Corp, Santa MonicaGoogle Scholar
  72. Willis HH, Ortiz DS (2005) Assessing container security: a framework for measuring performance of the global supply chain, research brief. RAND Corp, Santa MonicaGoogle Scholar
  73. Wolf B (2012) Trojan horse training and exercises: Facilitating public and private sector collaboration in port and maritime security. http://eagleamericansecurity.com/resources/TrojanHorse.pdf. Accessed 17 April 2018
  74. World Shipping Council. (2003) Strawman proposals for the collection of mandatory advanced electronic cargo information for commercial vessels destined to and departing from the United States. Comments before the U.S. Customs Service. http://www.worldshipping.org/pdf/wsc_trade_act_strawmen.pdf. Accessed 17 April 2018
  75. Yeo G-T, Pak J-Y, Yang Z (2013) Analysis of dynamic effects on seaports adopting port security policy. Transp Res A 49:285–301Google Scholar
  76. Zalosh RG, Beller D, Till R (1996) Reliability analysis of carbon dioxide fire suppression system for shipboard machinery spaces. Center for Fire Safety Studies, WPI. Prepared for U.S. Coast GuardGoogle Scholar

Copyright information

© Springer Science+Business Media, LLC, part of Springer Nature 2018

Authors and Affiliations

  • Lauren R. Shapiro
    • 1
  • Marie-Helen Maras
    • 1
  • Lucia Velotti
    • 1
  • Susan Pickman
    • 1
  • Hung-Lung Wei
    • 1
  • Robert Till
    • 1
  1. 1.John Jay College of Criminal JusticeNew YorkUSA

Personalised recommendations