Abstract
This article sought to raise the awareness of vulnerabilities in the maritime transportation systems sector and to ask those involved in security and emergency management to answer for themselves, “What are your acceptable risks?” In particular, the review alerts security and emergency managers to the Trojan horse risks that expose maritime organizations, including shippers, mariners, and port employees, to dangers from physical, personnel, and cyber security problems and from natural and man-made disasters, which may appear as Trojan horses. The article first discusses maritime threat actors, motives, tactics, and targets. Next, vulnerabilities of the maritime transportation systems sector that could be exploited by those seeking to conduct a Trojan horse attack are examined. Finally, a variety of security measures used to protect the maritime transportation systems sector from Trojan horse attacks are described. Advice to those in security and emergency management for maritime organizations on how to recognize, plan, and mitigate Trojan horse issues is provided.
Similar content being viewed by others
References
Belmont KB (2016) Maritime cybersecurity: Cybercases in the maritime environment. American Association of Port Authorities. http://www.ahcusa.org/uploads/2/1/9/8/21985670/k._belmont__aapa_maritime_cybersecurity_final.pdf. Accessed 5 April 2018
BIMCO (2016) The guidelines on cyber security onboard ships. https://www.marad.dot.gov/wpcontent/uploads/pdf/Guidelines_on_cyber_security_onboard_ships_version_1-1_Feb2016.pdf. Accessed 11 September 2017
Brantingham PL, Brantingham PJ (2004) Environment, routine, and situation: towards a pattern theory of crime. In: Clarke RV, Felson M (eds) Advances in criminological theory, vol 5. Transaction Publishers, New Brunswick, pp 259–294
Cohen SS (2006) Boom boxes: containers and terrorism. In: Haveman JD, Shatz HJ (eds) Protecting the nation’s seaports: balancing security and cost. Public Policy Institute of California, San Francisco, pp 91–128
Cote AE (2008) Fire protection handbook. National Fire Protection Association (NFPA)
DeAngelis T (2009) Understanding terrorism. APA Monitor on Psychology 40(10):60 http://www.apa.org/monitor/2009/11/terrorism.aspx. Accessed 11 September 2017
Fischhoff B, Slovic P, Lichtenstein S, Read S, Combs B (1978) How safe is safe enough? A psychometric study of attitudes towards technological risks and benefits. Policy Sci 9(2):127–152
Fisher BS, Peek-Asa C (2011) Domestic violence and the workplace: do we know too much of nothing? In: Bowie V, Fisher BS, Cooper CL (eds) Workplace violence: issues, trends, strategies. Routledge, London, pp 97–120
Hathaway OA, Crootof R, Levitz P, Nix H, Nowlan A, Perdue W, Spiegel J (2012) The law of cyber-attack. Faculty Scholarship Series, Paper 3852. http://digitalcommons.law.yale.edu/fss_papers/3852. Accessed 7 April 2018
Haveman JD, Shatz HJ (2006) Protecting the nation’s seaports: balancing security and cost. Public Policy Institute of California, San Francisco
Haveman JD, Shatz HJ, Vilchis EA (2005) U.S. port security policy after 9/11: overview and evaluation. Journal of Homeland Security and Emergency Management 2(4):1–24
Haveman JD, Shatz HJ, Vilchis EA (2006) The government response: U.S. port security programs. In: Haveman JD, Shatz HJ (eds) Protecting the nation’s seaports: balancing security and cost. Public Policy Institute of California, San Francisco, pp 185–232
Hoffman B (1998) Inside terrorism. Columbia University Press, NY
Horgan J (2014) The psychology of terrorism. Routledge, London
Islam T, Ryan J (2015) Hazard mitigation in emergency management. Butterworth-Heinemann, Waltham
Kendra JM, Wachtendorf T (2016) American Dunkirk: the waterborne evacuation of Manhattan on 9/11. Temple University Press, Philadelphia
Kraska J (2009) Grasping “the influence of law on sea power”. Naval War College Review 62(3):113–135
Kraska J (2013) International and comparative regulation of private maritime security companies employed in counter-piracy. In Guilfoyle D, E Elgar (eds) Modern high seas piracy. SSRN, pp 20–249
Leamer EE, Thornberg C (2006) Ports, trade, and terrorism: balancing the catastrophic and the chronic. In: Haveman JD, Shatz HJ (eds) Protecting the nation’s seaports: balancing security and cost. Public Policy Institute of California, San Fransciso, pp 31–69
Leonard TJ, Gallo P, Véronneau S (2015) Security challenges in United States sea ports: an overview. J Transp Secur 8:41–49
Lillie N (2004) Global collective bargaining on flag of convenience shipping. Br J Ind Relat 42(1):47–67
Lindell MK, Prater CS, Perry RW, Nicholson WC (2006) Fundamentals of emergency management. Federal Emergency Management Agency. https://training.fema.gov/hiedu/aemrc/booksdownload/fem/. Accessed 11 September 2017
Lloyd’s Register (2016) LashRight: Ship container securing assessment software. http://www.lr.org/en/services/software/lashright.aspx. Accessed 9 September 2017
Maras M-H (2014) Computer forensics: cybercriminals, laws, and evidence, 2nd edn. Jones and Bartlett, Burlington
Maras M-H (2016) Cybercriminology. Oxford University Press, NY
Maritime Transportation Security Act of 2002 46 USC 2101. 116 STAT. 2064. Public Law 107–295 https://www.congress.gov/107/plaws/publ295/PLAW-107publ295.pdf. Accessed 17 April 2018
Martonosi SE, Ortiz DS, Willis JJ (2005) Evaluating the viability of 100 per cent container inspection at America’s ports. In: Richardson HW, Gordon P, Moore JE II (eds) The economic impacts of terrorist attacks. Edward Elgar Publishing, Cheltenham, pp 218–241
McGraw G, Morrisett G. (2000) Attacking malicious code: a report to the Infosec Research Council. http://wwwusers.di.uniroma1.it/~vamd/TSL/maliciouscode.pdf. Accessed 9 September 2017
McNicholas M (2012) Terrorism and commercial transportation: use of ships, cargoes, containers to transport terrorists and materials. In: Uzer FB (ed) Maritime security and defense against terrorism. IOS Press, Amsterdam, pp 51–66
Meade C, Molander RC (2006) Considering the effects of a catastrophic terrorist attack. RAND Center for Terrorism Risk Management Policy, Santa Monica
Medalia J (2005) Terrorist nuclear attacks on seaports: threat and response. CRS Report for Congress. Order Code. RS21293
Miller R (2013) Novec, FM-200 gain acceptance as ‘green’ firefighting alternatives. Professional Mariner. http://www.professionalmariner.com/April-2013/Novec-FM-200-gain-acceptance-as-green-firefighting-alternatives/. Accessed 17 April 2018
Mintzberg H (1987) The strategy concept II: another look at why organizations need strategies. Calif Manag Rev 30(1):25–32
Moghaddam FM (2005) The staircase to terrorism: a psychological exploration. Am Psychol 60(2):161–169
Moghaddam FM, Marsella AJ (2004) Understanding terrorism: psychological roots, consequences, and interventions. American Psychological Association, Washington, DC
Mousavi M, Ghazi I, Omaraee B (2017) Risk assessment in the maritime industry. Engineering, Technology & Applied Science Research 7(1):1377–1381
Nater FP (2010) Workplace violence prevention a training management commitment. https://www.securitymagazine.com/articles/81408-workplace-violence-prevention-a-training- management-commitment-1. Accessed 18 April 2018
National Maritime Center, The (2017) Standards of training, certification, and watchkeeping (STCW). http://www.dco.uscg.mil/Portals/9/NMC/pdfs/stcw/stcw_history_implementation_and_structure.pdf?ver=2017-06-23-095328-760. Accessed 8 September 2017
Nelson ES (2012) Maritime terrorism and piracy: existing and potential threats. Journal of Global Security Studies 3(1):15–28
Nemeth C. P (2017a) Physical security. In: Private security: an introduction to principles and practice. CRS Press, Boca Raton, pp. 231–271
Nemeth CP (2017b) Human resources and personnel. In: Private security: an introduction to principles and practice. CRS Press, Boca Raton, pp. 273–332
Noonan T, Archuleta E (2008) The insider threat to critical infrastructure. National Infra-structure Advisory Council, April 9, 2008. www.dhs.gov/xlibrary/assets/niac/niac_insider_threat_to_critical_infrastructures_study.pdf. Accessed 8 April 2018 4/8/2018)
O’Connell ME, Arimatsu L (2012) Cyber security and international law. International Law Meeting, Chatham House https://www.chathamhouse.org/sites/files/chathamhouse/public/Research/International%20Law/290512summary.pdf. Accessed 7 April 2018
Operational Analysis Division of Homeland Security (2016) Consequences to seaport operations from malicious cyber activity. OMB Control No. 1670–0027. https://homeport.uscg.mil/Lists/Content/Attachments/2203/OCIA_Consequences%20to%20Seaport%20Operations%20from%20Malicious%20Cyber%20Activity.pdf. Accessed 8 April 2018
Ostergaard DJ (2016) Business and security in the age of terrorism: the long-term effects of the September 11th terrorist attacks on seaport governance and control. Doctoral dissertation, University of South Carolina. http://scholarcommons.sc.edu/cgi/viewcontent.cgi?article=4906&context=etd Accessed on 11 September 2017
Pate A, Taylor B, Kubu B. (2008) Protecting America’s ports: Promising practices. A Final Report Submitted by the Police Executive Research Forum to the National Institute of Justice, 29. https://www.ncjrs.gov/pdffiles1/nij/grants/221075.pdf. Accessed 11 September 2017
Robin ML (2012) Clean agents in total flooding applications. International fire protection, pp. 29-32. http://www2.dupont.com/FE/en_US/assets/downloads/pdf/201208_IFP_mag_reprint.pdf. Accessed 17 April 2018
Rose A, Wei D (2013) Estimating the economic consequences of a port shutdown: the special role of resilience. Econ Syst Res 25(2):212–232
Rudd D (2015) Maritime non-state actors: a challenge for the Royal Canadian Navy? J Mil Strateg Stud 16(3):45–62 ISSN: 1488-559X
Sakhuja V (2010) Security threats and challenges to maritime supply chains. Disarmament Forum 59:1–12
Schoen JW (2004) Ships and ports are terrorism’s new frontier. NBC News, June 21, 2004. http://www.nbcnews.com/id/5069435/ns/business-world_business/t/ships-ports-are-terrorisms-new-frontier/#.WEquCLIrKUk. Accessed on 11 September 2017
Shapiro LR, Maras M-H (2018) Women’s radicalization to religious terrorism: an examination of ISIS cases in U.S. Studies in Conflict & Terrorism, Special Issue (in press)
Stahl WM (2011) The uncharted waters of cyberspace: applying the principles of international maritime law to the problem of cybersecurity. Georgia Journal of International and Comprehensive Law 40:247–273
Stowsky J (2006) Harnessing a Trojan horse: aligning security investments with commercial trajectories in cargo container shipping. In: JD Haveman, HJ Shatz, HJ (eds.) Protecting the nation’s seaports: balancing security and cost. Public Policy Institute of California, San Francisco: pp 129–154
Szyliowicz J (2014) The dimensions of maritime security. In: Szyliowicz JS, Celibi O (eds) Global maritime security new horizons. Turkish Naval Forces Printing Office, Istanbul ISBN: 978-975-409-675-0
Transportation Security Administration (TSA) (2014) Transportation Worker Identification Credential (TWIC). https://www.tsa.gov/for-industry/twic. Accessed 11 September 2017
U.S. Customs and Border Protection (2009) Importer security riling and additional carrier requirements. https://www.cbp.gov/sites/default/files/documents/import_sf_carry_3.pdf. Accessed 17 April 2018
U.S. Department of the Interior Bureau of Reclamation/USDIBR (2005) Co2 system operation and maintenance. https://www.usbr.gov/power/data/fist/fist5_12/5-12.pdf. Accessed 9 September 2017
U.S. Environmental Protection Agency (2000) Carbon dioxide as a fire suppressant: Examining the risks. Report EPA 430-R-00-002. https://www.usbr.gov/power/data/fist/fist5_12/5-12.pdf. Accessed 9 September 2017
U.S.C. Title 46: Shipping (2006) Office of the Law Revision Counsel
United Nations (2013) Combating transnational organized crime committed at sea. Vienna, Austria: United Nations Office on Drugs and Crime (UNODC). https://www.unodc.org/documents/organized-crime/GPTOC/Issue_Paper_-_TOC_at_Sea.pdf. Accessed 7 April 2018
United States Coast Guard (2015) Vessel requirement for notices of arrival and departure, and automatic identification system: Final rule. Federal Registry, 80 (20), 5281 https://www.federalregister.gov/documents/2015/01/30/2015-01331/vessel-requirements-for-notices-of-arrival-and-departure-and-automatic-identification-system. Accessed on 11 September 2017
United States Coast Guard (2016) Port state control in the United States. 2016 Annual Report Department of Homeland http://www.dco.uscg.mil/Portals/9/DCO%20Documents/5p/CG-5PC/CG-CVC/CVC2/psc/AnnualReports/annualrpt16.pdf. Accessed on 11 September 2017
Urban T (2018) Maritime security and the convention on the law of the sea. In: Burgess J, Foulkes L, Jones P, Merighi M, Murray S, Whitacre J (eds) Law of the sea: a policy primer. The Fletcher School of Law and Diplomacy, Tufts University, Medford https://sites.tufts.edu/lawofthesea/chapter-six/. Accessed 7 April 2018
Van de Voort M, Willis H, Ortiz D, Martonosi S (2007) Applying risk assessment to secure the containerized supply chain. In: Linkov I, Wenning RJ, Kiker GA (eds) Managing critical infrastructure risks: decision tools and applications for port security. Springer, Dordrecht, pp 79–96
Velotti L, Justice JB (2016) Operationalizing giddens’s recursive model of accountability. Public Performance & Management Review 40(2):310–335
Wei H-L, Lindell MK (2017) Washington households’ expected responses to lahar threat from Mt. Rainier. International Journal of Disaster Risk Reduction 22:77–94
Werse S, Phillips R, Luhta K (2016) Panel discussion: piracy today. SUNY Maritime Security Conference, Bronx, New York
White House, The (2013) Presidential policy directive (PPD-21): critical infrastructure security and resilience. https://obamawhitehouse.archives.gov/the-press-office/2013/02/12/presidential- policy-directive-critical-infrastructure-security-and-resil. Accessed on 10 September 2017
Willis HH (2014) Securing America’s ports, CT-410. RAND Corp, Santa Monica
Willis HH, Ortiz DS (2004) Evaluating the security of the global containerized supply chain, technical report. RAND Corp, Santa Monica
Willis HH, Ortiz DS (2005) Assessing container security: a framework for measuring performance of the global supply chain, research brief. RAND Corp, Santa Monica
Wolf B (2012) Trojan horse training and exercises: Facilitating public and private sector collaboration in port and maritime security. http://eagleamericansecurity.com/resources/TrojanHorse.pdf. Accessed 17 April 2018
World Shipping Council. (2003) Strawman proposals for the collection of mandatory advanced electronic cargo information for commercial vessels destined to and departing from the United States. Comments before the U.S. Customs Service. http://www.worldshipping.org/pdf/wsc_trade_act_strawmen.pdf. Accessed 17 April 2018
Yeo G-T, Pak J-Y, Yang Z (2013) Analysis of dynamic effects on seaports adopting port security policy. Transp Res A 49:285–301
Zalosh RG, Beller D, Till R (1996) Reliability analysis of carbon dioxide fire suppression system for shipboard machinery spaces. Center for Fire Safety Studies, WPI. Prepared for U.S. Coast Guard
Acknowledgements
Part of this paper was presented on November 10, 2016 at the SUNY Maritime College Maritime Security Conference in Panel Discussion: Dealing with Trojan Horses in the Maritime Sector.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Shapiro, L.R., Maras, MH., Velotti, L. et al. Trojan horse risks in the maritime transportation systems sector. J Transp Secur 11, 65–83 (2018). https://doi.org/10.1007/s12198-018-0191-3
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12198-018-0191-3