Congressman Pushes NTSB to Check Dali's Systems for Cyber Threats
In a hearing of the House Transportation Committee on Thursday, Congressman Brandon Williams (R-NY) pressed the National Transportation Safety Board to tear down and examine every component of the boxship Dali's electrical switchboards for signs of malicious code.
Working with Hyundai, which built the Dali, NTSB's investigators have determined that the ship lost electrical power because two main breakers tripped. Her generators kept running, but were no longer connected to the electrical bus that powers all critical systems. Soon after the crew restored the connection, two other breakers tripped. Without electrical power, the main engine's lube and coolant pumps turned off, and the engine automatically shut down to protect itself from imminent damage. This left Dali without propulsion as she approached - and then hit - Baltimore's Francis Scott Key Bridge. The resulting bridge collapse shut the port of Baltimore for weeks, and the roadway will not be restored for years; it is on track to become the most expensive maritime casualty claim on record.
These important findings rule out many other possible explanations for the casualty, like fuel contamination. However, the investigators still have to figure out why the breakers tripped at such an unlucky moment, and the answer is not immediately clear.
In questioning before the House Transportation Committee, Rep. Williams asked NTSB chair Jennifer Homendy just how deep her team planned to delve into the breaker system, and hinted at possible cybersecurity risks. Maritime cyber experts, the U.S. Coast Guard and the FBI have assessed that the odds of a cyberattack aboard Dali are low, and Homendy said that the investigation has seen no signs to suggest that there was any cyber intrusion. Rep. Williams - a former U.S. Navy nuclear submarine officer - urged Homendy to look deeper.
In a pointed exchange, Williams questioned whether NTSB has the capability to do a thorough component by component analysis of the entire switchboard control system, down to the most basic building blocks of its code. He raised the possibility that a sophisticated threat actor could target small, miniature computer assemblies - embedded systems - that control simple functions within the electrical system.
"There's a lot of concern about embedded systems, embedded into what is called a real-time operating system or inside the control logic or the control elements," he said. "That would require an enormous amount of forensics to evaluate . . . is that kind of investigation underway?"
Homendy said that her investigative team has 400 years of collective experience and will follow the evidence wherever it leads, adding that a cybersecurity threat would be in the jurisdiction of the Department of Justice. She noted that NTSB is required to notify law enforcement if it uncovers a possible crime or a cyberattack. "We will follow the evidence and anything security-wise, if we find anything, we will turn it over [to the FBI] immediately," she said.
The FBI has launched a parallel, court-authorized criminal investigation, and its agents boarded the vessel on April 15 to search it. The U.S. Coast Guard has also opened a Marine Board of Investigation - its most serious form of inquiry - to examine the causes of the casualty.