Automated Ships - Questions Regarding Security Clearances
There are important questions that arise from the concept of autonomous ships. This is not to say that automation is wrong-headed, evil or negligent – but we need to put those questions out into the wider community so that as we work to realize certain benefits, we do not do so in a way that exposes the industry and the communities it supports at greater risk.
The first aspect is that automation in this context is very closely linked with navigation. Autonomous ships, it is proposed, will be able to sense and respond to conditions within their environments. In short, they will make decisions that are based on programming. This itself is not dissimilar from what happens now. The Master (or delegated officer) on board the vessel receives information from a range of sources, weighs recommendations that are the result of calculations (that can include various kinds of navigation software) and then decides the best option. While the computer is programmed, the Master mariner’s equivalent is that combination of education, training and experience that is tempered by sound judgment and personal suitability.
The crux of the matter is that the person making the decision (infallible or not) is a point that can be described as self contained. When looking at an automated system, however, the system is not self contained, and this leads to questions of whether the level of risk managed in Section 7 of Part A of the ISPS Code has been impacted (control into restricted spaces).
The second aspect of this deals with the shoreside infrastructure that will be necessary to make this work. Who will own this infrastructure? It will likely be some form of government entity given the public safety concerns. This raises another question: will this be declared as critical infrastructure? If so, then there are IT security requirements associated with the background screening of technical support staff that may have privileged or enhanced access to how that infrastructure performs.
The third aspect deals with how various entities may direct a ship. Will it need to communicate with a central office? Will it be able to log into the ship to communicate commands? For example, if the harbor master wants to direct a ship to hold at anchorage, what technical means will be used?
This raises the question whether logical access to the navigation software needs to be considered as equivalent to accessing the navigation bridge. If it is, then software service providers will need to look at various issues such as the establishment of a Trusted Computing Base and various forms of protecting the communication throughout the entire network between endpoints. This also includes the ability to access the software through systems such as patch management, help desks, development sandboxes and similar structures.
If this logical access is the equivalent of being on the navigation bridge and the level of access can influence the performance of the system, then will those positions require background checks as per the various security clearance programs that are put in place around the world. For example, in Canada, the Marine Transportation Security Clearance Program’s purpose is to “reduce the risk of security threat by preventing unlawful interference with the marine transportation system by conducting background checks on marine workers who perform certain duties or who access to certain restricted areas.” This links directly to the requirements for Ship Security under Part A Section 7.2.4 that states the requirement for “monitoring restricted areas to ensure that only authorized persons have access.
In this case, the crux of the issue involves fair treatment within the screening process. If a worker requires a security clearance to work alongside a ship, then would not the individual who has the ability to influence the navigation system (such as patch managers, technicians, coders, etc.) also require such a clearance to ensure that they do not unlawfully interfere with the system? Again, these positions will have an increased influence because the work that they do is no longer a recommendation - it becomes an instruction and part of the navigating decisions. If they do not, does this create an imbalance with respect to other maritime workers that must undergo the security screening process?
Given the nature of the threats currently faced within any industry on the cyber front, it would be proposed that the background check itself could not stand in isolation. There needs to be appropriate supervision of work, quality assurance, network accreditation and controls that can detect and respond to suspect activity that may lead to various safety and security concerns.
While the concept of automation pushes itself forward, like any other ship moving through the water, it creates a wake. In this case, part of this wake is likely to involve questions regarding whether or not the scope of various security screenings and background checks will have to be adjusted given the new kind of operations and its potential impacts.
For the companies, this may lead to an increased burden on their own internal security programs. Employees may find themselves in a position where they find themselves requiring a clearance. Contractors and service providers may find that they need to both meet certain security in contracting management requirements or limit their operations and structures accordingly.
In all cases, these will be delicate discussions that impact on various sensitive issues such as labor relations, human rights and individual privacy - questions that cannot be decided arbitrarily and require, sometimes, a delicate touch.
This article, one of several, is intended to promote thoughtful consideration of future risks. It is not to express anything that should be construed as a government policy or approach, nor is it an offer of legal advice.
Allan McDougall BA BMASc PCIP CMAS CISSP CPP PSP CMSP is the chief learning officer of the IAMSP and an executive vice president of Knowledge Advancement Solutions based in Ottawa, Canada. In addition to his military experience, he has served as a security adviser with Canada’s Coast Guard, Department of Fisheries and Oceans and Canada Border Services Agency. He was also previously a senior inspector with Transport Canada’s Marine Security Operations and has coauthored several works associated with infrastructure protection and emergency preparedness.
The opinions expressed herein are the author's and not necessarily those of The Maritime Executive.