Information Security, the MTS of the Future, and the New Convergence

Modern container terminals like Ningbo Beilun (above) are investing heavily in digitalization (Nbfreeh / CC BY SA 4.0)

Published Apr 19, 2022 5:02 PM by Gary C. Kessler

The industrial revolution started in the late-1700s with the introduction of mechanical processes, and the use of water and steam-powered engines in the mass production of goods. What is now called Industry 2.0 began in the early 20th century with the use of electrical energy to run machines and the introduction of the assembly line. Advances in computer and communications technology starting in the 1960s brought on Industry 3.0. Today, cyber-physical systems are the hallmark of Industry 4.0.

Cyber-physical systems (CPS) is an umbrella term that gathers people, computers, and physical devices into an operational, functional system. CPS takes advantage of the parallel development of sophisticated sensors, instrumentation, network protocols, telecommunications technologies, and embedded computers, and combines them to build smart infrastructures and industrial applications. Some common CPS applications include the smart grid; medical monitoring; autonomous vehicles, vessels, and aircraft; process control systems; automated manufacturing; warehouse management systems; robotic systems; and automatic aviation and maritime navigation systems.

CPS and the Internet of Things (IoT) are part of the computer and telecommunications (r)evolution that results from digitization and digitalization. Both of these terms refer to developments in technology that are transforming the maritime transportation system (MTS)—and other critical infrastructures—in momentous ways.

While deceivingly similar, these terms address two different important concepts. Digitization refers to the conversion of an analog process into a digital one, without necessarily altering the process itself. Converting a paper form into an electronic PDF form is a simple example of digitization; it obviously streamlines the data flow but doesn't actually change the process on a larger scale. A more compelling example—one that many of us have lived through in the last 30 to 40 years—comes from telecommunications. Voice, music, images, and video have historically been captured as analog content, and carried or stored on analog communications media (think sine waves and continuous signals). Today, these media forms are carried and stored digitally, as a series of zeroes and ones, on digital communications facilities (think square waves and discrete points). But media, either stored or transmitted in either analog or digital form is fundamentally the same to the human user.

Digitalization, on the other hand, is transformational. Digitalization is a technological leap that supports the integration all forms of information over a single network backbone and, therefore, provides an infrastructure supporting applications and hardware that can manage and synthesize all of that data at once. In today's telecommunications critical infrastructure, we have a network backbone that can integrate voice, radio stations, television stations, streaming video, interactive multi-player games, data transfers, and Internet services on a single network to a single device over a single cable (or other telecommunications channel). In the late-1990s and early-2000s, this was called convergence.

In addition to economic and process efficiencies, the migration to digital communications had another benefit, namely, the ability to collect, store, analyze, and study historical data. Digitalization allowed for the further aggregation of data from multiple inputs, providing huge data sets, aka big data. Raw data is random and haphazard; by assigning meaning and context, data is transformed into information. Advanced algorithms that process and link information further transforms information into knowledge and insight, a process that leads into the era of machine learning (ML) and artificial intelligence (AI).

The acceleration of change in computing and sensor technology, digital processing and communications capabilities, and data analytics continues at a rapid pace. These new and improved capabilities will change all aspects of the maritime industry, from shipping and ports to regulatory requirements and cargo management. This is the intersection of the MTS and Industry 4.0. With these advances, we see all sorts of new opportunities for research and study, including simulation, digital twins, and autonomy. Economic and environmental benefits include a streamlined supply chain, smart ports and smart ships, routing and port operation optimization, greener shipping, and other methods of optimization and sustainability. Most importantly, we see an additional agility and resilience within the entirety of the MTS, and the ability to plan proactively instead of reactively.

Of course, this incredible reliance on information makes the urgency of securing that information ever more an existential imperative. Move past whatever you think the term cybersecurity means, and focus on the confidentiality-integrity-availability (CIA) triad and Parkerian Hexad characteristics of information:

Confidentiality: Protecting information from unauthorized access or disclosure; keeping secrets safe.

Integrity: Information being free from inadvertent or deliberate manipulation.

Availability: Information being accessible when needed.

Possession: Custody of data by the authorized user.

Authenticity (aka authentication): The ability to prove the identity of the sender or owner of information, and that the information is real.

Utility: The usefulness of data to the user (e.g., there is no utility in possessing encrypted data without a decryption key or receiving a message to do something after the date when the action is required).

Without ensuring that the information on which we base our decisions is fully intact, we stand to lose much more than we can possibly gain by having the information in the first place.

Gary C. Kessler, Ph.D., CISSP, is a retired professor of cybersecurity, principal consultant at Fathom5, and Non-Resident Senior Fellow at the Atlantic Council. This editorial includes an excerpt from Maritime Cybersecurity: A Guide for Leaders and Managers, 2nd. ed., by Gary and Steven D. Shepard (2022). He can be reached at [email protected].

Top image: Ningbo's Beilun terminal complex (Nbfreeh / CC BY SA 4.0)

The opinions expressed herein are the author's and not necessarily those of The Maritime Executive.