Complex control systems used by ships at sea are subject to the same kinds of accidents and challenges.

“This is where you talk about fleets coming to a stop. Our ships are floating SCADA systems”
– Capt. Mark Hagerott (ret.), Deputy director of cybersecurity for the U.S.N. Academy (1)

Many years ago I had the good fortune to have two good friends who both owned wooden (African Mahogany) sailing boats. One was a late 1950’s 31 ft. Norwegian Knarr (racing boat) and the other was a 28 ft. Durbeck sloop of similar vintage. Spent the weekends during several winters helping them to maintain those boats in dry-dock so we could have a few wonderful weeks sailing on Lake Ontario in the summer. This lake is part of the St. Lawrence Seaway and has freighter traffic passing through relative in the middle of this nearly 60-mile wide Great Lake. One night we chose to do a night run to Canada. We shifted watches at the helm while the others slept. All of us took the US Coast Guard Auxiliary boating course and knew enough about the basics of Colregs or International Regulations for Preventing Collisions at Sea (2). In addition to our running lights, we also put up a radar reflector on the mast to help make us visible to the radars of larger ships. One night we did come close to a freighter that passed us in the middle of the night. We spotted the ship in time a ways off, woke each other up and set the motor in idle just in case we needed to do a quick maneuver. Thankfully, both of our ships passed each other in the night without incident. My thoughts returned to this this experience of some 30 years ago as I read the report on two of the publicized collisions at sea involving US Navy warships (U.S.S. Fitzgerald and U.S.S. McCain) which took place earlier this year. ( 3 )

Author in red sailed ship sailing near a “Tall Ship” on Laker Ontario in 1984 during Rochester Sesquicentenial Celebrartion

It was a great surprise to learn that one of the key causes listed for the collisions: “Failure to follow the International Nautical Rules of the Road “! How could a modern warship full of all kinds of communications and navigational aids manned by professional sailors who surely had more knowledge about sailing on the sea than the one week boating course I took from the Coast Guard have collided with another ship? It turns out that, according to the report, other causes of a human and technical nature contributed to the ships operators losing the view and control of their moving ship on a busy sea-lane. This “loss of view” and “loss of control” sounded familiar and could not help making connections and comparisons with similar incidents involving control systems in industrial facilities on land.

Below are several quotes from the report that caught my eye, which resonated with incidents in other critical infrastructures most associated with the civilian sector:

“Key supervisors in the Combat Information Center failed to comprehend the complexity of the operating environment…”

“The command leadership failed to assess the risks of fatigue and implement mitigation measures to ensure adequate crew rest.”

“Key supervisors and operators accepted difficulties in operating radar equipment due to material faults as routine rather than pursuing solutions to fix them. “

“Loss of situational awareness in response to mistakes in the operation of the ….’s steering and propulsion system..”

“Watchstanders operating the …’s steering and propulsion systems had insufficient proficiency and knowledge of the systems..

[V.B comment: The quotes above sound like something from the report on the BP Texas Refinery explosion of 2005 ] (4)

This unplanned shift caused confusion in the watch team, and inadvertently led to steering control transferring to the Lee Helm Station without the knowledge of the watch team. The CO had only ordered speed control shifted. Because he did not know that steering had been transferred to the Lee Helm, the Helmsman perceived a loss of steering….”

“combination of the wrong rudder direction, and the two shafts working opposite to one another in this fashion caused an un-commanded turn to the left (port) into the heavily congested traffic ..”

“the Commanding Officer and others on the ship’s bridge lost situational awareness “

“ Supervisory watch stations reported that the Automated Identification System (AIS) representation of contacts was cluttered and “useless.”

[The loss of situational awareness that seems to be indicated in the above two quotes is a common theme in the reports on the Bellingham Gasoline (5) and San Bruno Gas pipeline explosions (6).]

“Did not utilize the Automated Identification System. This system provides real time updates of commercial ship positions through use of the Global Positioning System.”

“The Lee Helm station took control of steering in computer assisted mode. The shift in steering locations caused the rudder to move amidships.”

“The Lee Helm did not match the port and starboard throttles that control the speed of the shafts”

“Helm took control of steering at the helm station in Backup Manual mode”

[V.B comment: sounds like what the operators of the regional power grid in Ukraine had to do on December 23, 2015 when they “lost Scada” and had to send technicians out to the substations to manually close the breakers maliciously opened during a cyber-attack]

When the news first appeared about these ship collisions there were some who speculated that there was some malicious intent behind these events which caused severe damage and loss of life. Perhaps a cyber-attack was used to disable or degrade the ship’s navigation systems? (7)

However, according to the evidence presented in the report the likely cause was another “perfect storm” made possible by the intersection of very complex hi-tech systems used to navigate a ship and the limitations of the human operator (s) to comprehend them all.




4. CSB report on 2005 BP Texas City refinery explosion


7. US Warship Collisions Raise Cyberattack Fears, , AFP August 23, 2017

More on the story of the ship collisions can be found here:

NOTE: The views expressed within this blog entry are the authors’ and do not represent the official view of any institution or organization affiliated thereof. Vytautas Butrimas has been working in information technology and security policy for over 30 years. Mr. Butrimas has participated in several NATO cybersecurity exercises, contributed to various international reports and trade journals, published numerous articles and has been a speaker at conferences and trainings on industrial cybersecurity and policy issues. Has also conducted cyber risk studies of the control systems used in industrial operations. He also collaborates with the International Society of Automation (ISA) and is member of ISA 99 Workgroup 13 that is developing Micro Learning Modules on the ISA 62443 Industrial Automation and Control System Security Standard and Workgroup 14 on security profiles for substations.