The impacts of control system incidents are obvious, but their causes are usually less clear, especially when they might be cyber-related. However, control system cyber incidents have impacted the behavior and operation of ships as well as other critical infrastructures. GPS hacks have altered ships’ positions and displays. Some Chinese critical infrastructure such as port cranes and large electric transformers have backdoors to take control of equipment. The Dali had multiple control system cyber vulnerabilities and threats including maintenance performed in China, loading containers from Chinese port cranes, use of cyber-vulnerable ship equipment, etc. In the case of analyzing the Dali incident, expertise is needed in all facets of ship monitoring and control, logistics, reconstruction, and cyber security (IT and control systems). Maritime cyber security requirements must include control system field devices and be expeditiously reviewed considering the Dali incident. This assessment is not unique to the Dali but can also be used for other ship incidents like the April 8, 2024 case of the APL Qingdao in New York.
