The investigation into Baltimore’s Francis Scott Key Bridge collapse has only just begun, but we’ve already seen news reports containing an unclassified memo from the Cybersecurity and Infrastructure Security Agency (CISA) and comments from the Department of Homeland Security concerning the cause. Maryland Governor, Wes Moore, said he could confirm that "The crew notified authorities of a power issue," adding that the ship had lost power before smashing into one of the columns supporting the bridge. At this time, there is no evidence that the incident was anything more than a tragic accident, but the involvement of these U.S. government agencies indicates concerns of a cyberattack.
Those concerns are highly warranted. For some time, maritime cybersecurity has been top of mind for regional, national and global policymakers. In February, the Biden administration issued an executive order to bolster and safeguard critical maritime infrastructure across the United States. Other countries and regions are on alert as well. NIS2, the updated Directive from the European Union slated to go into effect later this year, also addresses maritime cybersecurity. The International Maritime Organization’s (IMO) cybersecurity guidelines encourage shipping companies and vessel operators to address cybersecurity risks and implement measures to protect their assets, as do frameworks and guidelines from additional regulatory bodies.