The tragic accident involving the container vessel Dali that struck a road bridge in Baltimore, Maryland, last month, killing six people, has taken a turn into the cyber realm. At a U.S. House Transportation Committee hearing on Thursday, lawmakers grilled federal investigators over the possibility of malicious code contributing to the disaster.
Congressman Brandon Williams (R-NY) was particularly adamant that the National Transportation Safety Board (NTSB) needs to conduct an extremely thorough forensic examination of the Dali's systems for signs of a cyberattack or hacking incident.
"We cannot rule out foul play or malicious interference until every single component from that ship's electrical switchboards and computer networks is torn down and inspected for malicious code," Williams stated. "It's the 21st century—if this was a cyber attack, we have to get to the bottom of it."
The news comes as the Dali just this morning has been freed from its steel bridge trap and is now back in port in Baltimore to undergo further examination and preliminary repairs, before being moved again for more substantial repairs, if possible.
The Dali was outbound from Baltimore on April 28, 2024, when it struck the Francis Scott Key Bridge, a major roadway over the Patapsco River. In addition to the tragic loss of life in vehicles on the bridge, the accident closed a critical transportation corridor for weeks, even months, and resulted in tens of millions in economic losses.
While the NTSB's initial findings pointed to a "mechanical failure" related to the Dali's engines as the likely cause, Congressman Williams expressed concerns that this conclusion may be premature without exhaustive cyber forensics and testing of all shipboard computer systems.
"We're dealing with extraordinarily sophisticated threat actors looking to disrupt maritime operations and supply chains," Williams said. "The stakes are too high to not investigate this from every single angle."
Colonel Cedric Leighton, CNN Military Analyst, U.S. Air Force (Ret.), and Chairman of Cedric Leighton Associates, sees the action by Williams as positive.
"It's heartening to see Congressman Williams focus on the possibility of a cyber attack in this case. We've already had instances of ships being in the crosshairs of malicious cyber actors, so investigators need to make sure they conduct thorough cyber forensics examinations when determining the cause of any major maritime accident," Col. Leighton said. "At the moment, it doesn't seem as if the Dali was the victim of a cyber attack, but we don't know what we don't know, so it's imperative that the investigation into the causes of this incident include a thorough cyber component."
Williams and other lawmakers cited recent incidents like the 2020 cyberattack on a Russian vessel that led to a total system shutdown. They argued that a similar type of cyberattack could potentially precipitate a crash scenario like the one that occurred in Baltimore if the ship's engines failed to respond as intended.
However, some cyber experts noted that major marine vessels like the Dali have significant redundancies and safeguards in place for important systems. They suggested a targeted cyberattack may be unlikely unless launched by an extremely capable nation-state adversary.
Nonetheless, the NTSB committed to undertaking more intensive digital forensics and cyber testing for the Dali investigation in conjunction with partners such as the U.S. Coast Guard. As new technologies emerge, the federal agency acknowledged that thorough cyber evaluations must become standard practice for all major transportation incidents moving forward.
[RELATED: Enhancing Maritime Security: Lessons from the Key Bridge Incident]
A court-authorized criminal investigation has also been launched by the FBI. Agents boarded the vessel on April 15th. The U.S. Coast Guard has also opened a Marine Board of Investigation to examine the causes of the casualty; it is the Coast Guard's highest level of investigative scrutiny.
"The NTSB, Coast Guard, and FBI, as well as state and local investigators, need to be able to call on cyber experts to provide as complete a picture as possible of what caused an accident," Col. Leighton said. "Eventually, forensic cyber investigators will need to be part of every major accident investigation. This becomes critically important given the fact that we know that state-sponsored malicious cyber actors are actively targeting critical supply chains. For example, through the attacks code-named 'Volt Typhoon,' we know that China is actively targeting elements of our critical infrastructure."
"Shipping and other forms of transportation are key components of our critical infrastructure, so it's logical that a ship like the Dali would be a potential target," Col. Leighton added. "And if a ship like the Dali can be made to crash into another major transportation link, like the Key Bridge, then the cyber attacker magnifies the impact of their attack. Both shipping and ground transportation in a key port are impacted. From an attacker's perspective, both the ship and the bridge are perfect targets."
Col. Leighton said, if anything, the incident and others like it highlight the need for increased focus on the possibility of bad actors at play.
"Government agencies at every level need to develop a cadre of cyber forensic investigators," he said. "This will require major investments in training and continual career development for practitioners of this essential skillset. The sooner we realize that we are all fighting a cyber war on multiple fronts, the more secure we will become."
