Professional Documents
Culture Documents
VA Greiman
Boston University
Boston, Massachusetts, United States
Email: ggreiman@bu.edu
Abstract: New technologies are creating a massive concern for the shipping industry as cyberat-
tacks on board ships and in ports continue to rise. More than 90% of world trade is carried by the
shipping industry; and, as of 2018, there are more than 53,000 merchant ships sailing the cyber
seas. At the same time, these systems are very vulnerable to cyberattacks. Through empirical
research, this paper explores the global maritime cybersecurity legal landscape and advances
recommendations for policy and legal frameworks essential to ensure safety and security on the
cyber sea.
Introduction
Both the British government’s recent call for serious consequences after Iran’s seizure of a British
Tanker in the Gulf and the United States’ call for a multilateral coalition in the Hormuz Strait have
heightened continuing concerns about the safety of the world’s waters (Kirkpatrick & Castle 2019).
As highlighted in the United States’ National Plan for Maritime Domain Awareness, there are few
areas of greater strategic importance than the maritime domain (White House 2005b). Covering
more than 70% of the surface of the planet, the oceans are global pathways that sustain the United
States’ national prosperity and are vital to its national security. Distinct from other domains (such
as land, air, and space), the maritime domain provides an expansive pathway through the global
commons (White House 2005b). A maritime strategy is essential for global security (for example,
economic, physical, and social) as the maritime industry is roughly 20 years behind equivalent
sectors in terms of cybersecurity (Belmont 2016). Chertoff (2008) has highlighted that not only
governments are responsible for cybersecurity issues; individuals, organizations, and institutions
are also responsible in the way they use the Internet and operate systems based on information and
communication technology.
President Trump, in the implementation of his National Cyber Strategy, underscores the impor-
tance of improving the maritime cybersecurity domain (White House 2018). Priority actions under
the national maritime strategy include (1) clarification of the maritime cybersecurity roles and re-
sponsibilities; (2) promotion of enhanced mechanisms and standards for international coordination
and information sharing; and (3) acceleration of the development of next-generation cyber-resil-
ient maritime infrastructure (p. 10).
The United Nations Conference on Trade and Development (UNCTAD) describes the vast net-
work of the maritime industry as consisting of cargo ships, crude oil tanks, chemical tankers, con-
tainer ships, passenger ships, insurance companies, offshore and onshore operators, port operators,
national and international authorities, and military forces that must work together to monitor po-
tential threats, to prevent maritime cyberattacks, and to manage the impacts of attacks when they
occur (UNCTAD 2018).
Technological advances in the shipping industry, such as autonomous ships, drones, robotics, var-
ious blockchain applications, and deep level machine learning, hold considerable promise for the
supply side of shipping. However, there is still uncertainty within the maritime industry regarding
possible safety, security, and cybersecurity incidents, as well as concern about the diminishing
role of seafarers, mostly from the developing world (UNCTAD 2018). The Strategic Plan for the
International Maritime Organization (IMO) adopted in December 2017 recognizes the need to in-
tegrate new and emerging technologies into the regulatory framework for shipping (IMO 2017a).
The evolution of the Belt and Road Initiative in the South China Sea also bears major implications
for the shipping and maritime trade, as does the European Union General Data Protection Reg-
ulations (GDPR 2016), which governs cybersecurity and privacy rights in the European Union.
According to the UK Government, the shipping industry expects widespread adoption of auton-
omous container vessels over the next few years (Lloyd’s 2017). The first such vessel, the Yara
Birkeland, operated by Norway-based chemical producer Yara International ASA, is scheduled to
operate autonomously in 2020. There is also an increasing demand for cutting-edge technology for
unmanned boats and submarines, part of a growing £100 billion global industry (World Maritime
News 2018). This paper explores the existing maritime strategies, policies, standards, laws, and
regulations to ensure maritime security and seeks to identify those areas in which the law has failed
to meet the demands of a new order advancing in cyberspace.
Maritime security law has been developing for centuries, but it is still ineffective in terms of the
difficult terrains and the impact of cyberattacks on the high seas. There is minimal cooperation
between nations to combat piracy, and each country is responsible for enforcing the law in its ter-
ritorial waters. Pirates have a good understanding of their operational environment. They usually
elude maritime officials by crossing national sea boundaries and exploiting vulnerabilities due to
lack of information sharing and international cooperation. In dealing with maritime sovereignty,
the Malaysian Maritime Enforcement Center stated: ‘“[u]nder no circumstances would we intrude
into each other’s territory. If we chase a ship and it runs into the other side, we let the authorities
there handle it’” (qtd. in Valencia 2003). As a result of such policies, penalizing maritime criminals
is quite difficult. It requires arrest authority unlimited by national boundaries and the willingness
of authorities to enforce law in the maritime domain (Eski 2011).
According to Gilmore and Black (1975), “The fifteenth century, when global voyages started and
Venice became a maritime power, gave rise to what is known as the Law Merchant, and it is to that
law that the roots of modern shipping law can be traced back”. Since then, the law has continued
developing on local levels; in fact, there were no international conventions to cover that area of
law until the early twentieth century when international conventions were introduced to cover dif-
ferent aspects of marine activities; these include the Unification of Certain Rules of Law relating
to Bills of Lading, Brussels, 1924 [The Hague Rules] and its Visby amendment of 1968, as well as
the Safety of Life at Sea Convention [SOLAS] adopted in 1974. Also, International Organizations
concerned with the maritime industry, such as the International Maritime Organization (IMO), the
Committee Maritime International (CMI), and the United Nations Commission on International
Trade Law (UNCITRAL), now do their best to ensure that the laws governing the maritime indus-
try are kept up to date with the needs of the industry (UN 2018).
After September 11, 2001, a new law was enacted, The Maritime Transportation Security Act
(MTSA) of 2002. The Act creates a consistent security protocol for all the nations’ ports to better
identify and deter threats, but it does not address new technologies specific to cyber threats in the
maritime industry. Other countries and the EU have implemented similar laws and regulations on
enhancing ship and port-facility security.
The lack of a legal framework addressing the problems of maritime security is expected to become
more acute as the maritime sector continues to explore artificial intelligence, automation, and other
emerging technologies, with the goal of deploying vessels that can roam the world’s oceans with-
out human crews (Rundle 2019).
In June 2017, the world’s largest container shipping business (A.P. Moller Maersk) was the victim
of a cyberattack caused by the NotPetya ransomware, which forced it to halt operations at 76 port
terminals around the world, costing a reported $200-300 million (Greenberg 2018; HM Govern-
ment 2019). Zero-day ransomware WannaCry has caused world-wide catastrophe, from knocking
U.K. National Health Service hospitals offline to shutting down a Honda Motor Company in Japan
(Chen & Bridges 2017). The WannaCry Ransomware Attack, Equifax, and NotPetya provide valu-
able lessons that the maritime industry should begin to focus on in preparation for potential threats
and cyberattacks (Srinivasan, Pitcher & Goldberg 2019).
To address these global attacks, in 2017, the IMO amended two of its general security management
codes to explicitly include cybersecurity. The International Ship and Port Facility Security Code
(ISPS) and International Security Management Code (ISM) detail how port and ship operators
should conduct risk-management processes. Importantly, this is the start of a more holistic ap-
proach to maritime cybersecurity regulation. The IMO also enacted Guidelines on Maritime Cyber
Risk Management in 2017 that called for the development of guidelines that included national and
international standards, best practices, and the implementation of risk-control processes and mea-
sures as well as contingency planning (IMO 2017b).
industries including telecommunications, energy, oil and gas, and transportation, by 2018 the glob-
al implementation of robust maritime cybersecurity policy was essentially non-existent (Tam &
Jones 2018). Moreover, the key findings of a 2011 study on maritime cybersecurity by the Europe-
an Network and Information Security Agency (ENISA) include (1) a low awareness and focus on
maritime cybersecurity (p. 9); (2) complexity of the maritime ICT environment (p. 10); (3) frag-
mented maritime governance context (p. 12); and (4) the absence of mechanisms in the member
states to consistently identify and/or to report cybersecurity incidents specific within the maritime
sector (p.13). As a direct consequence, the effects of a potential cyberattack targeting maritime
information and communication technology (ICT) systems could bring even more harm than in
other sectors due to the probable poor coordination of the response and due to efficiency issues.
Until relatively recently, the phrase ‘maritime cyber security’ was not recognized globally. Ac-
cording to ENISA, at present there is no common definition of ‘cybersecurity’ shared among the
various nations at the EU or at international levels. Not all nation states approach the establishment
of a national cyber strategy in the same way, and whether the disruption of a nation’s critical infra-
structure is state directed is not always clear. The growing number and intensity of cyberattacks in
the maritime realm require a closer look at national cybersecurity strategies and policies that focus
on the risks of cyberattacks at sea and in the numerous seaports across the globe. Contrasting the
maritime security strategies, frameworks, and policies of countries selected for this study reveals
a wide variety of approaches to maritime strategic planning for cybersecurity. Table 1, below,
references the priorities for maritime security established by each of the selected countries and
organizations.
egy, places high priority on security of its water and its ships and national coordination (Denmark
2019), while Spain focuses on public-private partnerships to enhance its domestic programs (Spain
2013). On the international level, Spain has entered into cooperative maritime agreements with
other countries, including the engagement of the Angolan and Spanish navies to deepen cooper-
ation; to ensure the patrol of the coasts of Guinean Gulf; and to combat piracy, illegal trade, and
smuggling, among other crimes.
In its 2017 assessment of the EU 2013 Cybersecurity Strategy, the European Commission (EC)
found that information exchange between private stakeholders and between public and private
sectors were “not yet optimal” due to a “lack of trusted reporting mechanisms and incentives to
share” (EC 2017). A challenge for the EC is encouraging candidate countries to adopt the same
standards as member states, for example, in such areas as cyber-related legislation or the protection
of critical infrastructure.
Since 2013, the threat landscape has rapidly evolved; so, by 2017, the cybersecurity context in
which the 2013 strategy had been created was substantially different. The “Internet of Things rev-
olution” has become a fact with fifty billion new devices expected to be connected to the Internet
by 2020 (Evans 2011).
By 2019 a substantial change was needed in the EU. Thus, the Cybersecurity Act (Regulation (EU)
2019/881 17 April 2019) was published in the Official Journal of the EU on 7 June 2019 and en-
tered into force on 27 June 2019. The Cybersecurity Act has two main objectives: (i) strengthening
the mandate of the EU cybersecurity watchdog, ENISA, to support EU Member States with tack-
ling cybersecurity threats and attacks; and (ii) establishing an EU-wide cybersecurity certification
framework (“Framework”) in which ENISA will play a key role.
In November 2019, in accordance with the Cybersecurity Act, ENISA (in collaboration with sev-
eral EU ports) issued a report for CIOs and CISOs of entities involved in the port ecosystem. The
report lists the main threats posing risks to the ports and describes key cyber-attack scenarios that
could impact them (ENISA 2019). This approach allowed the identification of security measures
that ports shall put in place to better protect themselves from cyberattack.
egy for Maritime Security, to better integrate and synchronize the existing department-level strate-
gies and to ensure their effective and efficient implementation (White House 2005a).The Maritime
Commerce Security Plan is one of eight plans developed in support of the National Strategy for
Maritime Security. In addition to drawing on the expertise of federal agencies, this plan also re-
flects the insight and concerns of public and private stakeholders. In August of 2015, the Depart-
ment of Defense (DoD) published its Asia-Pacific Maritime Security Strategy, which has generat-
ed attention both among U.S. allies and partners in the region, as well as on Capitol Hill.
Local law enforcement, the United States Coast Guard, and the United States Navy all have a role
in providing maritime security in waters subject to U.S. jurisdiction (USCG 2009). Other members
of the joint force contribute to the national effort, especially air, space, and cyberspace assets. At
the intelligence level, a whole-of-government approach has been adopted (White House 2005c).
The National Maritime Intelligence-Integration Office (NMIO) serves as the principal advisor to
the Director of National Intelligence (DNI) on maritime issues and is the unified maritime voice
of the United States Intelligence Community. In December 2016, NMIO was formally designated
the National Intelligence Manager (NIM) for Maritime by the DNI. NMIO collaborates with the
Global Maritime Community of Interest (GMCOI) consisting of federal, state, territorial, tribal,
industry, and academia to provide ‘whole-of-government’ solutions to maritime information shar-
ing challenges.
Recommendations
The recommendations below are based on an analysis of the literature, government reports, coun-
try strategies, maritime laws, and regulatory regimes, as well as semi-structured interviews with
key experts in the industry. The purpose of these recommendations is twofold: first, to open the
discussion on the various gaps in the law and regulation of maritime security and, secondly, to
determine the next steps for policy makers and governments to consider while formulating new
strategies, standards, and practices that will lead to improved policy and thus more developed
maritime cyber legal systems.
fast-evolving and disruptive technological environment. Accountability for property damage and
personal injury lies within a complex system of maritime law. Recently, the U.S. government
and the maritime industry have made good progress towards addressing cybersecurity issues in
the maritime domain; however, the next steps include the development of laws and regulations
that focus specifically on the unique attributes of cybersecurity on vessels and within maritime
facilities. The National Institute of Standards and Technology (NIST) Framework (2017) and the
Baltic International and Maritime Council (BIMCO) (2016) guidelines are good starting points,
but do not go far enough to ensure actual compliance, as they are voluntary regimens that require a
commitment from the numerous companies and ship owners operating in the maritime domain. To
enhance cybersecurity, the requirements promulgated under the Maritime Transportation Security
Act (MTSA) should include cyber risk management criteria, planned response to cyber-attacks,
and mandated education programs and testing. If the MTSA cannot be amended to mandate cyber-
security protocols, then new legislation should be created to specifically require implementation of
cybersecurity programs that address cybersecurity incidents, response, and accountability.
Whole-of-government approach
Maritime security is best achieved by blending public and private maritime security activities on
a global scale into an integrated effort that addresses all maritime threats. In the U.S., the Nation-
al Strategy for Maritime Security aligns all federal government maritime security programs and
initiatives into a comprehensive and cohesive national effort involving appropriate federal, state,
local, and private sector entities. While the plans address different aspects of maritime security,
they are mutually linked and reinforce each other (White House 2005a). One of the most import-
ant of the plans is the Global Maritime Intelligence Integration Plan (White House 2005c) which
rests upon the development of a collaborative interagency and international maritime intelligence
enterprise that supports the intelligence and information needs of the Global Maritime Community
of Interest (GMCOI). Though efforts to provide a ‘whole-of-government approach’ have advanced
over the past decade, there remains an absence of a cohesive whole in practice with greater in-
volvement needed on the part of the private sector, the owner and operator of most of the world’s
technology, to provide a more integrated approach directly with the maritime industry.
Multi-stakeholder approach
There has been a call to action both within the United States and the European Union for a more
comprehensive, robust approach to maritime cybersecurity—a holistic approach that requires more
integration of policies, strategies, and standards at the highest levels of government. This involves
enhanced information sharing, collaboration, and mutual assistance at the international level, and
development of stronger public-private partnerships among government, the military, industry,
and the cyber community. Doing this, however, will require developing consensus on changes that
are needed in the maritime industry to combat the rising threat of cyberattacks and potential cata-
strophic loss. The 9/11 Commission in the United States is one example of a high priority approach
that ultimately resulted in the implementation of the federal government’s National Strategy for
Maritime Security (White House 2005a) and its National Plan for Maritime Domain Awareness
(White House 2005b). A multi-stakeholder-influenced governance or advisory board would afford
the opportunity to more smoothly make fundamental turns in the future in defining its goals and
priorities. Thus, several problems could be avoided, including the self-defeating morass of long
term large public initiatives that fail to address the unique dangers lurking in the maritime industry
involving control over a country’s waters, potential attacks on the navigation ability of a country’s
military, and the development of control systems to make sure that preventative measures are be-
ing used by the maritime industry at large.
The importance of instant and efficient feedback regarding cyberattacks is evident in the litera-
ture, government reports, and discussions within the maritime industry in general. Such feedback
is necessary to reduce the risk of repeat attacks by ensuring that lessons are immediately learned
and that preventative practices are adopted by all within the industry. The speed of response will
increase with improved data and communications, supported by a wide zone of networked auton-
omous systems and sensors (Lloyd’s Register 2015). Education, training, and feedback are critical
to address these technological advances and the required evolution of process. These can begin to
improve the current state of cyber readiness and help the maritime community (and those that sup-
port the maritime industry) achieve a better understanding of the scope and scale of cyber-related
incidents in their sector. Education, training, and feedback can also contribute to improving the
ability to detect, protect, prevent, prosecute, and recover from incidents.
Conclusion
This paper has reviewed the evolution of maritime law and its application to the changing environ-
ment of the cyber sea to find useful frameworks for governments in developing national strategies
and policies for maritime cybersecurity. As the emphases on maritime cyber strategies at the na-
tional level continues to grow, there remains an urgent need for transformation in government and
industry approaches from a historical focus on shippers’ liability in maritime law to a more holistic
approach that incorporates the entire multi-stakeholder community. A major rethinking of the mar-
itime domain is essential to avoid these new threats to the world’s ports, facilities, and vessels and
to foster greater multilateral cooperation and smoother sailing conditions in the cyber sea.
References
Belmont, KB 2016, Maritime cybersecurity: Cyber cases in the maritime environment, American
Association of Port Authorities (AAPA), 21 July, viewed 9 July 2020, <http://aapa.files.cmsplus.
com/SeminarPresentations/2016Seminars/2016SecurityIT/K.%20Belm ont%20-%20AAPA%20
Maritime%20Cybersecurity%20FINAL.pdf>.
Baltic and International Maritime Council (BIMCO) 2016, Guidelines on cyber security onboard
ships, Version 2.0, International Chamber of Shipping, BIMCO, CLIA, ICS, INTERCARGO, IN-
TERTANKO, OCIMF, and IUMI, Bagsvaerd, DK.
Chen, Q & Bridges, RA 2017, ‘Automated behavioral analysis of malware: A case study of Wanna-
Cry Ransomware’, Proceedings of the 16th IEEE International Conference on Machine Learning
and Applications, pp. 454-60.
Chertoff, M 2008, ‘The cybersecurity challenge’, Regulation & Governance, vol. 2, no. 4, pp.
480-4.
Denmark 2019, Danish Cyber and Information Security Strategy 2019-2022; Danish Maritime
Cyber Security Unit.
Eski, Y 2011, ‘Port of call: Towards a criminology of port security ‘, Criminology & Criminal
Justice, vol. 11, no. 5, pp. 415-31.
European Court of Auditors (ECA) 2019, Challenges to effective EU cyber security policy, Brief-
ing Paper, European Union, LU.
European Network and Information Security Agency (ENISA) 2011, Analysis of cyber security
aspects in the maritime sector, European Union Agency for Cybersecurity, Athens, GR.
ENISA 2019, Port cybersecurity in the maritime sector, European Union Agency for Cybersecu-
rity, 24 November, Athens, Greece.
European Union (EU) 2008, Agreement on maritime transport between the European community
and its Member States, of the one part, and the government of the People’s Republic of China, of
the other part, 21 February.
European Union 2016, General Data Protection Regulation (GDPR), Regulation (EU) 2016/679
of the European Parliament and of the Council of 27 April 2016 on the protection of natural per-
sons with regard to the processing of personal data and on the free movement of such data, and
repealing Directive 95/46/EC, OJ 2016 L 119/1.
European Union National Information Security (NIS) 2016, Directive 2016/1148 of the European
Parliament and of the Council of 6 July 2016 concerning measures for a high common level of
security of network and information systems across the Union, OJ L 194, 19.7.2016, pp.1-30.
European Union 2019, Cybersecurity Act Regulation (EU) 2019/881 of the European Parliament
and of the Council of 17 April 2019 on ENISA (the European Union Agency for Cybersecuri-
ty) and on information and communications technology cybersecurity certification, and repealing
Regulation (EU) No 526/2013.
Evans, D 2011, ‘The Internet of Things, how the next evolution of the Internet is changing every-
thing’, Cisco Internet Business Solutions Group (IBSG), San Jose, CA, US.
Foley, RK 1967, ‘A survey of the maritime doctrine of seaworthiness’, 46 Oregon Law Review,
vol. 369.
Gilmore, G & Black, CL 1975, The Law of Admiralty, 2nd edn., The Foundation Press, Inc, New
York, NY, US, pp. 1-50.
Greenberg, A 2018, ‘The untold story of NotPetya, the most devastating cyberattack in history’,
Wired, 22 August, viewed June 28, 2020, <https://www.wired.com/story/notpetya-cyberattack-
ukraine-russia-code-crashed-the-world/>.
Heilig, L & Voss, S 2017, ‘Information systems in seaports: A categorization and overview’, Infor-
mation Technology and Management, vol. 18, no. 3, pp.179-201.
HM Government 2019, Maritime 2050: Navigating the future, Department for Transport, London,
UK.
International Maritime Organization (IMO) 2017a, Strategic Plan for the International Maritime
Organization, December, London, UK.
——2017b, Guidelines on Maritime Cyber Risk Management (MCRM), 5 July, London, UK.
International Maritime Organization (IMO) Resolution, 2017, Maritime cyber risk management in
safety management systems, Annex 10 Resolution, msc.428(98), 16 June, London, UK.
International Tribunal on the Law of the Sea (ITLOS) 2016, Philippines v. China (PCA case num-
ber 2013–19, also known as the South China Sea Arbitration Award), 12 July.
Kirkpatrick, DD & Castle, C 2019, ‘UK warns Iran of “serious consequences” for seizing oil tank-
er’, New York Times, 20 June.
Lloyd’s 2017, The top risks in shipping today, 12 September, London, UK.
Lloyd’s Register 2015, Global marine technology trends 2030, Collaborative project between
Lloyd’s, Qinetiq, and University of Southampton, London, UK.
Maritime Transportation Security Act (MTSA) 2002, Pub. L. No. 107-295, 116 Stat. 2064 (An Act
To amend the Merchant Marine Act, 1936, to establish a program to ensure greater security for
United States seaports, and for other purposes).
Martinson, RD 2018, ‘Echelon defense: The role of sea power in Chinese maritime dispute strate-
gy’, U.S. Naval War College: China Maritime Studies, no. 15, Naval War College Press, Newport,
RI, US.
Ministère de l’Europe et des affaires étrangères 2018, Paris Call for Trust and Security in Cyber-
space, France Diplomacy, 12 November, viewed 28 June 2020, <https://www.diplomatie.gouv.fr/
en/french-foreign-policy/united-nations/alliance-for-multilateralism-63158/article/paris-call-for-
trust-and-security-in-cyberspace>.
NATO Review 2018, VOSTOK 2018: Ten years of Russian strategic exercises and warfare prepa-
ration, The North Atlantic Treaty Organization, 20 December, Brussels, BE.
National Institute for Standards and Technology (NIST) 2017, Framework for Improving Critical
Infrastructure Cybersecurity, Version 1.1, 10 January.
New Zealand Strategy for Maritime: New Zealand’s International Engagement, 2018 to 2023,
January 2018.
Papp, RG 2019, ‘Kennan Cable no. 41: A cyber treaty with Russia’, The Woodrow Wilson Center
for International Scholars, 29 March, Washington, DC, US.
Robertson, DW, Friedell, SF & Sturley, MF 2015, Admiralty and maritime law in the United
States: Cases and materials, 3rd edn, Carolina Academic Press, Durham, NC, US, pp. 276-7.
Rundle, J 2019, ‘Maritime cyber rules coming in 2021 are outdated, critics say’, The Wall Street
Journal, 18 July.
Sapiie, MA 2016, ‘Indonesia to start joint sea patrols with Malaysia, Philippines’, The Jakarta
Post, 2 August.
Spain 2013, National Maritime Security Strategy 2013, Spanish Security Council, 5 December.
Srinivasan, S, Pitcher, Q & Goldberg JS 2019, ‘Data breach at Equifax’, Harvard Business School
Case Collection, October 2017, revised April 2019, Harvard Business School Publishing, Boston,
MA, US.
Tam, K & Jones, KD 2018, ‘Maritime cybersecurity policy: The scope and impact of evolving
technology on international shipping’, Journal of Cyber Policy, vol. 3 no.2, pp. 147-64.
Thiele, RD 2018, ‘Game changer – Cyber security in the naval domain’, no. 530, The Institute for
Strategic, Political, Security and Economic Consultancy (ISPSW), Berlin, DE.
United Kingdom 2018, The Network and Information Systems Regulations 2018, no. 506, Elec-
tronic Communication.
United Nations Conference on Trade and Development (UNCTAD) 2018, Review of Maritime
Transport, United Nations, Geneva, CH.
United Nations (UN) 2018, Report of the United Nations Commission on International Trade Law
(UNCITRAL), 51st session, 25 June-13 July 2018, General Assembly 73rd session, Supplement No.
17, United Nations, Geneva, CH.
United States Coast Guard (USCG) 2009, Model Maritime Service Code, US Coast Guard Head-
quarters, Washington, DC, US.
US Department of Defense (USDoD) 2015, Asia-Pacific Maritime Security Strategy, The Penta-
gon, Washington, DC, US.
Valencia, MJ 2003, ‘Regime building in the East China Sea’, Ocean Development and Internation-
al Law Journal, vol. 34, no. 1, pp. 189-208.
The White House 2005a, National Strategy for Maritime Security (NMS), The Executive Office of
the President, Washington, DC, US.
——2005b, National Plan to Achieve Maritime Domain Awareness for the National Strategy for
Maritime Security, The Executive Office of the President, Washington, DC, US, p. 1.
——2005c, Global Maritime Intelligence Integration Plan, The Executive Office of the President,
Washington, DC, US.
——2018, National Cyber Strategy for the United States of America, Executive Office of the Pres-
ident, Washington, DC, US.
World Maritime News (WMN) 2018, ‘UK’s autonomous shipping industry gets a boost,’ World
Maritime News, 8 October, Schiedam, NL.