Risk of Cyber Attacks in Maritime Industry

RISK OF CYBER ATTACKS IN MARITIME INDUSTRY

 

INTRODUCTION

One of the biggest challenges the world encounters today is cyber attacks. Past trends have shown that a large part of the cyber-attacks that have occurred in the last decade have been propelled by an attempt to gain personal or financial data. Today, the nature of threat is changing and companies across all business verticals have begun to experience highly vulnerable and sophisticated attacks that try to inflict damage to property and operations by exploiting the vulnerabilities and taking control of the industrial control systems.

The recent cases of cyber attack on Maersk and the Port of Antwerp clearly depict that even the shipping industry doesn’t remain aloof from the wrath of the prevailing cyber attacks as well. According to the reports of International Chamber of Shipping, international shipping, which is the life blood of the global economy, is responsible for carriage of around 90% of the world trade. Without shipping, intercontinental trade, the bulk transport of raw materials, and the import/export of affordable food and manufactured goods would simply not be possible.  With the induction of newer technologies and dependency on cyber space onboard ships, the threat is going to aggravate.

THREAT TO CRITICAL SYSTEMS ONBOARD

Though in the last decade the shipping industry might not have suffered any major attacks, but that doesn’t diminish the risk of not getting targeted in future. Vessel navigation and propulsion systems, cargo handling and container tracking systems at ports and onboard ships and shipyard inventories and automated processes are all controlled using software that is fundamental to smooth operations. Recent studies have found that these systems are easily penetrable. Imagine a cyber attack on a vessel transiting through Panama Canal resulting in the blockage of channel -  it would have economic impact around the globe.  With ships embedded with highly sophisticated systems onboard for navigation, communication, propulsion, the risks become manifold. The IT (Information Technology) and OT (Operational Technology) onboard, ships are being operated in tandem and more frequently being connected to the internet. This increases the risk of malicious attacks to ships systems and networks making them highly vulnerable. According to a study, essential systems like ECDIS (Electronic Chart Display and Information System), AIS (Automatic Identification System) and GPS embedded onboard ships which aid the safe navigation are vulnerable to attacks, and if not protected might create an unprecedented situation causing disruption.

The International Maritime Organisation, which has made AIS mandatory for most of the vessels requires it to be capable of automatically exchanging the information regarding vessel’s identity, type, position, course, speed and other navigation related information. A cybersecurity firm few years back, was able to penetrate through the AIS as the information exchanged over AIS was not encrypted. It was able to compromise the AIS by creating dummy vessels appear on the display, generate fake emergency and distress calls and sending incorrect data to other AIS users. The online sites which keep a track of the AIS data to monitor the position of vessels was also hit. Similarly, ECDIS which has data pertaining to the navigational charts and GPS are not encrypted and can be easily targeted creating hinderance in safe navigation and arising a situation of collision.

Though there have not been continuous or multiple attacks  pertaining to the shipping industry, the threat is real and will be detrimental. A successful attack could be catastrophic. Lack of encryption and appropriate safeguards in equipment pertaining to navigation, propulsion and communication onboard ships are enough to provoke an attack.

Fortunately, there are many avenues available to safeguard ships, cargo and port infrastructure which are the key elements of the shipping industry. From reckoning the organisation’s existing cybersecurity preparedness, devising an updated security plan adhering to the latest standards to training crew and employees of the threats, key is to develop both precautionary measures and contingency plans to neutralise the risk as far as possible.

CONCLUSION

To conclude, with highly complex and sophisticated cyber attacks emerging everyday, which pose a serious threat to the maritime industry, and whilst the industry endeavours to tackle these attacks, it depends on the individual companies to brace themselves for the prevailing threats and take preventive action, as you can not expect fair winds and a following sea always!  

 

About the Author:

Asst Comdt Bhanu Pratap Singh is a former Coast Guard Officer with a demonstrated history of working at high seas and serving onboard both Coast Guard and Naval Ships. He has carried out many Boarding Operations, Medical Evacuations and Search & Rescue Operations. He also has an exposure of Corporate Security. He is currently working as an Analyst with Risk Management, MitKat Advisory Services where he focuses on Safety, Security and Risk Management Operations.

 

 

 

 

 

 

 

 

 

Published On - Dec 21,2019

Back

©2017 MitKat Advisory Services Pvt Ltd. All right Reserved

Made With Passion:crisis management

Join the Conversation