Cybercrime Emerges as New Maritime Security Threat
ADF STAFF
Cyberattacks targeted a maritime company an average of every three days in September and October, according to alerts published by safety4sea, a shipping industry news source.
Although the alerts did not pertain to ships in African waters, the Regional Maritime Information Fusion Center (RMIFC)in Antanarivo, Madagascar, relayed them around the East and Southern Africa and Indian Ocean (ESA-IO) region to raise awareness.
“Cybercrime is an emerging threat to maritime security that is beginning to gain the upper hand, and in the ESA-IO region it is creeping up on us,” Lt. Saïd Lavani, Comoran international liaison officer at the RMIFC, told ADF.
According to Lavani, cybersecurity in the maritime industry is becoming a major issue due to the increased use of information technology systems for operations on ships and on shore. When hackers breach confidential data, it can lead to legal issues and substantial financial losses for shipping companies.
In July, the Port of Nagoya, Japan’s largest, had to halt operations for at least two days after a ransomware attack disrupted the port’s communication systems and prevented its import and export operations, according to Dragos, an industrial cybersecurity company.
The Institute for Security Studies has argued that cyberattacks such as a 2017 incident that affected Maersk, the world’s largest container ship and supply vessel operator, could be devastating in Africa. Maersk was not the intended target of the attack, but the company suffered about $300 million in losses. It also had to halt operations at 17 of its 76 terminals worldwide.
Hacker groups typically demand a ransom to return control of breached systems to affected companies and facilities.
A new report by law firm Holman Fenwick Willan (HFW) and maritime cybersecurity company CyberOwl shows that as shipping companies increasingly use advanced satellite communications such as Low Earth Orbit networks to improve connectivity, they also expose backdoor vulnerabilities to cyber criminals.
Because maritime operational technology and fleet operations management are almost entirely digital, cyberattacks can compromise anything from vessel communication systems to systems managing ballast water, cargo management, and engine monitoring and control, according to Tom Walters, a partner at HFW.
“Failure of any of those systems could result in a vessel being stranded and potentially grounded,” Walters told The Maritime Executive. “This is a critical issue for all parties involved in the shipping sector, and it’s clear that the industry has to do more to protect itself against cyberattacks.”
The report showed that the average cost of cyberattacks rose 200% worldwide in the past 18 months to more than $550,000 per attack.
“Our research shows that the [shipping] industry has improved dramatically in a short space of time,” Nick Chubb, managing director of Thetius, a global maritime industry innovation agency, told The Maritime Executive. “But it also shows that cybercriminals are evolving faster.”
One-third of the companies surveyed in the HFW-CyberOwl report spend less than $100,000 annually on cybersecurity management. A quarter of the respondents did not think their company had insurance to protect from losses due to cyberattacks.
Lavani said some of the continent’s coastal and island territories are continuing to raise awareness of cyberthreats.
The Indian Ocean Cybersecurity Observatory on Réunion Island launched a cybersecurity awareness campaign in late October. The observatory aims to create a community in the fields of cybersecurity and data protection and to raise awareness of maritime cybersecurity issues.
According to Lavani, the ESA-IO region thus far has been spared from cyberattacks on shipping companies and facilities.
“To my knowledge, we, as a regional center, have not yet recorded any event of this kind in our general area of responsibility,” Lavani said.
Still, Lavani said he believes that most African states are not doing enough to prevent future maritime cyberattacks.
“Only the developing countries are well aware of that emerging threat, since they are facing many issues relating to that,” he said.
Comments are closed.