Identifying the maritime sector’s cybersecurity risk
Nearly 90 % of all goods traded in the global economy are transported via the Global Maritime Transportation System (GMTS), a network of thousands of ships and ports around the world. Needless to say, any disruption to this maritime supply chain would have a huge impact on the economy and society. Considering the importance of the maritime sector, it may come as a surprise to learn that the GMTS has significant vulnerabilities, particularly when it comes to cybersecurity. “While awareness about the cybersecurity risk is growing and some progress has been made, there are still significant challenges facing the industry and regulators,” says David McIlhatton, associate pro vice-chancellor for research at Coventry University. With the support of the EU-funded STRAITSECURITY project, McIlhatton, together with Adam James Fenton, a Marie Skłodowska-Curie Actions fellow, set out to address some of these challenges. “Our goal was to put the spotlight on the problem of cybersecurity in ships, along with the accompanying challenges that come with a lack of skills, implementing and enforcing regulations, and creating some kind of international information sharing platform or arrangement,” explains Fenton.
Studying two of the world’s busiest shipping lanes
To better understand these cybersecurity challenges, the researchers used the Straits of Malacca and Singapore as case studies. Not only are they two of the world’s busiest shipping lanes, they are also located in regions where terrorists, pirates and organised crime groups are known to be active. However, conducting a detailed threat analysis proved more difficult than expected. “On the one hand, due to their legal, reputational and commercial impact, shipping companies are understandably reluctant to share details about a cyberattack,” remarks Fenton. “On the other hand, given the clandestine nature of cybercriminals, it is difficult to accurately assess their cyber skills.”
Identifying where shipping is most vulnerable to a cyberattack
Despite these difficulties, the project was able to make some important findings. For instance, judging by the complexity of previous incidents, these criminal groups clearly have the necessary skills to launch a coordinated cyberattack. “This means that major shipping chokepoints are definitely vulnerable to a major attack, the problem is we just don’t have an accurate means of determining when such an attack might happen,” notes Fenton. According to McIlhatton, this highlights the importance for companies operating in these areas to take this risk into account. “Unfortunately, obtaining insurance for maritime cyber risk remains complex and is an area that must be addressed by regulators,” he says.
Awareness of the maritime sector’s cybersecurity risk
While there is still plenty of work to be done, the STRAITSECURITY project succeeded at creating greater awareness about the maritime sector’s growing cybersecurity risk. “A secure maritime sector is essential to a functioning global economy, and we need to prepare for the possibility of a major cyber incident,” concludes Fenton. “Doing so must involve not only the shipping industry itself, but also a diverse array of related partners and stakeholders, including law enforcement, academia and the legal, insurance and banking industries.” The project has published some of its findings in a number of industry journals, including the ‘Journal of Marine Science and Engineering’. Fenton is in the process of finalising a book based on the project, which was recently accepted by a major academic publisher. He also plans to expand on the project’s work, with a focus on researching how to improve seafarers’ cybersecurity skills.
Keywords
STRAITSECURITY, maritime, cybersecurity, cyberattack, ships, shipping, shipping lanes, shipping companies
