Periodic Reporting for period 1 - STRAITSECURITY (Hybrid threats to Indonesia’s Maritime Security: an assessment of cyber and cyber-physical vulnerabilities in the world’s busiest shipping lanes)
Berichtszeitraum: 2022-02-01 bis 2024-01-31
The project addressed the emerging threats to maritime security arising from increasing cyber and technological vulnerabilities in the global maritime transportation system. With pervasive use of interconnected information technology, operational technology, satellite communications and internet of things devices, the maritime sector faces potential catastrophic disruption from cyber-attacks and hybrid threats involving both cyber and physical elements.
This issue is of critical importance to society as over 90% of global trade is carried by maritime shipping. Disruptions to major shipping lanes like the Straits of Malacca and Singapore could have severe economic consequences worldwide by disrupting global supply chains.
The overall objectives were:
To explore policy, law and governance at the nexus of maritime and cyber security using important shipping lanes like the Malacca Strait as case studies.
To analyze capabilities and tactics of regional threat actors like terrorists, pirates and cybercriminals in conducting hybrid maritime attacks.
To investigate unique cybersecurity challenges for the maritime domain arising from remote, mobile IT systems on ships.
To assess maritime sector vulnerabilities to cyber attack and identify regulatory/policy gaps to be addressed.
To examine port security regulations regarding cyber-physical threats and potential vulnerabilities.
To understand the changing nature of maritime and cyber threats in the context of evolving global conflict involving states, non-state and state-sponsored actors.
The key conclusions were that while international governance efforts are underway, significant vulnerabilities remain due to uneven enforcement and gaps between regulation and reality. The project provided recommendations for industry practices, international governance, regional cooperation and capacity building to enhance maritime cybersecurity and overall resilience of the global maritime transportation system.
This issue is of critical importance to society as over 90% of global trade is carried by maritime shipping. Disruptions to major shipping lanes like the Straits of Malacca and Singapore could have severe economic consequences worldwide by disrupting global supply chains.
The overall objectives were:
To explore policy, law and governance at the nexus of maritime and cyber security using important shipping lanes like the Malacca Strait as case studies.
To analyze capabilities and tactics of regional threat actors like terrorists, pirates and cybercriminals in conducting hybrid maritime attacks.
To investigate unique cybersecurity challenges for the maritime domain arising from remote, mobile IT systems on ships.
To assess maritime sector vulnerabilities to cyber attack and identify regulatory/policy gaps to be addressed.
To examine port security regulations regarding cyber-physical threats and potential vulnerabilities.
To understand the changing nature of maritime and cyber threats in the context of evolving global conflict involving states, non-state and state-sponsored actors.
The key conclusions were that while international governance efforts are underway, significant vulnerabilities remain due to uneven enforcement and gaps between regulation and reality. The project provided recommendations for industry practices, international governance, regional cooperation and capacity building to enhance maritime cybersecurity and overall resilience of the global maritime transportation system.
The researcher conducted an extensive literature review and gathered primary data through interviews, surveys, roundtables and discussions with over 50 experts from government, industry, law enforcement, academia and other stakeholders across the UK, Europe, Southeast Asia and other regions. This allowed a comprehensive analysis of:
The international and national legal/policy frameworks governing maritime cybersecurity and emerging technologies like AI and autonomous vessels.
The capabilities and tactics of regional threat actors in Southeast Asia that could conduct hybrid maritime attacks.
The unique cyber vulnerabilities arising from the remote, mobile IT/OT systems used in maritime operations.
The overall cybersecurity preparedness and resilience of the maritime sector to cyber-physical threats.
The broader geopolitical context of evolving interstate and intrastate conflict involving state and non-state actors relevant to hybrid maritime threats.
Key results included mapping the complex governance landscape, identifying significant gaps between regulation and industry realities, assessing criminal/terrorist hybrid threat capabilities, and analyzing the security implications of adopting emerging maritime technologies like AI and autonomous ships/vessels.
The research outputs were disseminated through three peer-reviewed journal articles, a special report, three international conference presentations, a policy brief shared with stakeholders, news/social media commentary, and training sessions delivered to practitioners. The research also facilitated new international collaborations on future funding proposals related to simulating cyber attacks in maritime environments for training and other purposes, and in the area of AI and security/resilience.
Exploitation of results is ongoing, with the researcher appointed to a permanent faculty position to continue research, teaching and training in this field based on the project's accomplishments. Commercialisation prospects include potential training systems/simulators developed jointly with partners in government, industry and other universities.
The international and national legal/policy frameworks governing maritime cybersecurity and emerging technologies like AI and autonomous vessels.
The capabilities and tactics of regional threat actors in Southeast Asia that could conduct hybrid maritime attacks.
The unique cyber vulnerabilities arising from the remote, mobile IT/OT systems used in maritime operations.
The overall cybersecurity preparedness and resilience of the maritime sector to cyber-physical threats.
The broader geopolitical context of evolving interstate and intrastate conflict involving state and non-state actors relevant to hybrid maritime threats.
Key results included mapping the complex governance landscape, identifying significant gaps between regulation and industry realities, assessing criminal/terrorist hybrid threat capabilities, and analyzing the security implications of adopting emerging maritime technologies like AI and autonomous ships/vessels.
The research outputs were disseminated through three peer-reviewed journal articles, a special report, three international conference presentations, a policy brief shared with stakeholders, news/social media commentary, and training sessions delivered to practitioners. The research also facilitated new international collaborations on future funding proposals related to simulating cyber attacks in maritime environments for training and other purposes, and in the area of AI and security/resilience.
Exploitation of results is ongoing, with the researcher appointed to a permanent faculty position to continue research, teaching and training in this field based on the project's accomplishments. Commercialisation prospects include potential training systems/simulators developed jointly with partners in government, industry and other universities.
Progress beyond the state of the art:
This project made important contributions beyond the current state of the art by comprehensively analyzing the complex intersections between maritime security, cybersecurity, emerging technologies like AI/autonomous vessels, and hybrid threats involving both cyber and physical elements. Previous work has tended to look at these issues more in isolation.
The research mapped the evolving international governance landscape trying to keep up with rapid technological change, identified key gaps and challenges, and proposed novel policy recommendations for addressing systemic vulnerabilities in the maritime transportation system.
By incorporating perspectives from a diverse range of stakeholders and disciplines, the research provides a holistic view that can inform more robust risk management and resilience-building efforts.
Expected results until the end of the project:
The project is now completed, but the researcher aims to build on its findings and networks in several ways:
Publication of a book proposal with a leading academic publisher synthesizing the research
Developing funding proposals with international partners to simulate hybrid cyber-attacks in maritime environments for training/preparedness
Relaunch and leadership of a revised Maritime Security Master's degree program at the host institution incorporating insights from the project
Continuing research, publishing, and engagement activities to further amplify the project's impacts
Potential impacts:
Socio-economic impacts:
Enhancing maritime cybersecurity can help mitigate major economic disruptions from attacks on shipping/ports
Improving resilience of global supply chains that are critically dependent on maritime transportation
Driving development of innovative training/simulation tools with commercial potential.
Wider societal implications:
Greater societal preparedness for emerging hybrid threats that could impact civilian shipping/infrastructure
Policy guidance to shape governance of transformative technologies like AI in the maritime domain
Advancing an interdisciplinary, multi-stakeholder approach to complex human-machine security challenges
The project's impacts have a ripple effect – from economic consequences to national security ramifications and shaping responsible development of powerful new technologies that will increasingly permeate key sectors like maritime operations. Its holistic, forward-looking perspectives provide a framework for proactively managing the security implications of our increasing societal reliance on cyber-physical systems.
This project made important contributions beyond the current state of the art by comprehensively analyzing the complex intersections between maritime security, cybersecurity, emerging technologies like AI/autonomous vessels, and hybrid threats involving both cyber and physical elements. Previous work has tended to look at these issues more in isolation.
The research mapped the evolving international governance landscape trying to keep up with rapid technological change, identified key gaps and challenges, and proposed novel policy recommendations for addressing systemic vulnerabilities in the maritime transportation system.
By incorporating perspectives from a diverse range of stakeholders and disciplines, the research provides a holistic view that can inform more robust risk management and resilience-building efforts.
Expected results until the end of the project:
The project is now completed, but the researcher aims to build on its findings and networks in several ways:
Publication of a book proposal with a leading academic publisher synthesizing the research
Developing funding proposals with international partners to simulate hybrid cyber-attacks in maritime environments for training/preparedness
Relaunch and leadership of a revised Maritime Security Master's degree program at the host institution incorporating insights from the project
Continuing research, publishing, and engagement activities to further amplify the project's impacts
Potential impacts:
Socio-economic impacts:
Enhancing maritime cybersecurity can help mitigate major economic disruptions from attacks on shipping/ports
Improving resilience of global supply chains that are critically dependent on maritime transportation
Driving development of innovative training/simulation tools with commercial potential.
Wider societal implications:
Greater societal preparedness for emerging hybrid threats that could impact civilian shipping/infrastructure
Policy guidance to shape governance of transformative technologies like AI in the maritime domain
Advancing an interdisciplinary, multi-stakeholder approach to complex human-machine security challenges
The project's impacts have a ripple effect – from economic consequences to national security ramifications and shaping responsible development of powerful new technologies that will increasingly permeate key sectors like maritime operations. Its holistic, forward-looking perspectives provide a framework for proactively managing the security implications of our increasing societal reliance on cyber-physical systems.