The Load Star — 2023-03-09
Maritime and Ports
Digital interconnectivity will increase efficiency, but will also make forwarders, carriers and hubs more of a target for cyber criminals.
The need for greater connectivity between technologies such as IT, OT and IoT, as well as different vendors, have propelled the industry to new heights of fleet efficiency, route optimisation and profit margins.
But it comes with greater risks, according to Singapore’s Ensign InfoSecurity.
“The maritime industry has been under immense pressure from the Covid-19 pandemic and the Russia-Ukraine conflict. The other element straining the system is the ever-escalating wave of cyber threats globally."
Ensign’s Cyber Threat Landscape 2022 report notes that the maritime sector is one of the top targeted sectors in Singapore when it comes to ransomware cyber-attacks on critical infrastructure and the shipbuilding and logistics sub-sectors, due to its role as a maritime hub port.
The consequences of a cyber-attack can be wide-ranging – and continue to impact companies well after it’s over, such as Expeditors and its current court case with an affected customer.
Death Kitty ransomware disrupted TransNet’s container and trucking operations in 2021 July, while other impacts detected by Ensign throughout 2021 included theft of data, which could be sold, as well as serious disruption.
One of the risks for freight forwarders is cyber-criminals impersonating a legitimate freight forwarding company by copying its website. The aim is to steal freight forwarding fees or any cargo that falls into their possession. Such methods can also be referred to as “brandjacking” and are often used to directly tarnish a brand’s reputation.
In maritime, ship collisions could occur because of e-navigation and other systems being hacked, resulting in loss or damage to ships, injury to personnel, cargo loss, pollution and business interruption. Port operations could also come under attack, resulting in disruption and delays.
In addition, there is also likely to be significant expenditure incurred in responding to a cyber incident. If the personal data of employees or customers are compromised, for example, huge legal fees may be required to respond to the breach, pay the penalties, notify the data protection regulator and data subjects, as well as to defend potential legal proceedings.
While it is impossible to defend against all cyber-attacks, organisations can strengthen their defences. They can begin leveraging the cybersecurity community for threat information and foster greater intelligence-sharing to build early warning systems.
Companies are advised to review and revise incident and crisis management plans and playbooks. They can also run exercises to validate the organisation’s confidence in business recovery.
“Cyber preparedness is an ongoing issue. It is always changing”, explained Dr Vivek Jain of ALCO Insurance Brokers.