Introduction
This research aims to analyze how cyber insecurity through cyber-attacks is impacting the maritime industries. The research questions that will be answered include; the defense mechanism that maritime possesses and how it can be enhanced, what countries are affected by maritime cyber-attacks, how the mitigation of cyber-attacks would increase trade on a global scale, and what causes cyber-attacks in maritime industries.
International trade practicalities are motivated by approximately fifty thousand cargo ships across the globe— thousands of which pass through our oceans every month, struggling with unfavorable conditions and stringent deadlines to deliver goods worth billions of dollars. If the hazards of piracy, hurricane-force winds and, geopolitical tensions are not enough, like every other digital sector, merchant vessel fleets, which are the cornerstone of modern societies, perhaps–are already facing increasing cyber-safety risks. Thanks to revolving personnel and distant positions, marine ships face difficulties, unlike corporations and specified-location networks.
Discussion;
Threats of cyber-security in Maritime
Maritime travel still makes essential contributions to society in terms of the economy, with on-time deliveries affecting several aspects from the accessibility of goods and services, as well as spot retail prices to the stabilization of small nations. Ironically, it is a comparatively low-skill industry to capsize a boat with a cyber-attack, as per a report by Pen Test Partners (Seals, 2019). With many recently described avenues to penetrate onboard shipping channels such as; Satcom infiltration, phishing, USB threats, vulnerable Wi-Fi team, and many more, the issue remains of what an opponent does with that access?
Critical ship control networks are at question (Seals, 2019). These include; IP-to-serial converters, GPS receivers, and Voyage Data Recorder (VDR) appear to be quickly corrupted; some onboard computers, for example, are still running Windows XP or Windows NT, and converters have seldom modified their keys. Those who have quasi-default passwords probably have such obsolete software that they can be easy to exploit. Some specialists have pointed out that several of the Moxa system servers typically located onboard ships have previously been found to be prone to a software upgrade attack that enabled negligible vulnerability (Seals, 2019).
Such unsecured machines connect with a variety of control devices through a structured messaging service, called messaging NMEA 0183. This is a superset of the format of messaging that is utilized in GPS devices (Seals, 2019). Some of the systems aligned with the above statement include; autopilot systems, ballast control, digital compasses, engine control, propulsion control, and dynamic positioning. These are all the systems hat a hacker requires to steer the ship off-course with the ability to create catastrophes of large scales.
Typically the messages are shared via sequential datacomms from RS485, whether explicitly or embodied over IP channels. CAN is utilized in some instances as a connection between serial and IP. Every level where the serial reaches IP is a place that the attacker can theoretically enter the messaging service (Seals, 2019). Once the hacker can hit the systems, it might be possible, for example, to replicate the Hoegh Osaka accident in which the ballast tanks of a car carrier were not loaded correctly, resulting in the ship forming a substantial listing after a sharp turn out of the harbor.
Because of a good wind blowing, it barely avoided capsizing (Seals, 2019). Modern ballast control systems offer remote monitoring, as well as operations from the safety of the bridge, usually through using a PC. In such a case, the assailant would quickly send the appropriate serial data to the pump controllers that control the ballast, thereby causing them to pump from the port to the starboard ballast tanks. When all the ballast falls into the one side, capsizing is inevitable (Seals, 2019).
Strategies Maritime industries have to mitigate cyber-attacks
The maritime industry includes all companies involved in the design, construction, manufacture, acquisition, operation, supply, repair, and maintenance of ships or parts of components. Shipping routes and border control brokerage services, dockyards, and dry shipyards are managed and operated by the sector. Maritime freight accounts for around eighty-five percent of the international trade (Baskar & Balakrishnan, 2019). The function of transporting cargo by means of shipping services provided by shipping routes, the procedures associated with transporting the shipment from the supplier’s distribution center to the receiver’s distribution center, including arrangements for delivery services offered by the shipping routes through the use of ships and any other vessel related to the ocean and seas, can be associated with maritime industries (Baskar & Balakrishnan, 2019).
Since the advent of data systems, the maritime industry has ushered in a new stage of growth. Various innovations in the sector of industrial control structures have converted the technique of operating and working estuaries, ships, navigation systems, communication systems, and tankers (Iqbal, 2019). The addition of a new software program in the design of the vessel shows how architecture has opened up new paths to include innovative new technologies. This innovation has improved the navigation and communication system, as well as the ongoing operations of ships and vessels in the maritime sector (Iqbal, 2019).
In the maritime industry, the old mechanical networks have been substituted by an integrated mix of hardware and software with the inclusion of electromechanical paradigms that are utilized across the whole industry. Modern ships and vessels are now becoming portable offices, information sharing hubs, and learning areas (Iqbal, 2019). The vessels with interlinked programs are produced with electronic control units (ECUs) that essentially allow them to produce, consume, substitute, and exchange data with maritime facilities such as ports, harbors, semi-submersibles, and oil rigs and other vessels.
In the above context, with most of the globe’s commerce occurring via sea lanes, it becomes necessary for the maritime industry to comprehend the underlying potential risks associated with the maritime cyber environment and then suggest alternatives to protect and minimize these cyber-attacks (Iqbal, 2019). In the Maritime industries, several emergency systems are reliant on cyber technology, including security monitoring through cameras and fire detection.
The maritime industry utilizes the interlinked cyber systems to allow business transactions, execute agreements, place orders, and execute business-related functions across wireless networks in comparison to other companies (Baskar & Balakrishnan, 2019). The global dimension of shipping ensures carriers are using integrated computer networks to provide vessel, freight, and traveler, as well as personnel details to customs agents around the globe. Although these innovations make it possible for the shipping sector to be active and efficient, they pose risks (Baskar & Balakrishnan, 2019). Using or damaging intertwined information infrastructure creates economic instability and affects the shipping industry.
Ships use the global positioning system to navigate on solely connected GPS using the same cargo monitoring command technology (Baskar & Balakrishnan, 2019). Some interference, numerous error spots through a disturbance of GPS transmissions and ransomware, affects how the information is read, interpreted, and used on the ship or service. Firms and individuals have different motives for leveraging these flaws (Baskar & Balakrishnan, 2019).
Many attacking the shipping industry include, but are not limited to, or cyber-criminals, former employees, hackers, con artists, government-sponsored threats, and extremists, to mention a few (Baskar & Balakrishnan, 2019). The motivation behind such attacks includes to damage the reputation of the industry, to disrupt the daily operations of the maritime sector which might trigger heavy losses for organizations, for financial gain of the assailants, for commercial and industrial espionage, to gain intelligence about the competition, for the challenge, as well as the thrill and lastly, to gain politically (Baskar & Balakrishnan, 2019).
To improve the systems so that they cannot fall prey to attacks, the Maritime industries should implement a cybersecurity platform that assesses the exposure to risk and raising the awareness of cybersecurity (Belmont, 2015). It is hard to safely allow the use of internet services across the fleet with no issues related to security. Advanced cybersecurity services should be created and implemented as measures of safeguarding fleets from current and potential threats and vulnerabilities, especially those that do not require user action (Hannemann, 2019).
However, before they implement this platform, it is vital to carry out a cyber-risk assessment. A robust cyber-risk assessment is the critical first tactical move to secure the vessels from ransomware and any other existing and potential cyber-attacks and deficiencies. What potential threats may you face? One need’s to comprehend the ship’s existential threats to cyber-security, as well as the internal threat to cyber-security presented by inadequate use and unawareness (Hannemann, 2019). Are the vessels onboard systems and processes strong enough to address the current threat level?
One can minimize cyber hazards onboard the ships by continuously evaluating exposure to risk and then operating to enforce security and warning system measures (Belmont, 2015). Some of the countries that are profoundly affected by maritime cyber-attacks include; the United States, Britain, Nigeria, South Africa, Germany, Sweden, France, and Spain, to mention a few. Many are taking the opportunity to improve on the systems to mitigate the ease and effect of cyber-attacks.
How would decreasing cyber-attacks increase trade worldwide?
Cybersecurity has progressively been referenced as an aspect of national security with the broad implementation of information and communications technologies (ICTs) in virtual society, such as critical systems that are essential to military security, economic security, and cultural safety (Huang & Johnson, 2018). Nations may be restricted in virtual reality by cyber-security laws and policies to shield them, organizations, and individuals from potential cyber threats, which improve defensive and offensive capacity in virtual reality. There is no question that such laws and regulations would affect virtual reality, not just on the states themselves, but on the globalized Internet culture that is bordering as well (Mitchell & Hepburn, 2016).
The global commercial atmosphere is being transformed with the mitigation of cyber-attacks, especially on maritime industries. National actions, both instigating and coping activities, along with institutional efforts, revolutionize the global trade environment. Such events will alter the risks and costs of the global logistics of the institution (Mata, 2015). As a result, such activities will also influence the institution’s decision on the choice of suppliers, where and how to buy the products and services, and where to sell the goods and services. On the other side, the global trade atmosphere will affect foreign relations between various countries, which might influence national activities when faced with the issue of national cybersecurity (Mata, 2015).
Moreover, the manufacturer and market’s strategic value in an international institutional supply chain can influence organizational decisions on logistics cyber risk management, including when faced with country-wide regulatory constraints. For instance, once the market is quite minuscule, an institution might have a more significant potential to select the “evasion” initiative, or compliance with the legislation is too expensive, or the homeland’s organizational constraints are too acute (Huang & Johnson, 2018).
Scholars have noted that utilizing this conceptualization to consider the interactions between cyber-security and global trade has the following effects. Cybersecurity will have an impact on national and corporate practice, through policy development and implementation, as well as supply chain network risk management, while reshaping the global business climate (Mitchell & Hepburn, 2016). Conversely, if these organizations recognize the cyber-security concerns involved, the global trade environment will influence national actions and organizational decisions. To delve deep into this structure, it is vital to unravel that element and build a taxonomy that uses real-world cases to provide in-depth comprehension of these frameworks.
What causes cyber-attacks in maritime industries?
If there is one fundamental principle that individuals have gained in the previous decades from changes in the cyber-security world, it is that no one is exempt from cyber-attacks. Assailants recognize and subvert flaws wherever they may arise, irrespective of the geographical position of the target, be it the target is an individual or a business, or even which industry is the focus (Dimitriadis, 2018). Assailants are similarly able to create mayhem the same way if their target is ground or sea-oriented. Since more than seventy percent of the world is covered by water and a growing area of assault for ships sailing across these waters, it is fair to state that cybercriminals do not lack maritime resources (Dimitriadis, 2018).
Research published by shipping conglomerates by the name “Guidelines on Cyber Security Onboard Ships,” warned that corrupted IT programs triggered a ship with an incorporated mapping bridge to suffer a failure of almost all its navigation systems at while at sea, particularly in high traffic zones which can reduce visibility (TH-Q, 2019). Meanwhile, simple modifications to the cargo loading pattern can trigger discrepancies in the weight load, which is in the hull of the vessel, which can have severe consequences in relation to the crew, cargo, and passengers, as well as negatively impacting the environment.
Further than that, it may eventually recover from the blow to the credibility of a brand, resulting in a significant loss in profits and consumer confidence (TH-Q, 2019). This occurrence may be realized after several years of trying to control the damage done to the reputation of the brand and the organization. Whereas the concern to date is enhancing the maritime industry, the industry has predominantly looked the other way, which could provide a platform for havoc cyber-attacks.
The paucity of procedures in maritime cyber-security has led to the incurring of several millions of dollars from the sector (Dimitriadis, 2018). One of the greatest-profile cyber threats in the industry was in the year two thousand and seventeen against the container shipping colossal known as Maersk. NotPetya, a malware attack for ransoms, was implemented. It was a malware that deterred people from obtaining their information only if they compensated only three hundred United States dollars in bitcoin.
This malware was used to shake the operations of the company. The malware took advantage of some security flaws in Windows systems, resulting in an adverse effect on the market numbers of businesses (TH-Q, 2019). Previously, shipping giant COSCO encountered a similar assault using this malware. Luckily, unlike Maersk, the disruption was confined to American business procedures. This is because, unlike Maersk, it appears that COSCO operated with regional IT systems instead of a single unified system, thus restricting the total damage.
How would cyber-attacks be a threat to the environment and the economy?
Cyber threats, like ransomware, are a national security issue, causing significant disruption to the global financial system by billions. For regulated industries like medical and industries, the risk is higher (Bloomberg Intelligence, 2017). The increasing number of products on the Internet of Things and enhanced mobile acceptance, together with new legislation on data security in Europe, are probably to stimulate further expenditure on software and IT services in the coming years.
The insurance industry sells plans to cover for some threats. In two thousand and twelve, the data industry accounted for approximately five percent of the total value-added, four percent was allocated to employment, and twelve percent was assigned to the total fixed investment in the OECD. In contrast, ICT patents accounted for forty percent (Cristadoro, Di Giuliomaria, Biancotti, Fazio, & Partipilo, 2017).
Shadow IT systems, sources expose businesses to new security threats. Increasing the use of third party software is becoming a significant source of ransomware by enterprise networks without the awareness of the IT department of an organization. This existence of unapproved software in a company is climbing, known as a shadow IT system, as different departments are buying products solely, rather than going through the CIO (Cristadoro, Di Giuliomaria, Biancotti, Fazio, & Partipilo, 2017). A critical factor in the proliferation of ransomware throughout enterprise networks is the uploading of files from private networks and linking to insecure systems (Cristadoro, Di Giuliomaria, Biancotti, Fazio, & Partipilo, 2017). Mobile workers attract more malware; promote new security services. The rapid increase in mobile malware drives market opportunity.
This type of security system tracks mobile apps and data traffic. This commodity works in conjunction with support provided by software and applications for mobile management. The commodity strongholds the efforts by any malicious software to deliver unapproved information through the systems in use (Cristadoro, Di Giuliomaria, Biancotti, Fazio, & Partipilo, 2017). In several instances, the worker requests to access company information on their smartphones. This has forced the IT departments of several organizations to open networks that lack adequate controls.
U.K’s role in protecting the maritime form cyber attacks
Cybersecurity is not only about stopping hackers from obtaining information and databases. It is also about securing digital assets and data, securing the sustainability of trade, and maintaining the resilience of the shipping industry to external threats. This includes not only safeguarding vessel networks from physical attacks but also providing reliable support networks (Department for Transport, 2017). So that suitable methods and innovations are in place to prevent any harm in the occurrence of an altercation. There is a need for safety of personnel — to protect against the potential threat from insiders, whether from the shore or those based on the ship. Boat owners and operators have to comprehend and facilitate cybersecurity (Department for Transport, 2017).
Possible solutions to the issue
The first step will to build the response team. The main goal is to restore normal ship functions and to restore the IT and OT programs through an assembled team. The response team, that may include a mix of on-board and shore-based staff, as well as additional experts, must be able to complete all facets of the reaction (Walter, 2019). To insure that you react accurately to the cyber accident, the response team must figure out: how the event is caused by which IT and OT systems and the degree to which business and administrative information were compromised, and what and how to retain as proof of the event (Walter, 2019).
Conclusion;
In conclusion, the purpose of this essay is to examine how cyber insecurity through cyber-attacks is impacting the maritime industries through analyzing some fo the questions that have been answered above including; the defense mechanism that maritime possesses and how it can be enhanced, what countries are affected by maritime cyber-attacks, how the mitigation of cyber-attacks would increase trade on a global scale, and what causes cyber-attacks in maritime industries.
The essay begins with an analysis of the threats of cyber-security in Maritime, which includes malware and other malicious software that may corrupt the systems. This is followed by how a decrease in cyber-attacks would increase trade worldwide and the causes of cyber-attacks in maritime industries. Lastly, the cyber-attacks impact on the environment will be analyzed in detail. Also included in the essay is the U.K stand on the protection of maritime industries against cyber-attacks and possible solutions that can be implemented.