The entire maritime areas and existing system faces considerable threats from various instances and malicious activities. Issues related to the security and sustainability of the entire maritime technologies and infrastructure necessitates elaborative and cooperative approach to fully combat and mitigate the matter. The ports, computer networks and systems have been identified as critical infrastructure. A port is any selected land and sea area with boundaries defined by a state where the port is positioned, and equipment and infrastructure enable commercial maritime activities. Ports are vital intermodal hubs in both passenger and freight transport. They are also essential border checkpoints and critical in global trade. Furthermore, sea transportation is a crucial economic industry that reinforces intercontinental trade, enhances economic integration, and supports globalization. The sea primarily supports global trade through established international routes and trade lines. The flow of maritime goods is continually expanding, and sea transport has found its vital role in the economies. The security of ports and the competency of their undertakings are thus crucial for maritime transport and the security it provides at regional, national, and international levels.
Port security has been facing challenges that threaten the infrastructure of the maritime industry. Among the challenges and threats faced by the marine industry, the most notable ones are piracy and cyber-crime. These threats and challenges have a significant impact on the maritime sector leading to losses of billions of dollars incurred by the marine industry. While cyber-crime targets the information and technology channels of the infrastructure, piracy usually targets vessels already on the waters. This research is vital in understanding what challenges are encountered by the maritime sector. It will give insights into how these challenges directly impact the infrastructure of the maritime industry. This paper will address the threats and challenges faced by the maritime infrastructure, especially piracy and cyber threats.
Delegate your assignment to our experts and they will do the rest.
Literature Review
Cyber Threats
New challenges and threats keep emerging regarding cyber security, which has heightened the need for new strategies to help combat the threats. Some of the strategies include automation and digital transformations, improving the existing processes, developing new technological capabilities, and interconnecting Information technology with Operational technology. Different ports have modified their infrastructure and services to suit the geographical features and undertakings that usually take place and the challenges they encounter. Port security must ensure that vessels can be anchored safely, allow vessels to pass between water areas, and offer repair services to the ship. The administration of port amenities is typically assigned to private terminal operatives who carry out various maritime goods and people operations. New technologies are, however, changing all maritime operations, such as freight transport management and management of all communications and information of goods and people. All these entities mean that large amounts of money and data are managed by technologies vulnerable to cyber-attacks.
Port operations such as cargo handling mechanisms, including tracking systems, are susceptible to cyber-attacks (Kala & Balakrishnan, 2019). Ports rely heavily on computers and computer control systems for different functions such as loading and unloading cargo. All forms of transshipping equipment, including portal transporters, use technology in different aspects of port operation management, such as cargo inspection and transportation. Vehicles transporting cargo from terminals rely heavily on the GPS tracking service, making the transport system susceptible. Probable GPS jammers can make it problematic for the ports to function or even cripple entire port operations (Nichols et al., 2020). Closure of ports could lead to massive loss of revenue. Viruses can attack system software that has been developed and intended to do port processes from the web, which hacks into even the secured parts of a computer's memory. By taking control of the system, hackers can intercept communications and even do legally binding operations in their names, including transferring funds and crippling all port operations.
The potential cyber threats to maritime infrastructure are more than ever-increasing. These attacks can cause a lot of damage to businesses, resulting in a massive loss of revenue. The infection of verification data for high-value cargo or illegal tracking in a planned attack is one of the likely attacks that maritime infrastructure faces (Tam & Jones, 2019). One notable attack on maritime infrastructure is the attack on the Port of Antwerp, where hackers, working with drug cartels, hacked computer systems that monitor the movements of containers in the port, then removed a shipping container before port authorities inspected it (Androjna & Twyrdy, 2020). Investigations led to the seizing of eight tons of cocaine concealed in a container filled with bananas. The attack was made using a malware program sent through email. Even though this case of invasion was detected and countermeasures implemented, the port authorities could not detect another form of invasion in which hardware and recording instruments attached to keyboards were used.
Another potential attack is the infection of software which leads to a total shutdown of the port operations. A computer virus known as the Petya virus spread via the internet and affected computers in around 65 countries (Pogrebna & Skilton, 2019). In Ukraine, the virus disrupted various computer systems, including those of big corporations such as Danish Shipwright Maersk (Pogrebna & Skilton, 2019). This attack crippled the operations and led to the loss of approximately $300 million. The virus caused massive damage and was planned to erase the data and disable the functions of numerous computer systems. Through the attacks numerous maritime activities were disrupted as the necessary security actions were considered. Virus attacks contributes to the instances of the cyber-crime within the maritime sector.
Piracy
The consequences of maritime piracy are many and affect nearly all countries, whether coastal or landlocked. Its effects are both long-term, usually more significant, and short-term, including an increase in costs. Security dangers affecting the maritime industry can majorly compromise regional, national, and international economic and infrastructure prospects. It is estimated that the world commercial cost of piracy off Somalia coast at approximately $18billion (Knight & Elmi, 2019). The amount acts as a hidden cost as it reflects on the increase in trade costs. It also does not justify for the economic damages to travel and fisheries industries. With any initiated pirate attacks on the navigation channel directed to a particular ship, various economic activities are subsequently disrupted. Water transport acts as the ideal transportation system for ferrying wide and large quantities of goods. Continued cyber-attacks affects the economy largely dependent on this mode of transport.
One of the threats facing critical maritime infrastructure due to piracy is insurance costs. While piracy is not a latest insurance issue, the surge in piracy threats has affected coverage and premiums. Ships passing through the Suez Canal and the Gulf of Aden must have war risk insurance covers after the Gulf of Aden was termed a war hazard area (Hamza & Priotti, 2020). The cost of war hazard premiums has drastically surged since then. Cargo insurance covering cargo ferried on ships also reported a surge in premiums. Shipping companies incur substantial costs in the quest to fully insure their cargoes and client’s merchandise against piracy.
It is estimated that due to the lack of counter-piracy approaches, the number of vessels that navigate across the Gulf of Aden could reduce by about 30 percent. The shipment industry pays approximately $2.3- $3billion yearly to rechannel ships to avoid piracy (Kim, 2019). Redirecting a fleet from the Suez Canal to the Cape of Good Hope enroute from the Middle Eastern to Europe doubles the transportation time usually taken (Kim, 2020). Extended transit times are probable to increase shipping rates, mainly when dealing with perishable goods. Piracy also has a substantial impact on both regional and international trade. Other than generating growth, revenue, and employment, the maritime sector is critical for global trade. Shipping and ports can be regarded as entryways to commerce as they provide entrance to global markets for exportation and importation to all countries, even the landlocked ones. Piracy disrupts sea transport, thus hindering the movement of international freight. It directly impacts the cost of commerce as ships ferrying cargo are intercepted and stopped from transporting the goods. Trade also takes a hit when the areas are considered volatile, and high risk as trading channels are changed, insurance rates increase.
Piracy also threatens the maritime industry in terms of loss of revenue. The negative impacts on trade and revenue collection are due to piracy off the coast of Somalia which in turn causes reduced traffic quantity passing through the Suez Canal, which affected tourism drastically (Siebels, 2020). As some ships choose to bypass the Suez Canal and redirect around the Cape of Good Hope, less income is accrued by Egypt. Companies are also forced to spend extra costs to hire security and armed guards to guard ships and crews against attacks from pirates. Furthermore, they also purchase deterrent security equipment estimated to cost up to $2 billion, together with the armed guards. Piracy also affects the fishing industry on both a regional and international scale. In Africa, the fishing industry creates approximately $10 billion yearly through international exports and licenses dispensed to foreign operators (Lindley, 2020). Piracy disrupts fishing activities and has sizeable social and economic impacts on the economies of the affected regions. Individuals and countries dependent on the fishing sector for sustainability are constantly affected as they source for alternative sources of revenue.
Methodology
The research was conducted by dispatching questionnaires using the mail services. We had selected the emails through a simple random sampling method. The maritime professionals who formed the ideal sample for the research were supposed to offer their response and inference pertained to their knowledge on the degree of cybersecurity. The questionnaire consisted of 12 well-structured closed questions. It assessed and deepened the knowledge of the level of cybersecurity and customary practices of the respondents. Questionnaires were essentially selected due to the difficulties of obtaining satisfactory results from the intended voluntary data collection. Though most of the researchers primarily disregarded the use of the mail services, its convenience and level of response generally aided in consideration of the approach. From the responses, we obtained 130 responses from the questionnaires, where we utilized 100 of them. We had initially sent close to 300 emails to various maritime professionals located within a general maritime area. Insufficient participation of the respondents significantly affected our data collection intention. Obtaining the degree of reliability desired for the survey was somewhat inevitable considering the prevailing respondent's decisions. The stakeholders in the maritime sector prompted the minimal response rate. Though the sector shelters a wide range of respondents, the survey did not cover the ideal threshold for the sample size instrumental in obtaining reliable results on the knowledge pertaining to cybersecurity in general. The reluctance of the maritime professionals to address and answer the questionnaire was substantially affected by the insufficient knowledge and the insecurity issues posed by the spamming incidences. The possibility of the computers being corrupted by a virus or spam was possible given the prevailing conditions and the inability of the maritime computers to offset rampant cybercrimes. Unstable internet connections within the ports prevented most of the personnel on board from addressing the matter urgently. The issues affected the response rate within the ports and the maritime professionals on board.
Analysis
The results obtained from the respondents provided a wide disparity in the level of cybersecurity within the ports. The majority of the results of the respondents had some knowledge about cybersecurity issues within the maritime sector. According to their response, cybercrime affected the practices, insurance, actions, telecommunications, and guidelines within the ports. The respondents had a professional profile as follows; Terminals and ports (39.6%), Ships (46.3%), and other sectors (14.1%). Forty percent of respondents had been affected or reported incidences related to cybercrime. In addition, 65 percent of the maritime professionals share passwords between them. Reported incidences were related to the users of the interconnected computing devices, application services, communication systems, multimedia communications, and information transmissions. The cyber-related crime was initially prompted by spam emails and ad services that the maritime professionals were enticed to open. The internal threat of the cybercrime was related to the crew members, providers, and services provided within the maritime ports. The maritime professionals were, however, reluctant to provide the knowledge and intent of the attackers.
Most professionals avoided questions related to the matter due to their perception and ethical practices. From our assessment, the maritime professionals were constantly advised to avoid responding to sensitive and controversial issues that fuel unnecessary discourse affecting maritime sustainability. Cyber-attacks were mainly reported during the operational period when the majority substantially requested the services of the customers and providers. The difficulty of the cyber-attacks varied depending on the enthusiasm and the time necessary for its accomplishment. Maritime professionals had difficulties differentiating between malware, virus, worms, Trojans, spyware, spoofing, phishing, and ransomware. Malicious practices and codes were reported in various interconnected computers and services.
The maritime professional did not know any formidable software security necessary to mitigate the reported cyber issues. Lack of firewall security within the interconnected computer system in the ports increases the vulnerability of the systems to undergo attacks through the networks constantly. According to the responses, the most vulnerable systems in the maritime sector includes cargo and element handling systems, propulsion systems, power management, control machinery system; access control systems; passenger administration and management systems; and communication systems. The handling structures composed of the cargo loading and unloading belonging to the supply chain of ports and ships formed the main causalities and potential targets of the initiated cyber-attacks. Their vulnerability is increased due to good operational and synchronization of the loading and unloading of the ships and necessary compliance of the respective lines within the stipulated timeframe (Alcaide Jiménez & García Llave, 2020). The forms of the cyber-attacks manifested within the systems included: forgery and sabotage; falsification; piracy and robbery; demolition of the computer structure; alteration and modification; and deviation.
The use and introduction of the Artificial Identification System (AIS) significantly used and applied in the tracking and location of the ships worldwide escalated to the cyber-attacks issues due to the complexity of its electronic technology (Alcaide Jiménez & García Llave, 2020). AIS operates using a coordinated system of the Global Positioning System (GPS), exchanging data on the ship's position, course, and ships sailing and installations within a designated area (Alcaide Jiménez & García Llave, 2020). Hackers with abilities to penetrate a particular computer system and AIS technology through the introduction of the virus can sufficiently redirect and change the ship's course to their preferred location. Cyber attackers can damage and infiltrate data related to cargoes, dates, and delivery places.
Conclusion and Recommendation
In conclusion, the analysis of the threats to critical maritime infrastructure and the cyber-security in the study provides an insight into the dynamics of the vast maritime sector. The sector significantly exhibits vulnerabilities of the critical components essential for the continued operation of maritime activities. Understanding the level of cyber-attacks within the maritime sector presents a considerable challenge in instances where the depth of the issue remains increasingly unidentified. Innovation and invention within the digital era and continued post-globalization of the marine transport and systems, strengthening the resilience of the entire maritime system is required. Digital modification and the logistics chain of the diversified components in the maritime sector require sufficient consideration of maritime security and cyber activities. Modern operation and dispatching maritime cargoes have been instrumental in addressing late deliveries cases initially affecting the overall port's activities. The introduction of the firewall within the maritime system does not make the system immune to the potential threats instances. The maritime sector is occasioned with a wide gap between the practices of the stakeholders of the maritime industry and the existing vulnerabilities of the systems.
Unmanaged attacks are when the cargo companies or the systems and ship's data form main potential target areas that affect the directed attacks when the company or systems data are objectively intended to be infiltrated. Cyber-attackers occasionally introduce false signals that overlap with the actual ship's location or represent instances of nonexistent emergencies within the maritime. The increased application of technology in controlling navigation, engines, and cargoes is primarily aggravated by the circumstances. Intensified application of the technology in dynamic positioning, ship-to-shore interfaces, and passenger boarding system significantly escalated the cybercrimes.
The study escalated the discourse on the need to fully introduce and implement necessary measures to streamline and mitigate maritime threats. The approach to fully mitigate cyber security should be holistic, using every component of cyber security and interconnection of the cyber subsystems. Maritime professionals should understand the necessary steps to build a secured maritime domain by considering issues affecting the cybersecurity threat overall landscape. Scrutinizing the issues related to cybersecurity threats enables developers, policymakers, ship owners, and regulators involved to match the ideal policy lever within a particular maritime system effectively. Maritime stakeholders should intensify building cross-sector linkages through professional and international exchanges between the existing industries, academic expatriates, and government agencies. Stakeholders should design cyber-specific educational certifications to support new workforce initiatives and upskill attracting required expertise in the cyber-aware programs.
Improvement of the training and implementations of the innovative solutions enables the maritime professionals to become aware of the issues related to cybercrime. Stakeholders should actively seek ways to fully strengthen training levels within the maritime sector and the overall port interface connection within the supply chain system. Through the intention, the public and the concerned individuals interested or affected by maritime activities will understand the resilient agendas and possible development of cyber technologies to mitigate cyber-attacks. Within the digital world, reality and actual motives are largely infiltrated through different undetectable advanced security threats within the maritime application system. The shipping companies should constantly monitor the attacks, which enables the identification of the potential areas of cyber-attacks. Security on the external network connections should be constantly checked to evaluate the preparedness and laxity in incases of cyber-attacks. Critical maritime infrastructure depends on stable network connections. With the abilities of the attackers to effectively bypass the system and introduce viruses and malware, the system should be built to allow running using known application lists. Through such actions, suitable and reliable cybersecurity outcomes across the entire maritime sector will be attained.
References
Alcaide Jiménez, J. I., & García Llave, R. (2020). Critical infrastructures cybersecurity and the maritime sector.
Androjna, A., & Twrdy, E. (2020). Cyber threats to critical maritime infrastructure. Cyber Terrorism and Extremism as Threat to Critical Infrastructure Protection; Ministry of the Defence Republic of Slovenia: Ljubljana, Slovenia .
Hamza, F. R., & Priotti, J. P. (2020). Maritime trade and piracy in the Gulf of Aden and the Indian Ocean (1994–2017). Journal of transportation security , 13 (3), 141-158.
Kala, N., & Balakrishnan, M. (2019). Cyber Preparedness in Maritime Industry. International Journal of Scientific and Technical Advancements , 5 , 19-28.
Kim, S. K. (2019). Contemporary Piracy: Nature and Reality. In Global Maritime Safety & Security Issues and East Asia (pp. 148-195). Brill Nijhoff.
Knight, W. A., & Elmi, A. A. (2019). Combatting Piracy in the Horn of Africa Waters. In The Palgrave Handbook of Contemporary International Political Economy (pp. 485-500). Palgrave Macmillan, London.
Lindley, J. (2020). Responding to Somali piracy by providing sustainable alternatives: addressing the motivation to offend. Crime, Law and Social Change , 73 (5), 531-549.
Nichols, R. K., Ryan, J. J. C. H., Mumm, H. C., Lonstein, W. D., Carter, C. M., Shay, J., ... & Jackson, M. (2020). Maritime Cybersecurity [Nichols]. UNMANNED VEHICLE SYSTEMS & OPERATIONS ON AIR, SEA, LAND .
Pogrebna, G., & Skilton, M. (2019). Cybersecurity Threats: Past and Present. In Navigating New Cyber Risks (pp. 13-29). Palgrave Macmillan, Cham.
Siebels, D. (2020). Maritime Security in East and West Africa . Springer International Publishing.
Tam, K., & Jones, K. (2019). MaCRA: a model-based framework for maritime cyber-risk assessment. WMU Journal of Maritime Affairs , 18 (1), 129-163.
