Defining Threats and Finding Solutions for Cyber Attacks

While physical threats to international sea and air cargo gateways have been top of mind ever since the events of 9/11, security analysts say more attention should be given to reduce exposure to internet penetration and hacking attacks. Should existing cyber security processes be compromised, they add, a cascading effect might be created, thereby disrupting huge segments of any given supply chain.

Ocean carrier cyber-security is “full of holes,” says Lars Jensen, founding CEO of CyberKeel – a Danish consultancy focused on maritime risk mitigation.

“We conduct a very basic review of cyber-security on carrier websites, and find indications that 16 of 20 carriers have serious security gaps,” he adds.

A new report – Maritime Cyber-Risk – provides details on what he sees as the three main motivations for recent attacks: money, cargo, and exclusive market intelligence.

“Most shipping stakeholders still feel that this is almost an invisible industry,” say Jensen. “Furthermore, those who do not live near a major port facility may not be aware of just how vulnerable our sector is in regard to threats and actual violations of a very fragile safety net.”

He explains that because there's a crucial need for exchanging information across multiple platforms, the exposure to risk is significant. For example, a single shipment of a container will likely involve data transfer between 5-10 different stakeholders including the shipping line, origin port, destination port, shipper, consignee, customs authorities, trucking company, data portal intermediary and banks.

“These stakeholders will have different backend systems offering various levels of protection. It's important to realize that The information will be quite detailed and hold value to a number of criminal or terrorists, should they be able to access it.”

Jenson observes that large monetary transfers take place involving a number of players in the supply chain. Typically, these could be payments by shipping lines to bunker companies, shipyards or vessel owning companies as well as freight payments from shippers to liners and vessel owners.

“Many shippers, who are involved in the financial and operational chain, are scattered across multiple different countries and time zones,” he adds. “This means that parties often act ‘asynchronous' without necessarily having real time conversations. As a consequence, any duplicity will thus take some time to discover.”

SC
MR