In the 21st century threats to the security and logistics of all industries have changed, although the physical infrastructural threats remain, a new threat has crept up on us from the cyber world. The internet has offered the criminal world new access to information and resources, functioning as a way to silently steal confidential information, materials and even identities.
With the growth of reliance on information technology in ports, from the development of autonomous machinery to the handling and processing of massive amounts of data every day, comes the growth of the threat of infiltration of these systems.
There is also the very real possibility that port servers can be hacked to gain access to shipping and cargo data, aiding piracy and putting cargo and personnel at risk. With data available for arrivals, contents of cargo, shipping routes and crew members, planning the hijacking cargo vessels becomes a real possibility for criminal groups.
PTI recently spoke to Captain Rahul Khanna, Global Head of Marine Risk Consulting at Allianz, and he explained what he believed were the biggest obstacles for cyber security and shipping: “We have already seen in the last few years some cyber breaches of port security systems, a couple of instances where particular containers or cargo have been targeted or even removed from the system because they contained some contraband or suspicious objects.
“There is a key difference between shipping and ports, from a cyber-security perspective ships are less vulnerable than ports, they are not reachable through a direct line or through the internet. Their systems are not inter-connected like you would have in an average port.”
One of the main problems Captain Khanna believes is that awareness is poor “…in spite of these instances where cargo has been tampered with, I think the seriousness of the situation is not fully understood.”
The first and easiest tactic to tackle cybercrime is to raise awareness of the risks amongst port and terminal companies. Alongside encouraging the distribution of information, which the industry does continually, there must be the distribution of information regarding the risks that come with this and how to protect yourself and your company.
“Ports and shipping can be a very high value target,” Captain Khanna continues, “with some very serious consequences.”
The highest volumes of container traffic in the world go through the Port of Shanghai in China, where 35.29 million TEU pass in one year alone. Using Shanghai as an example, the loss of systems for any period of time means data cannot be analysed and cargo weights cannot be logged, as well as the hacker having access to possibly sensitive data and logs, meaning the disruption or consequences of theft could be devastating.
Further, it is not just harmful for the port or shipping company itself – with LNG being transported more and more, thefts could quickly become dangerous.
Captain Khanna said: “Theft is one of the big issues, you can have high value cargo stolen, or worst case scenario you can have sensitive cargo like weaponry or chemical cargos that can be used for terrorism.
“Although ships are less vulnerable and physical security measures are in place, if captured or hacked the damage to ships can be the most devastating”
The BBC reported back in 2013 that cybercrime in ports was becoming more and more frequent with prevalence to organised crime and trafficking: so why doesn’t it seem to be high on anyone’s list?
“One of the big problems,” Captain Khanna explains, “is that a lot of companies who get attacked do not report it because of the reputational damage it can cause, the scale of the problem is misleading if you only go by statistics.”
One of the security measures that should be put in place by all is the continual and regular use of white-hat hackers (hired specialist hackers who can pick up threats) to pressure test the security systems to point out vulnerabilities in the system.
“Pressure testing of the system should pretty much be done by each and every port, and based on that contingency plans should be prepared by them for a breach if it takes place,” Captain Khanna states, “I think some ports have done this but there are still places where this is being discussed and not implemented.”
What the port and shipping industries clearly need is the creation of a cybersecurity culture within the industry, not in just reporting crime at the port authority level but nationally and internationally through conglomerate organisations. A standard of security should be set, implemented and held across ports and shipping so that despite advancements in criminal technology there is a common understanding and defence against the effects of cybercrime.
Further Reading; Cyber-security, Security.