There is no denying that threats accompany the op-portunities presented to the Philippine maritime industry, and these include cyberattacks.
As part of efforts to innovate, the sector has been using the internet and incorporating modern technology in its operations. Sure, they made things easier, faster and more convenient, but they came with some disadvantages.
Last November 21, the Maritime Industry Authority (Marina) issued a memorandum informing ship owners, operators and managers in Philippine-registered vessels about maritime cyber risk management in safety management systems. This is in pursuit of the International Maritime Organization’s (IMO) issuance of Resolution MSC 428, which promotes awareness of cyber risks and requires shipping companies to consider cyber security measures.
The memorandum aims to make enterprises and seafarers aware of these risks to ensure that their ships remain safe and secure. All firms with Philippine ships certified under the International Security Management Code are mandated to have cyber risk management as part of their vessels’ safety plans.
The functional elements and methodologies that companies will implement in their safety management system will be reviewed and audited no later than January 1, 2021.
Against the tides
Cyber threats have become a big issue these days, because almost everyone in the world can easily access information on the internet. It has opened a door for crimes that include phishing. This involves using fake e-mails to get personal information from internet users, steal identities, and hack, shut down or misuse websites or computer networks.
A cyber attack should be prevented. Such attacks have affected large countries and shipping companies. One was Maersk, which was badly hit by the NotPetya cyber attack in June 2017. It incurred losses amounting to P300 million because of that.
The attack started as a small virus planted in Maersk’s systems that soon monitored all the e-mails sent to and from people in the firm’s finance department. Once a fuel supplier sends an e-mail for payment, the virus changes the message and puts a different bank account number in it. As a result, payments were not forwarded to their rightful owners, but to the hacker.
Marina also experienced the same threat, although it did not cause major losses. In October 2012, Marina and the Maritime Training Council’s websites were hacked by the “Ablaze Ever” and “Teamr00t” cyber groups. They defaced the sites, bringing the agencies’ systems down and making them inaccessible for several hours.
During this time, the sites showed a black page, with a message about the hackers’ protest against the government. These events have been addressed and investigated properly to prevent similar assaults in the future. Although it did not cause too much trouble to the Philippine maritime industry, this only showed how much risk these attacks bring.
Besides causing major financial losses, cyber attacks can also create panic and danger.
What makes their systems vulnerable to hacking are the ship’s main navigation systems, which include the ECDIS, AIS and GPS, and which receive data transmission at sea. With these, anyone can make the ship change direction, as well as tap into, steal or change data inside the ship. Fortunately, advanced technologies and methodologies have been developed to address thesm.
In the United States, the Maritime Administration (Marad) has collaborated with other federal agencies to launch the Information Systems Security Awareness Computer-Based Training to combat cyber threats in the maritime environment. It has taught mariners, both vessel owners and operators, the practices that would help them reduce the risks associated with using information systems and devices.
This training includes educating them on the threats that come with using technology; maintaining network security; properly using computers in the workplace; creating secure passwords; and using Facebook and Twitter more efficiently. It also aims to enhance log-in policies and rules in working with classified information onboard.
One strategy that helped Marad was studying how hackers attack. As a result, they were able to implement preventive measures to minimize an attack’s impact. For example, some ships are turning off their AIS systems whenever they pass through waters known to have many pirates. Alternatively, they just fake their ship’s details, pretending that it is somewhere else.
Shipping companies should take cyber risks seriously. Extra effort and precautionary measures are needed in securing a safe network and telecommunications, both onboard and onshore, because these are vulnerable to data theft, fraud and piracy. Cyber security agencies have emerged in different parts of the world, and they can help the country’s maritime industry avoid cyber attacks.
The government has also been doing its best to provide secure and safe shipping opportunities for seafarers. Through proper training and the dissemination of information about cyberspace and the role of information systems in the maritime environment, cyber attacks can be minimized, if not avoided.