In the last issue of Calypso, we talked about the legal considerations and implications linked to the world of Maritime Autonomous Surface Ships (MASS).
This follow-up article will dig a little deeper into the related cybersecurity risks and issues, one of the key challenges that autonomous ships owners and operators will face as the MASS market entrenches itself into the wider maritime sector.
So far in Asia, China and Japan are the only two countries that have successfully built autonomous vessels. As technology advances and demand increases, legislation is left to play catchup.
Current regulations in Japan, for example, do not allow fully autonomous vessels to operate without someone on board. It is a critical ruling as, to date, there is little known about the full architecture of autonomous ships, and therefore the potential cyber threats and attacks have not been thoroughly assessed or addressed.
Maritime cyberattacks constitute an added complexity on top of traditional maritime threats such as piracy, maritime terrorism and accidents at sea. With it comes a host of cyber threats that have in recent years risen significantly. As of last year, cyberattacks on shore-based maritime related systems have risen nine-fold in the past few years.
The maritime sector is increasingly digitalised, automated and connected, and the requirement of cyber-physical interactions in autonomous ships are far heavier than in traditional shipping operations, cyber security vulnerabilities in autonomous ships are therefore more prevalent.
While there are opportunities for the maritime sector to build on cybersecurity lessons gleaned from these sectors such as the financial and energy, the complex operational technicalities and innate traits of the shipping industry also make it particularly challenging to build a robust cybersecurity framework.
Some of the types of cyber threats identified so far include fake global positioning system (GPS) signals or breaches in ships’ the cargo management system onshore or in the port infrastructure. It is crucial for ship owners and operators to understand which areas of operations are most susceptible, whether it’s their navigational systems, port operations, or shore-based management offices.
The portable nature of the shipping business also adds another layer of complexities. Communications as part of shipping operations are also impacted by new technology and public networks (4G, 5G or satellite), which means that maritime practices need to be adjusted to suit the environment and frameworks it is dealing with and that its policies and procedures remain resilient and are sustainable to evolving threats.
Cybersecurity policies and procedures will also need to take into consideration the adaptation to new and emerging digital technology. Blockchain and the Internet-of-Things are prime examples of that. As technology advances, so will the form of hacktivism. Cyberattack breaches have already evolved from phishing emails and will continue to take different and new forms, deepening the risks that will compromise vessel navigation and supply chains, causing significant financial losses.
Ultimately, the objective of autonomous shipping is to reduce costs and increase reliability but this will not be viable if reliability were to be compromised by cyber-threats. Financial losses, damage of goods and legal issues arising from cyber threats would ultimately impede the adoption of autonomous systems in the maritime industry.
Players can get ahead of potential cybersecurity pitfalls by assembling the right team of advisors. Ahead of cyber breaches, shipping companies can assemble the right advisors to with help devising a plan to prevent and actively defend against risks. This should include reviewing your vessel’s cybersecurity seaworthiness, cyber exposure, and monitoring, and mitigating those risks.
For further information, please contact:
K. Murali Pany
JTJB Singapore Office