In last couple of years, Nigeria’s Maritime Sector consciously began to move from operating a core analogue system to a digital one. As much as this metamorphosis is applauded for the many advantages of Information and Communication Technologies (ICT), one wonders how aware the sector is of the challenge of cyber vulnerability.

 

ICT is the road taken by modern businesses in developed countries. Where employed, it speeds up time of transacting business, eliminates or rather reduces human interaction, checks revenue leakages thereby increasing revenue generated.

 

In going digital, the Maritime sector in Nigeria has almost phased out manual documentation and payment systems. It has also employed the use of latest technologies for the monitoring of ships, channels and the waterways. But as good as this sounds, the question on how foolproof those technologies are can no longer be ignored. Treating cyber security with kid’s glove would only be detrimental to the sector. It is on record that the Intranets and firewalls of some of the foremost maritime organisations have been by passed by hackers. Where digital platforms are attacked by cyber criminals and information on ships calling at ports, navigational details as well as payment schedules are exposed, the consequences can be grave.

 

 

August 18, 2017, BBC reported hacking incidents in the shipping sector. Hackers now target ships; where they find loopholes, they plant viruses which enable them “monitor all emails to and from people in the finance department” (of shipping firms/organisations), we are told. One of the most serious cyber-attack cases so far experienced is that of the global shipping conglomerate –Maersk.

 

The company disclosed that the NotPetya Cyber-Attack cost it as much as $300 million (£155 million) in profits. Experts who have analyzed the event suspect failure to upgrade the security software as at when due as the reason the firm could be assessed.

 

January 2018, Naval Dome Ltd., an Israel based company specializing in maritime cyber defense solutions conducted an exercise in which they hacked into “live, in-operations systems used to control ships’ navigation,  radar, engines, pumps and machinery” of ships to prove their cyber vulnerabilities. The test “revealed the ease with which hackers can access and override ships’ critical systems”, Sea Technology reported.

 

Since 9/11, maritime sectors of the world have been on alert. Cyber Security should be seriously handled even in Nigeria. All back channels to the operational system should be guarded. Here a few suggestions for cybersecurity in the maritime sector by Pen Test Partners senior partner and ethical hacker Ken Munro.

 

  • Make sure your satcom system is not on the public internet
  • Change the manufacturer’s default passwords on your satcom system
  • Update the software on your satcom system
  • Separate your onboard bridge, engineroom, crew, wifi and business networks
  • Secure USB ports on all ships systems
  • Check all onboard wifi network passwords
  • Do not rely entirely on technology for safe navigation. GPS can be spoofed, ECDIS positions can be manipulated and even synthetic radar can create false reports when hacked. The human eye must be employed to ensure the situation outside the bridge reflects what the technology reports.
  • Teach your crew about cyber security. Use resources such as Be Cyber Aware At Sea. And keep training your crew.
  • Ask for proof from your technology suppliers that they are cyber secure
  • Get a vessel security audit

 

 

Written by Ezinne Azunna

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *