Maritime security is increasingly becoming impossible to achieve without ensuring cyber security, and the ability of states to protect their maritime assets and critical infrastructure against cyber attacks.

This was one of the conclusions from a recent workshop on developing a maritime security strategy for South Africa. The workshop was organised by Stellenbosch University, the Institute for Security Studies Africa, and United Nations Office on Drugs and Crime (UNODC).

Denys Reva, maritime researcher at the Institute for Security Studies Pretoria, highlighted the fact that 80% of South Africa’s trade is seaborne, and for all intents and purposes, South Africa can be seen as an island. “We are dependent on well-functioning maritime infrastructure, which needs to be protected, including from cyber threats,” he said.

The maritime sector is becoming increasingly vulnerable to cyber threats, as it digitalises. For example, ships are using Electronic Chart Display and Information System (ECDIS), GPS and remote engine and cargo control systems, while ports are going paperless, becoming automated and removing humans from the equation.

The container terminal at China’s Qingdao Port is fully automated, while South Korea’s Busan Port is using blockchain for logistics innovation, for example.

While only 53 of the world’s container terminals are automated (4%), the maritime sector is going digital and is on an upward trend in this regard. “What if someone tries to disrupt the technology, purposefully or accidentally?” Reva asked, as new cyber security risks and vulnerabilities are exposed.

In Africa, a cyber attack was only a matter of time, he said, citing the 2021 attack on Transnet, which disrupted not only local but regional trade. “It’s inevitable another attack will take place,” Reva believes.

“In 2020 alone there was an alleged 400% increase in incidents targeting the maritime sector around the world. We don’t know the real scope of the problem. Some cyber security reports suggest hundreds of thousands or millions of attacks.”

One of the largest cyber attacks to affect the maritime sector was the June 2017 NotPetya cyber attack. NotPetya was developed as a disk-wiping cyber weapon, disguised as ransomware, by the Russian military to destabilise Ukraine, but thousands of companies around the world were also hit.

It took Maersk more than 90 days to recover from the attack, which cost an estimated $350 million in damages. Maersk still being sued by some companies.

“We will all be victims of a cyber attack at some point,” Reva cautioned, and cited other examples, including the port of San Diego going offline for several days in 2018 due to a ransomware attack, and Israel’s disruptive cyber attack on Iran’s Shahid Rajaee port terminal in May 2020.

Cyber offers new opportunities for bad actors, Reva said, but Africa is in a privileged position as it is a lesser target at present and can learn from the experiences of other countries, but time is running out for this.

Source: https://www.eblueeconomy.com/cyber-security-becoming-integral-to-maritime-security/

A revolution is now happening in maritime domain awareness that will have a profound impact on maritime security in the Indo-Pacific. The Quad’s Indo-Pacific Partnership for Maritime Domain Awareness, announced at the leaders’ summit in Tokyo in May, will combine new satellite-based technologies with existing systems to help identify illicit maritime actors. This and similar initiatives will be provide a significant boost to the ability of many Indo-Pacific countries, especially small island states, to govern their waters.

Maritime domain awareness involves gaining situational awareness of the maritime environment, especially through an understanding of the position and intention of actors in a given maritime space. It is fundamental to understanding what’s out there, what it’s doing and what should be done about it.

But achieving maritime domain awareness involves overcoming major challenges in combining data from multiple sources into a single common operating picture that can be analysed and acted on.

Over the past couple of decades, technological advances have allowed data from multiples sources such as coastal radars, ships, aircraft and satellites to be pooled and analysed on a single platform, in close to real time. This often involves sophisticated and expensive sensors and computing technology, making it accessible only to large or wealthy countries. The necessary resources and technologies are often out of reach for many countries, effectively leaving much of our oceans as ungoverned spaces for illicit or other bad actors.

Recent years have also brought a proliferation of regional information fusion centres that pool data and analysis at a regional level. This can make considerable sense for many countries, but it can also come with its own sensitivities, including for smaller countries that aspire to exercise sovereignty over their own maritime jurisdictions.

Regional maritime law enforcement agencies can also directly access several web-based information platforms. The SeaVision system, for example, provided by the US Department of Transport, is used in more than 100 countries.

All of these system rely heavily on automatic identification systems, or AISs, which are transmitters required to be installed on most commercial vessels. That’s good for keeping track of legitimate or ‘white’ shipping, but is less useful in identifying vessels engaged in illicit activities. Illegal fishers, drug smugglers and other bad actors can go ‘dark’ by switching off or hacking their AIS systems so they can’t be tracked.

This big gap in maritime governance is being plugged. Under the Quad’s initiative, an enhanced version of the SeaVision platform will be offered to Indo-Pacific partners, allowing them to identify and track dark shipping. This includes radio frequency data from the commercial Hawkeye 360 satellite system that picks up electronic emissions (such as radar, radio and satellite phone signals) from vessels under its path. The SeaVision system compares that data with AIS data to identify vessels that have switched off or spoofed their AIS systems. Dark shipping can then be targeted for further investigation using other data sources.

Other satellite-based data is being progressively added to SeaVision to help identify the types and activities of dark vessels. This includes electro-optical imagery or synthetic aperture radar data, which can be used to build a 3-D picture of targeted vessels—helping authorities identify, say, a drug smuggling dhow or a mothership. Data from the Visible Infrared Imaging Radiometer Suite, a scanning radar that detects reflected light, can help identify illegal fishers, which commonly use bright lights to attract fish at night.

Some data, particularly from commercial sources, is expensive, but prices will likely fall as providers and users proliferate. Time lags in the acquisition and dissemination of satellite-based data (which may be 12 hours or more) will also likely be reduced to give end users a closer to real-time picture.

The US Coast Guard is offering an enhanced SeaVision product to five Southeast Asian partners in the first phase of the Quad initiative, although the cost of commercially sourced satellite data currently constrains the broader rollout of the system.

Competing platforms are offered across the Indo-Pacific by other players, including the EU’s IORIS system, the UK’s SOLARTA system and the not-for-profit Skylight system. These tools can provide specific options or features. For example, the IORIS system allows users to share data bilaterally with others rather than through a common platform. The Skylight system focuses on using artificial intelligence to analyse vessel behaviour such as ‘dark rendezvous events’.

Together, these enhanced web-based systems will be a game changer for many Indo-Pacific island states and others that struggle to police huge maritime jurisdictions with few resources. Giving them direct access to satellite-based data with AI analysis effectively democratises maritime domain awareness for many users, reducing their information reliance on large countries or regional fusion centres.

While information is a fundamental requirement in the maritime domain, national enforcement agencies will also require the ability to take action against illicit actors, whether by interdicting them at sea or by conducting close surveillance that allows vessels to be specifically identified for others to interdict, prosecute or make their activities public.

The Quad initiative, once fully rolled out, will be a major tangible demonstration of the value of the Quad in providing public goods for the Indo-Pacific—in stark contrast to China’s lack of interest in helping others to police their waters.

But information by itself is not enough. It must be complemented with cost-effective capabilities such as vessels and drones that allow smaller Indo-Pacific states to take action against illicit or nefarious actors in the maritime domain. This should include expanding Australia’s successful Pacific maritime security program to additional users and platforms.

Source: https://www.aspistrategist.org.au/new-satellite-based-technologies-a-game-changer-for-indo-pacific-maritime-security/