Maritime terrorism in Asia: An assessment

Abhijit Singh

This paper evaluates the possibility of an increase in maritime terrorist violence in Asia, based on a recounting and analysis of some of the most recent past incidents in these waters. It argues that the vulnerability of high seas shipping to criminal acts of violence and the weak and inconsistent nature of maritime governance raises the possibility of a terrorist strike in the Asian littorals. In assessing the odds of a major terrorist attack in coastal regions, the paper also explores the terrorism-piracy nexus and the state of port security in key continental spaces, highlighting measures to improve maritime readiness against acts of terror.

Introduction

In recent years, sea-borne terrorism has emerged as a major security threat in littoral-Asia. Since the November 2008 attacks in Mumbai—when ten Pakistani terrorists infiltrated the city from the sea, killing 166 people and injuring over 300—regional watchers have been wary of the possibility of another attack from the seas. Within India’s security establishment, the anxiety has been palpable. In November 2018, a few weeks shy of the tenth anniversary of the Mumbai attacks, intelligence emerged that Pakistan-based militant outfits Lashkar-e-Taiba and Jaish-e-Mohammed had been training their cadres to execute another strike on Indian ports, cargo ships and oil tankers.[1]Reportedly, Pakistani militant commanders had been training volunteers at modified training sites and canals in Lahore and Faisalabad for “samundari jihad” (seaborne jihad). Unlike 26/11, when terrorists had used the sea route to enter Mumbai and stage attacks on land targets, the plan this time around was to deploy trained jihadi divers to target an Indian or coastal facility.[2]

To read the entire paper, please click here.

Source: orfonline.org

Fight Against Pirates Making Ghana A Safe Haven For Vessels – Transport Minister

The Minister of Transport, Hon. Kwaku Ofori Asiamah, has said that government’s heavy investment in modern information systems and equipment to ensure the safety and security of Ghana’s territorial waters are already yielding results and boosting the image of the country.

For instance, he said the country through the Ghana Maritime Authority (GMA) has in recently acquired five speed boats and two search and rescue boats to ensure safety within the country’s maritime space.

To continue reading, please click here.

Source: peacefmonline.com

Iran releases images of damaged tanker

Following Friday’s (12th) reported attack on the Iranian oil tanker, MT Sabiti, the Iranian Oil Ministry has finally released images showing the damage to the vessel. The incident on Friday reportedly took place around 60 miles off Jeddah, Saudi Arabia, in the Red Sea as the ship reportedly transited towards Suez. The Iranian National Oil Company (NOIC) initially suggested that the ship had been struck by two missiles.

Iran accused Saudi Arabia of attacking the vessel, something which Saudi Arabia naturally denied.

The images released appear to show three holes above the water line. The impact caused a small oil spill which has now been sealed, according to Iranian sources. The US Navy stated on Friday that it was aware of the reports but had nothing further to add.

The incident remains extremely curious. Reports have also suggested that the Iranian ‘spy ship’ MV Saviz was seen close by the Sabiti following the incident. The vessel’s AIS appears to have been disabled shortly afterwards. According to Maritime Bulletin:

SAVIZ as of now, is full of arms and military equipment, plus her own 4 50-mm guns, surveillance equipment, special forces team and 3 RHIBs.

While it’s very easy to speculate as to who could have perpetrated such an attack and the motivation behind it, logic dictates that we await further information. Iran has announced an investigation into the incident, which may take some time to complete and is unlikely to involve independent inspectors.

Damage seen on MT Sabiti, images via Iranian Oil Ministry
Damage seen on MT Sabiti, images via Iranian Oil Ministry

Sensible Cyber Security for Maritime

By David Rider

In 2012, as piracy in the Indian Ocean began to wane, a number of private security companies began to transition from armed security services into other areas of business. For some, this meant moving into a general Risk area. Others, meanwhile, noticed that the shipping and port industries were slow to capitalize on the digital revolution and realized that those same companies were also exposing themselves, unwittingly, to cyber threats. The lack of expertise in the area allowed some companies to begin offering services and, in short order, the more traditional cyber security providers followed them in to the maritime domain.

Quiet on the Water

As of October 2019, to the best of my knowledge, there has not been a single, dedicated hacking attack against a vessel at sea by malicious actors. While there have been rumours – specifically one from an American telco provider in 2016 – that hackers have teamed up with pirates to track high value cargoes, there has been no firm evidence.

Equally, the dire warnings of ships having their navigation systems hacked so they could be directed to ports where pirates or criminal gangs could then ransack them have so far proven to be little more than interesting worst-case scenarios (I don’t even want to begin discussing the logistics of this, because they’re enormous and far outwith the means of most pirate groups).

What has been noted, however, is a rise in spear-phishing of vessels at sea. This has become an increasing problem and prompted the US Coast Guard – widely seen as being at the forefront of maritime cyber security – to issue a series of warning and advice notices in July 2019. They warned that emails purporting to have come from the US Port State Control authority were being sent to ships and disseminating malware throughout vessel systems. They reported that a merchant vessel bound for the Port of New York began to experience “a significant cyber incident impacting their shipboard network.”

An investigation found that, “although the malware significantly degraded the functionality of the onboard computer system, essential vessel control systems had not been impacted.” Additionally, and perhaps unsurprisingly, they noted that the vessel was, “operating without effective cyber security measures in place, exposing critical vessel control systems to significant vulnerabilities.”

While incidents like this are a genuine cause for concern, more commonly, the maritime domain has seen malware introduced into ship systems by crew and third party providers by accident. While these incidents have been, in some cases, hugely expensive to put right – any delay to a vessel costs money – they have so far fallen short of the scare stories suggested by some parties.

This is not to dismiss or minimise the threat of an actual, focused attack by an APT group on a shipping line or vessel. It could happen. Indeed, it probably will. But it hasn’t happened yet for a number of reasons, the main one being, Why? Why attack a ship? If we assume that most cyber attackers are criminal rather than terrorist or hacktivist, then the motives for attacking a ship at sea begin to fall away; there simply isn’t any profit in it, and return on investment is important to cyber criminals. It’s like mugging a bank teller rather than emptying the cash drawer.

The ongoing, real threat is and will always be found at a company’s head office. How the company deals with that will decide what any attacker does next. Outside the realm of hacktivism, criminals are looking for a payday, and that means they’re going to be looking for any vulnerability which can give them access to company bank accounts.

In the last few years, I’ve seen numerous reports of highly specific and convincing email fraud attempts against shipping companies, ports and ship brokers. In several instances, the hackers have infiltrated a company’s systems and then sat dormant, often for months, waiting for their opening. In one case, this involved sending spoofed emails to a client and redirecting payment of hundreds of thousands of pounds to the hacker’s bank accounts. Fortunately, thanks to quick-thinking staff, the fraud was discovered and the banks and police were able to stop the transfers. But this isn’t always the case.

Directed attacks remain a significant threat to any company, regardless of the business sector, and maritime is no different.

Shipping has so far managed to avoid the massive headline-grabbing attacks such as the $4.2 million stolen from an Oklahoma pension fund, or the $47 million initially stolen from networking firm, Ubiquiti in 2016, but the sector remains highly exposed due to a number of factors.

The Push for Efficiencies

As the maritime industry embraces digitization and the efficiencies and cost savings that come with it, security can often be taken for granted. Unfortunately, as those systems evolve, so do attackers. Their methods become more advanced and the paydays bigger. For example, phishing emails have been with us since the dawn of email. The question is how your company deals with them. There are a few questions you should ask yourself, or senior management:

• Does your company have a dedicated Chief Information Security Officer (CISO)?

• Are you a small organization reliant on third party software and consultants?

• Has your administrative staff been trained to recognize a phishing attempt?

• Are they aware of the risks of social engineering?

• Are they regularly updated with the latest threats and attacks in your sector?

If the answers to those questions are all Yes, then here’s another: does this extend to your crew on the water? Do your vessels employ specific measures to counter and combat attack or contamination?

Deep Fakes are Here

The persistent threat to most companies is the Business Email Compromise (BEC) or CEO Fraud. The good news is that it’s relatively easy to mitigate in most companies. The bad news is that it’s becoming highly sophisticated, thanks to ‘deep fakes’.

In September 2019, it was reported that a gang of cyber thieves had managed to steal $243,000 from a UK energy firm in a complex BEC attack that used an AI-generated voice of the company’s German parent firm’s CEO to authorize the transfer of funds. During the course of just three phone calls, the AI was convincing enough for the criminals to pull the fraud off. And, as the media reported at the time, “After the transfer, the funds were moved to Mexico and then to other countries, making the funds harder to track. No suspects have been identified.”

How would your company deal with such an incident? Are large financial transfers subject to face-to-face scrutiny with senior management? Well, they should be. You can no longer rely on a phone call or email to confirm that a transfer of funds has actually been authorized by senior management. Nor should you.

The threats to vessels at sea are more easily apparent. BIMCO has noted a number of incidents where malicious software was introduced to ship systems by accident, often by third parties contracted to check or even update specific bridge equipment, but crew introduction remains the more obvious route. Again, this is easily countered by enforcing strict protocols; blanking off USB ports and ensuring no crew equipment is plugged in to any ship computer systems being the most obvious. Again, training courses and refreshers should be offered to all crew, as well as more practical software protection.

Following the reported spear-phishing incidents this summer, the US Coast Guard suggested that basic cyber security practices be adopted by ships. These include:

• Implement network segmentation.

• Create network profiles for each employee, require unique login credentials, and limit privileges to only those necessary

• Be wary of external media

• Install anti-virus software

• Keep software updated

Basic, common sense moves designed to make breaking in to or disrupting your ship systems a little harder. Yet it’s surprising how few vessels adopt even these recommendations.

Mitigate and Educate

The good news is that over the last few years, maritime cyber specialists have entered the market and maritime cyber insurance policies have matured. Templar Executives, a UK cyber security specialist, teamed up with Wärtsilä to create the International Maritime Cyber Centre of Excellence (IMCCE), which consists of the Templar Cyber Academy for Maritime (T-CAM) and a Maritime Cyber Emergency Response Team (MCERT). Through its Cyber Academy, Templar now offers training for companies operating in the maritime domain, from C suites to crew and port officials, while the MCERT, with its 24/7 operations centre, is intended to share information on new attack vectors and prevent as many incidents as possible. As a result, it’s now being picked up by marine insurers, with Lampe & Schwartze in Germany partnering with Templar to launch a new Ship Owners Marine Cyber Cover.

The hope is that moves such as this will lead to companies reporting cyber intrusions and attacks in a timely manner. At present, there are no firm figures for maritime cyber security incidents; shipping companies are, in general, loathe to admit to them for a variety of commercial reasons. Anonymous reporting will certainly make that easier, as companies such as CSO Alliance hope. However, speed is key. It’s crucial that a company under attack share the information in order to allow others in the sector to bolster their own defences. In this case, sharing is definitely caring.

The Innocent Bystander

Of equal concern is the potential knock on effect from a wider malware attack. Few people in the maritime domain will be unaware of the NotPetya incident that affected Maersk in 2017. To call it massive would be an understatement. More worryingly, Maersk was simply unfortunate collateral damage in an attack that spread around the world and saw the company forced to rebuild its network of 4,000 servers and 45,000 PCs at a cost running into hundreds of millions of dollars.

The financial blow alone should be a salutary warning to most companies, but the fact that it happened as part of a domino effect should be more sobering. Your company doesn’t have to be directly targeted to be impacted.

Threat mitigation is good, but threat prevention is always better. These days, there are few excuses for any company not to adopt a robust cyber security policy for its land- and sea-based operations, particularly given the scale of the threat and its financial implications.

As the shipping industry begins to look seriously at the prospect of autonomous vessels, these same problems persist and insurance underwriters are already taking note. It will be interesting to see how the industry adapts to the challenges posed. The IMO will certainly be watching. As will the cyber criminals.

Autonomous Shipping – Cyber Hazards Ahead

By Jeffery Mayger

If autonomous vessels are the future of maritime shipping, then cyber threats may be its Achilles heel. 

Congested shipping, restricted visibility, limited maneuverability, and intensive docking activities all contribute to port hazards – 42 percent of EU reported marine accidents (injury/death/damage to ships) took place in port areas and 44 percent of workboat fatalities occurred on Tugs. Autonomous shipping should provide numerous benefits including increased safety by relieving crewmembers of unsafe and repetitious tasks. Yet, with cyberattacks threatening every industry, this nascent technology is a large target. If autonomous vessels are the future of maritime shipping, then cyber threats may be its Achilles heel.

To continue reading, please click here.

Source: marinelink.com

80 Countries Resolve to Tackle Maritime Insecurity in GoG

Eromosele Abiodun

Rising from a three-day Global Maritime Security Conference in Abuja, 80 countries have resolved to set up an Expert Group to implement the recommendations of the confab aimed at tackling piracy, maritime crimes and criminality in the Gulf of Guinea (GoG).

Addressing a media briefing to mark the end of the event, the Director General of the Nigeria Maritime Administration and Safety Agency (NIMASA), Dr. Dakuku Peterside, said the expert group won’t take more than three months to be in place.

To continue reading, please click here.

Source: thisdaylive.com

Icacos fishermen freed after US$13,000 ransom paid

by Sharlene Rampersad

Three fish­er­men kid­napped by Venezue­lan ban­dits and held for ran­som were re­leased late Wednes­day night af­ter US$13,000 was paid for their safe re­turn.

Fish­er­men Ramkissoon Har­richa­ran, 64, Car­lo Snei­der, 61, of Lovers Lane, Ica­cos and a 24-year-old Venezue­lan man iden­ti­fied as Amelto were re­leased by their cap­tors on Wednes­day night, shak­en but in oth­er­wise good health.

The three were snatched at gun­point around 7 am on Tues­day while fish­ing off Gal­fa Point in Ica­cos about half a mile from the shore.

To continue reading, please click here.

Source: guardian.co.tt

‘Explosion’ on Iranian oil tanker off Saudi coast – reports

An explosion has caused a fire on an Iranian tanker near the coast of Saudi Arabia, Iranian media say.

The vessel, from Iran’s national oil company (NOIC), was 60 miles (97km) from the Saudi port city of Jeddah when the incident took place, reports said.

The ship’s two main storage tanks were said to be damaged, causing an oil spill into the Red Sea, but no-one was injured.

NOIC claimed the vessel was hit by missiles, but did not provide evidence.

Iran’s national tanker company (NITC) said the fire had been put out and the oil spillage reduced to a minimum, according to the news site Iran Front Page.

Iranian state TV identified the ship as the oil tanker Sinopa. The maritime vessel tracking firm Tanker Trackers said the tanker was regularly used to ferry oil to the Syrian government, despite international sanctions.

The incident came amid heightened tension between Iran and Saudi Arabia.

Last month, 18 drones and seven cruise missiles hit a major oil field and processing facility in Saudi Arabia, which blamed Iran for the attack.

And US officials said Iran was responsible for attacks on two oil tankers in the Gulf in June and July, as well as attacks on another four tankers in May.

Iran denied involvement in all the incidents.

Source: bbc.co.uk

The ‘Sabiti’ oil tanker after the attack, on Oct. 11th Source: National Iranian Tanker Co.

Kidnappers now want US$20,000 for missing fishermen

POLICE on Wednesday confirmed that US$20,000 is now being demanded for the safe release of three Icacos fishermen who were abducted at sea on Tuesday morning.

But Sgt Rishi Ramsaran told Newsday, reports that relatives of the men were robbed when they went to pay the initial ransom of US$10,000 were untrue. “It was discovered that it is a hoax. But a family member reported that they received a telephone call that the captors increased the ransom from US$10,000 to US$20,000,” Ramsaran said.

To continue reading, please click here.

Source: newsday.co.tt