India has a huge coastline of 7516.6km comprising 13 major ports (including one private port) and more than 200 minor ports across the coastline. It is a very known fact that the maritime sector is very crucial for India’s security, stability, economy, and sustainable development. India conducts around 70 percent of its total trade by value through the sea. India is strategically placed in the Indian Ocean, which gives it greater access to trade with the world’s major shipping routes. India’s seaborne trade has grown at a rate that is twice the 3.3% rate experienced globally. India is now focusing on strengthening its maritime sector through the upgradation of safety and security standards at the ports, enhancing port capacity and operations, and automation. It is placing emphasis on automation and technology upgradation through projects like SAGAR and Sagarmala. With digitalization in place in almost all the port operations and in the surveillance of the maritime waters, as shown in figure 1, the maritime domain is vulnerable to cyber threats ashore and afloat.
Figure.1 Technology in the Maritime Sector
With Information and Communication Technology (ICT) coming into use, increasing reliance on seaways, and the growing importance of the data as a weapon in the hands of the state, all these pave the need for better cybersecurity management systems in the maritime sector.
The maritime business, its ships, and its cyber environment are all protected by a variety of tools, policies, security concepts, safeguards, guidelines, risk management techniques, actions, training, best practices, assurance, and technologies.
Maritime cyber risk can be referred to as the extent to which the technology in use could be attacked, that could result in the loss or compromise of information.
Pirates and opposing nations have been a menace to the maritime transportation business for thousands of years, but as the sector has developed and technology has been more thoroughly integrated for enhanced efficiency, so too has the magnitude of possible cyber threats. Now, even using something as simple as a USB flash drive, or even an unsecured Wi-Fi, the hacker can get access to the critical systems of the vessel, thereby obstructing the entire port operations. For example, a suspected ransomware attack on the Management Information System (MIS) crippled the operations of the Jawaharlal Nehru Port, Mumbai, in 2017 and again in 2022.
Though the primary motive behind cyber threats is profiteering, there are several aspects that motivate a cybercriminal to conduct a cyberattack on the port or vessel operations. This includes espionage, activism, terrorism, warfare, and others.
The various kinds of cyberattacks on the maritime sector involves malware, trojans, botnets, advanced persistent threats, ghost shipping attack, cryptocurrency hijacking, and other. In addition to these cyber threats, the maritime domain is vulnerable to cyber terrorism as well. The awareness in the maritime sector over cyber terrorism is very minimal or negligible, with very little emphasis given to it. Chinese cyber activity is a major security threat to India. China is also using cyber technology in its South China Sea Anti–Access/Area Denial (A2/AD) strategy. The A2/AD strategy denies freedom of movement and navigation to rival powers by increasing defense systems that threaten their ships/submarines.
The technologies like the Automatic Identification System (AIS), ECDIS, GPS, information systems, Industrial Control Systems, and other operational technologies have played a crucial role in enhancing the efficiency of port and vessel operations. Nevertheless, these technologies are of no exemption to cyberattacks as every technology comes up with its own loopholes. For example, the adoption of AIS is compulsory for any vessel to ensure its safe navigation, but as it is unencrypted and unauthenticated, the maritime sector is vulnerable to spoofing, water holing, social engineering, and other cyberattacks. It is also important to identify the human role in operating such technologies, as it is noted that human error and equipment flaws are primary reasons behind the success of these cyberattacks.
Maintaining the integrity of supporting systems, protecting ship systems from physical assault, and making the maritime sector resilient to both internal and external threats are all critical. Protection from various cyberattacks is necessary to prevent a breach of the network and its systems. Proper countermeasures and in-depth defense strategies must be deployed for each attack to prevent an attack from taking advantage of a flaw or vulnerability in the technology.
Primarily, it is important to promote awareness among the staff or the crew to identify cyber threats and on responding to such threats and, for example, alerting the officials if any malicious or unusual mail or notification is identified in the system.
Block chain technology can be an efficient solution as it allows for a continuous monitoring system and provides real-time status on the ship’s security. It also enables secure communication and storage of data in the control centers. It helps in avoiding loss of data and data modifications by unauthorized users.
The AIS and GNSS systems must adopt encryption and authentication measures which are given zero attention to this date.
With the vast coastline, it is not possible for India to secure the coastline through manpower. Israel based startups, in order to effortlessly secure the maritime IoT ecosystem, Cydome Security offers a cyber solution to handle this precise problem. The company’s solution is intended for systems with links to coastal infrastructure as well as guidance, sensors, control, and command.
Fighting fire with fire is one way that organizations can aid in stopping such intrusions: AI-driven security systems can successfully foresee and thwart AI-driven threats in real-time with appropriate data.
It is crucial to note right away that there is no magic solution for marine cybersecurity. An interconnected era has been retrofitted with a history of outdated shipboard equipment, leading to a shattered and vulnerable maritime environment.
It is in India’s interest to take a leading role in negotiations and developments with global countries, given its crucial position in the Indian Ocean Region and the need to protect itself against China’s growing threat in that region. In order to take shipping on to the next level of connectedness, strong cybersecurity is imperative.