Abstract

Piracy on high seas is a serious issue that has been around for centuries. If you think Blackbeard was a nightmare, today’s pirates are just as innovative in the tactics and technologies they use as they were in historic times Where once the likes of Henry Morgan, Captain Kidd and Blackbeard boarded ships and stole cargo, the modern-day pirate relies not on a cutlass but on hacking skills to obtain more ill-gotten gains than Blackbeard could ever have dreamed of. Modern pirates operate now mostly in a closed room rather sailing for months for bounty. Unlike olden times today’s pirates choose their targets, organize their attack plan and execute. All these are possible of the modern-day tech, which helps these pirates to have a much-targeted approach on a very large scale of area. Modern piracy is an organised and very well connected and targets cargoes and shipment of very high economic, political and geopolitical value, thus posing a huge threat to the world’s largest trade and commerce. These have a very over whelming high price on black market and these black-market trades funds the organisations other agendas, such as funding for spreading violence and terror internationally. All of these only conclude that piracy is a huge part and parcel of terrorism, if not yet it will be in the near future.

Introduction

[1] With the advent of modern technologies such as Industry 4.0, pirates have become more sophisticated and are using data-driven cyber technology to terrorize the high seas1. High-tech vessels can cost over $200 million to build, making them valuable assets in themselves. Once the value of cargo is factored in, which could be up to $100 million in crude oil, or 1,200 luxury cars worth $53 million, it’s easy to see why cyber piracy is appealing to criminals Pirates’ interest in cyber tools is in part because of the interconnectedness of shipping with the global internet. Today, the world’s 51,000 vessels that carry around 90 per cent of the world’s freight are equipped with modern technologies such as industry 4.0, which are vulnerable to a range of hacking incidents. These incidents include the ghosting of GPS systems, taking over of command-and-control systems, disruption attacks, ransom ware and even cyber commercial intelligence gathering.

Cyber terrorism is the use of the Internet to conduct violent acts that result in, or threaten, the loss of life or significant bodily harm, in order to achieve political or ideological gains through threat or intimidation. Acts of deliberate, large-scale disruption of computer networks, especially of personal computers attached to the Internet by means of tools such as computer viruses, computer worms, phishing, malicious software, hardware methods and programming scripts can all be forms of internet terrorism and Cyber terrorism can be as easy as transmitting information on the Internet at a particular moment about potential bomb attacks. Cyber terrorism is a personal, political or social gain by using computers and networks to threaten and compel a person, organization or even a government [1]

[2] A faster ship and better weaponry won’t avert cyber-attacks nor keep crews safe; today’s piracy is conducted behind closed doors from thousands of miles away. As with many industries across the globe, the rapid digitalization of both its operations and information means the shipping community is facing a new threat. This digital transformation brings many benefits and advantages, but if the right steps are not taken to ensure ships’ security, it can be easily exploited by negative actors [2].

[3] Since the terrorist attacks on US 2001, security has become a major issue confronting the maritime world. The International chamber of shipping and the International Shipping Federation, supported by the Round Table of shipping industry organizations and by seafarers’ union continue to encourage diplomatic solutions to these problems but for the foreseeable future it is unrealistic to suppose that armed and directed attacks on ships and the shipping industry with the help of modern-day cyber technology can be eradicated by diplomacy without taking proper steps for prevention.

Scott Bough, executive director of the Centre for Cyber Defence & Forensics, based in Ohio, estimates that, “a successful cyber-attack may cost the equivalent of losing one or two ships for a shipping firm”.

Meanwhile, Lloyd’s of London has warned that a serious cyber-attack could cost the global economy more than £92bn. The potential economic impact of cyber disruptions or theft on ships, ports, refineries, terminals and support systems could run to hundreds of billions of dollars.

Indonesia's 17,500 islands and their surrounding waters now take the title as the world's most heavily pirated area in the world. These increasing piracy gives rise to organised crime and terrorism. It is time to understand that most maritime pirates are no longer just sailing the seas looking for vessels to board and rob. Instead, they are sitting at computers in some office thousands of miles away. Piracy has gone high-tech, and they are looking for vulnerabilities. In fact, instead of the sword or machine gun, they are hacking into merchandise details including bills of lading, to see which vessels are scheduled to carry it. Then, they will send traditional pirates to board the vessel, take the crew hostage and locate what they are looking for via a barcode reader. They will steal what they want and leave, just like when shoplifters go to Tesco or Sainsbury’s [3].

Modern Piracy: an ugly side effect of digitization

[4] In the recent past, most ocean-going vessels operated with isolated dedicated industrial control systems with customised network protocols and a virtual absence of security systems within the systems used on board. This lack of security did not matter much as physical security of the endpoints and communications were good. Threats were uncommon. But in today’s scenario, things are very different. Vessels are equipped with a whole range of electronic equipment for navigation and command-and-control systems interconnected to the global internet via satellite. The satellite communication terminals are easily hacked by hackers. All this, plus the crew’s access to the internet, means that vessels’ on board equipment with connected and automated systems are making them especially exposed to attack, both internally and externally.[4]

[5] There are many access points for cyber pirates to take control of the vessels’ systems. These include all the points where the devices and equipment are interconnected and share data. In fact, according to a recent survey by Futurenautics, over 6,000 active seafarers claimed to have been the victim of a cyber-attack because of a lack of cyber-security precautions by staff.

These cyber-attacks either on vessels or on shore terminals can have very devastating effects on trade and may lead to sabotage, stealing of cargo and valuable data. A ship’s navigation system is crucial to its operations and is also the most vulnerable to cyber-attacks like spoofing, because it is based on an electronic chart display and information system (ECDIS), along with inputs from satellite positioning systems such as GPS and from AIS.[5]

By attacking and controlling such points, these masked pirates will therefore not only exploit the vessel but also the company and may even gain access to all other valuable resources and data that is needed to keep business afloat. Developing flexibility and innovation while maintaining a secure and compliant ecosystem is tricky.

[6] Maritime terrorism may be defined as “the undertaking of terrorist acts and activities within the maritime environment, using or against vessels or fixed platforms at sea, or in port; or against any one of their passengers or personnel, against coastal facilities or settlements, including tourist resorts, port areas etc and is largely connected to cyber technology and maritime piracy.[6]

[7] In recent years, sea-borne terrorism has emerged as a major security threat in littoral-Asia. Since the November 2008 attacks in Mumbai—when ten Pakistani terrorists infiltrated the city from the sea, killing 166 people and injuring over 300—regional watchers have been wary of the possibility of another attack from the seas. Within India’s security establishment, the anxiety has been palpable. In November 2018, a few weeks shy of the tenth anniversary of the Mumbai attacks, intelligence emerged that Pakistan-based militant outfits Lashkar-e-Taiba and Jaish-e-Mohammed had been training their cadres to execute another strike on Indian ports, cargo ships and oil tankers. Reportedly, Pakistani militant commanders had been training volunteers at modified training sites and canals in Lahore and Faisalabad for “samundari jihad” (seaborne terrorism). Unlike 26/11, when terrorists had used the sea route to enter Mumbai and stage attacks on land targets, the plan this time around was to deploy trained jihadi divers to target an Indian coastal facility.

The anticipated assault did not happen. Yet the speculation that surrounded its possible occurrence underscored the psychological grip of terrorism over the minds of Indian security watchers and strategic planners. Indian fears seem partly driven by events in Pakistan, where there have been two major militant attacks on naval installations in recent years. In May 2011, the Tehrik-i-Taliban Pakistan (TTP) and Al Qaeda attacked PNS Mehran, the headquarters of the Pakistan Navy’s air arm and the most populous Pakistani naval establishment. Although the attack was not strictly “maritime” (as it neither came from the sea, nor targeted maritime assets), it was seen as an escalation by terrorists against a seagoing force. In September 2014, when Al Qaeda attacked Karachi, it set off alarm bells in New Delhi, leading many to seriously consider the possibility of a terrorist attack in India’s near-seas.

A similar trend of maritime piracy and terrorism is on rise in southeast Asia. A group by the alias Abu Sayyaf, which is speculated to have huge connections with the ISIS, is the major player in this area. The ISIS has also made its presence felt in West Asia and North Africa, where rebel Houthi forces have intensified their attacks on naval and civilian targets belonging to the Saudi and Emeriti coalition in the Red Sea. If we look at the statistics, the time frame, and the intensity of these attacks, we can see a pattern of organised crime.[7]

[8] In 2013, a failed attempt at digital piracy occurred when a Dutch drug ring used a group of Belgian hackers to reroute two tons of cocaine and heroin into their waiting arms. These hackers were able to gain remote access to the computers of two different shipping companies. Here, they then rerouted the containers into the port of Antwerp, Belgium, for a convenient pick-up. Instead of the usual transportation company, the drug runners showed up, ready to haul away their prize – worth more than $1.7m. But police caught them before they could carry out their devious plan.

Another widely reported incident of cyber disruption occurred in 2017. Here, a master of a ship positioned off the Russian Black Sea port of Novorossiysk, noted that his global positioning system placed his ship over 32km inland, at Gelendzhik Airport. The AIS (automatic identification system) used to track vessels also placed at least another 20 ships at the same airport in this incident.

The 2017 Not Petya cyber-attack proved how disruptive a breach can be to the global shipping industry. Maersk, the world’s largest container shipping firm which transports 15% of global trade, was an unintended victim of a malware attack spread through accounting software.

The firm was effectively shut down: with 50,000 machines and thousands of applications and servers infected across 600 sites in 130 countries, Maersk had to operate manually for 10 days while it invested in 4,000 new servers, 45,000 new PCs and 2,500 applications. The final tally for Maersk’s losses was an estimated $300 million and major delays for goods around the world.[8]

Ports in particular have inherent security vulnerabilities: they are sprawling, easily accessible by water and land, close to crowded metropolitan areas, and interwoven with complex transportation networks. Port facilities, along with the ships and barges that transit port waterways, are especially vulnerable to tampering, theft, and unauthorized persons gaining entry to collect information and commit unlawful or hostile acts.

Almost 90% of world’s trade and industries rely on sea freight. From cars, components, and clothing, to oil, chemicals and machinery, most organizations will have shipping somewhere in their supply chain. However, increasingly digitalized ships are opening supply chains up to a new threat, the threat of cyber piracy.

Today, the shipping industry has to adopt an ever more advanced technology to ensure the safety and punctuality of valuable freight and to protect itself against the increasing numbers and kinds of cyber-attacks.

[9] The root cause this chain of organised crimes, linked with terrorism, is successful in its agenda is mostly because of poverty and world hunger. The Gulf of Guinea is a classic example. Piracy and armed robbery are not seen as an illegal action here, rather as a common job, where anyone enters. Hunger and poverty drive these coastal communities into illicit activities. Environmental degradation and loss of biodiversity are further impacting lives and livelihoods, fueled by climate change and made worse by illegal, unreported and unregulated fishing which deprives those coastal populations of their means of food and livelihood. This creates hunger, underemployment and unemployment among such populations, pushing them either to join criminal gangs with promises of quick rewards for illegal activities or to embark on the risky journey across the Mediterranean to Europe.

Piracy and incidents of maritime crime tend to be concentrated in areas of heavy commercial maritime activity, especially where there is significant political and economic instability, or in regions with little or no maritime law enforcement capacity. Today’s pirates and criminals are usually well organized and well equipped with advanced communications, weapons, and highspeed craft. Just as the world’s oceans are avenues for a nation’s overseas commerce, they are also the highways for the import or export of illegal commodities. Maritime drug trafficking generates vast amounts of money for international organized crime syndicates and terrorist organizations. Laundered through the international financial system, this money provides a huge source of virtually untraceable funds.

These monetary assets can then be used to bribe government officials, bypass established financial controls, and fund additional illegal activities, including arms trafficking, migrant smuggling, and terrorist operations. Further, these activities can ensure a steady supply of weapons and cash for terrorist operatives, as well as the means for their clandestine movement The capabilities to board and commandeer large underway vessels – demonstrated in numerous piracy incidents – could also be employed to facilitate terrorist acts.

Terrorists have indicated a strong desire to use WMD (Weapons of Mass Destruction). This prospect creates a more complex and perilous security situation, further aggravated by countries that are unable to account for or adequately secure their stockpiles of such weapons and associated materials. This circumstance, coupled with increased access to the technology needed to build and employ those weapons, increases the possibility that a terrorist attack involving WMD could occur. Similarly, bioterrorism appears particularly suited to use by smaller but sophisticated groups because this tactic is exceedingly difficult to detect in comparison to other mass-effects weapons.

Terrorists can also develop effective attack capabilities relatively quickly using a variety of platforms, including explosives-laden suicide boats and light aircraft; merchant and cruise ships as kinetic weapons to ram another vessel, warship, port facility, or offshore platform; commercial vessels as launch platforms for missile attacks; underwater swimmers to infiltrate ports; and unmanned underwater explosive delivery vehicles. Mines are also an effective weapon because they are low-cost, readily available, easily deployed, difficult to counter, and require minimal training. Terrorists can also take advantage of a vessel’s legitimate cargo, such as chemicals, petroleum, or liquefied natural gas, as the explosive component of an attack. Vessels can be used to transport powerful conventional explosives or WMD for detonation in a port or alongside an offshore facility.[9]

Cyber Security in Maritime Sector

Proactive cyber-security measures include a mix of corporate culture, hardware and software policies and approaches. To protect against a cyber-attack, owners of vessels are investing in anti-hacking security products from providers such as James Fisher Mimic, Gatehouse Maritime and SRT Marine Systems. These companies produce and market cyber surveillance systems that detect and respond to an incursion or hack and restore the ship’s functions. These security systems packages watch internal and external network traffic with IDS (intrusion detection systems) and protect against entry with IPS (intrusion prevention systems).

To protect against a cyber-attack, owners of vessels are researching and investing anti-hacking security products from providers such as James Fisher Mimic, Gatehouse Maritime and SRT Marine Systems. These types of companies produce and market cyber surveillance systems that are programmed for detecting and responding to an attack on the ships system. These attacks generally include an incursion or hack. This software detects cyber-attacks and protect the ship’s functions and systems by tracking internal and external network traffic with IDS (intrusion detection systems) and protect against entry with IPS (intrusion prevention systems).

These programmes increase the ship’s network security by a tremendous amount. Detection in these systems is based on recognising assigned signatures and identifying interlopers. This is combined with installation of next-generation firewalls, which feature artificial intelligence and machine-learning capabilities, to recognise patterns and find anomalies to help warn and block the effects of a cyber-attack thus protecting the ship’s valuable data.

At a global level the shipping industry’s regulator, the International Maritime Organisation (IMO), is taking cyber threats to the sector very seriously. In June 2017, the IMO’s Maritime Safety Committee adopted Resolution MSC.428 (98) on Maritime Cyber Risk Management in Safety Management Systems. This resolution, which was to be implemented by 1 January 2021, introduced regulatory measures to “make sure that cyber risks are addressed in existing safety management systems (as defined in the International Safety Management Code).

Drafting of new legislations are in progress which most likely may have a requirement that ships are to be issued with cyber security certificate by n authorized body or a flag or a port state. In this regard the EU has taken the first step with introducing the General Data Protection Regulation, which applies to all commercial firms including shipping companies. These developments illustrate an increasing recognition of the potential and seriousness of maritime cyber-attacks and the priority now being given by the industry and regulators to invest in proactive cyber-security measures.

[10] It is too often perceived that cyber security mainly applies to our governments and specific industries such as financial, pharmaceutical and energy. However, there are many fascinating discussions on the cyber security threat landscape for 2021 for various industries. Verizon’s 2019 Data Breach Investigations Report revealed that 43% of all cyber-attacks were aimed at small businesses while the 2020 report identified that 70% of breaches were from external actors. One recent article by the World Economic Forum highlights how “COVID-19 is accelerating the digital transformation of business, especially retail, education and healthcare” requiring “Rapid, unplanned digitisation increases the risk and impact of cyber-attacks” from leaders who must take “a systemic approach to cyber security” with short, medium to long-term plans.

Organisations continue to implement key strategic and often dramatic or innovative decisions to sustain their activities. As a result, it is crucial to chart the course of an effective cyber security roadmap that encompasses strategic and operational leadership to prevent becoming lost at sea and to answer some of these critical new challenges.

Companies spend millions of dollars on firewalls, encryption and secure access devices, and its money wasted; none of these measures address the weakest link in the security chain. Organisation must recognise that cannot protect it all”, it must agree to which assets are to be protected, and how.

A vital starting point to establishing a cyber-security roadmap is to evaluate how the cyber security threat landscape and industry trends affect your organisation from strategy to operations — your security chain. A risk-based assessment is an effective approach to help your organisation to identify its strengths, weaknesses, risks, and critical issues to proactively prioritise, plan and maximise the added-value of cyber security decisions and investments.

While most organisations do plan protective and proactive monitoring to prevent internal and external threats, your organisation must prepare for an attempted, or worse, a successful and undetected attack. Trying to play catch-up with Cyber attackers has often proven to be highly inefficient. As Robert Mueller — ex-FBI Director “There are only two types of companies: those that have been hacked, and those that will be”.

The Cyber Security roadmap should focus on unifying technologies, governance and people to develop standards that are anchored into the cultural foundations and values of your organisation. Adopt industry recommended practices and deploy the critical disciplines of Zero Trust, Identity and Access Management (IAM), Privilege Access Management (PAM), Multi-Factor Authentication (MFA), Continuous Patch Management, to name a few to protect your organisational stronghold. As Britney Hommertzheim, Information Security Director of AMC Theatres rightly pointed out “As cyber security leaders, we have to create our message of influence because security is a culture, and you need the business to take place and be part of that security culture.

Organisations should accept the risk that some attacker will breach all defences. As a result, technologies, governance and people must be stress- tested on an ongoing basis to address the resulting weaknesses. Penetration Testing, Vulnerability Scanning, Disaster recovery, Security information and event management (SIEM), and Business Continuity are some of the disciplines that aim to make organisations more resilient in order to monitor and support core business activities, especially when going through dramatic changes such a digital transformation.

Solidifying our cyber-Security foundations will allow our organisation to build on the long term through strategic cyber security investments, including technologies, governance, and people. As a rule of thumb, your cyber security solutions and governance are only as good as the people who plan, design, deploy, test and run them. Recruiting the right people throughout the course of our journey will have long lasting effects. We shall never underestimate the impact of someone who can effectively shape and monitor the cyber security culture of our organisation.

The British government defines cyber security as protecting information systems (hardware, software, and associated infrastructure), the data on them, and the services they provide, from unauthorised access, harm or misuse. This definition includes harm caused intentionally by the operator of the system, or accidentally, because of failing to follow security procedures.

Many ships’ crews are blindsided by modern technology, and all too often dangerously reliant on the accuracy and reliability of command, control and navigation systems.

Crews don’t have enough knowledge and experience to understand and manage navigation and control systems if a hacking or an IT failure occurs. The November 2018 collision between a container ship and an anchored oil tanker and the grounding of a US naval frigate in Tokyo Bay are cases in point. These incidents illustrate the importance of training crews in traditional command-and-control navigation skills.

The maritime industry is evolving with effort directed to reducing the number of crew on board vessels. More and more, maritime companies are developing ways of performing management functions from shore. Several studies are emerging that propose operating vessels unmanned, at least for the transit offshore. The more concerning fact is that cyber-attacks could evolve to the point where pirates can take command and control vessels before anybody can get a hint of the situation.[10]

Already in 2019, one operator revealed that the IT system managing ballast water of one of its oil platforms was infiltrated by malware, creating a stability risk.

These reports predict a scenario way beyond our imagination.

[11] A 2017 IHS Markit maritime survey revealed that 74% of respondents believed that their organization’s biggest vulnerability to cyber-attack was crew members. IHS states that 80% of all reported information security and cyber incidents at sea are related to human error.[11]

[12] Be it downloading from unreliable sources while connected to a ship’s internet connection, plugging in unsecured USB devices, or even disclosing information to untrustworthy sources, there are many simple ways people can inadvertently compromise security if they have not received the appropriate training. It stands to reason, then, that the first step for maritime organizations should be to guarantee compliance with cyber security policies and procedures across the company.

Providing team members with the most up-to-date training on cyber security is key; knowing what precautions to take and how to respond in the event of a cyber piracy incident can help to keep crews safe as well as minimize economic and reputational damage to companies. Ensuring that crews aren’t solely reliant on connected navigation, command, and control systems and can revert to manual operations if needed can also help to stop and further prevent attacks significantly.

40% of respondents to a maritime survey admitted that their only cyber security defence was a basic firewall. This is contrary to International Maritime Organization (IMO) advice, which states that cyber security is a key component of risk management.

Risk management is fundamental to safe and secure shipping operations. Risk management has traditionally been focused on operations in the physical domain, but greater reliance on digitization, integration, automation and network-based systems has created an increasing need for cyber risk management in the shipping industry.

Cyber security is no longer the domain of IT professionals only; every person within an organization has the power to prevent an attack, and to raise the alarm if one is identified. This is why our cyber security experts provide support in training as well as in technological defences; attacks can come from any direction at any time so maintaining preparedness and ensuring that cyber security is front-of-mind across a company is key.

Organisations will continue to implement key strategic and often dramatic or innovative decisions to sustain their activities. As a result, it is crucial to chart the course of an effective cyber security roadmap that encompasses strategic and operational leadership to prevent becoming lost at sea and to answer some of these critical new challenges. But along with that they have to train their crew as well as make them aware. The ships protection has now become a joint operation in which the company and the crew are equal participants. Only with the proper cooperation of both can this be handled.

The basis for effective prevention measures – operations and security programs – is awareness and threat knowledge, along with credible deterrent and interdiction capabilities. Without effective awareness of activities within the maritime domain, crucial opportunities for prevention or an early response can be lost.[12]

Awareness grants time and distance to detect, deter, interdict, and defeat adversaries – whether they are planning an operation, or are end route to attack or commit an unlawful act. Forces must be trained, equipped, and prepared to detect, deter, interdict, and defeat terrorists throughout the maritime domain. Some terrorist groups, however, commit terrorist acts without regard to their own personal risk. They will never be easily deterred. No amount of credible deterrent capability can guarantee that attacks by such groups will be prevented. If terrorists cannot be deterred by the layered maritime security, then they must be interdicted and defeated, preferably overseas.

MARITIME SECURITY AND THE WORLD

Maritime security is best achieved by blending public and private maritime security activities on a global scale into an integrated effort that addresses all maritime threats. The Strategy for Maritime Security aligns all Federal government maritime security programs and initiatives into a comprehensive and cohesive national effort involving appropriate Federal, State, local, and private sector entities.

In addition to this Strategy, the research departments have developed eight supporting plans to address the specific threats and challenges of the maritime environment. While the plans address different aspects of maritime security, they are mutually linked and reinforce each other. The supporting plans include:

• National Plan to Achieve Domain Awareness.

• Global Maritime Intelligence Integration Plan.

• Interim Maritime Operational Threat Response Plan.

• International Outreach and Coordination Strategy.

• Maritime Infrastructure Recovery Plan.

• Maritime Transportation System Security Plan.

• Maritime Commerce Security Plan.

• Domestic Outreach Plan.

This strategy for Maritime Security and the supporting plans might present a comprehensive national effort to promote global economic stability and protect legitimate activities while preventing hostile or illegal acts within the maritime domain.

This strategic action is designed to involve all nations that have an interest in maritime security, as well as the ability and willingness to take steps to defeat terrorism and maritime crime. Fundamental to this cooperation must be a shared understanding of threat priorities to unify actions and plans. New initiatives are needed to ensure that all nations fulfill their responsibilities to prevent and respond to terrorist or criminal actions with timely and effective enforcement. More robust international mechanisms will ensure improved transparency in the registration of vessels and identification of ownership, cargoes, and crew of the world’s multinational, multi-flag merchant marine.

As the world’s individual national economies become ever more closely integrated, it is critical that nations coordinate and, where appropriate, collectively integrate their security activities to secure the maritime domain.

Preventing unlawful or hostile exploitation of the maritime domain can be a start point. It requires that nations collectively improve their capability to monitor activity throughout the domain, establish responsive decision-making architectures, enhance maritime interdiction capacity, develop effective policing protocols, and build intergovernmental cooperation.

Assisting regional partners, such as Guniea to maintain the maritime sovereignty of their territorial seas and internal waters shall be a high priority objective of the international governments. This contributes directly to the economic development of the 3rd world countries where maritime piracy is very high as well as their ability to combat unlawful or hostile exploitation by a variety of threats.

Tackling terrorism and acts of violence can be achieved when public and private sectors work hand in hand. The public and private sectors must be ready to detect and rapidly identify WMD agents; react without endangering first responders; treat the injured; contain and minimize damage; rapidly reconstitute operations; and mitigate long-term hazards through effective decontamination measures. These actions will preserve life, property, the environment, and social, economic, and political structures, as well as restore order and essential services for those who live and work within the maritime domain.

A terrorist attack or similarly disruptive Incident of National Significance involving the marine transportation system can cause a severe ripple effect on other modes of transportation, as well as have adverse economic or national security effects. From the onset of a maritime incident, Federal, State, local, and tribal authorities require the capability to assess the human and economic consequences in affected areas rapidly, and to calculate the effects that may radiate outward to affect other regional, national, or global interests.

Weak regulations and enforcement by some nations hinder transparency. Terrorists and criminals are currently exploiting this vulnerability by re-registering vessels under fictitious corporate names and renaming and repainting vessels. New initiatives shall be pursued diplomatically through international organizations such as the International Maritime Organization, the World Customs Organization, and International Standards Organization that already involve strong participation in the industry.

[13] A key security requirement in any domain is the effective understanding of all activities, events, and trends within the relevant domain. Awareness and threat knowledge are critical for securing the maritime domain and the key to preventing adverse events. Knowledge of an adversary’s capabilities, intentions, methods, objectives, goals, ideology, and organizational structure, plus factors that influence his behaviour, are used to assess adversary strengths, vulnerabilities, and centers of gravity.

Such knowledge is essential to supporting decision-making for planning, identifying requirements, prioritizing resource allocation, and implementing maritime security operations. Domain awareness enables the early identification of potential threats and enhances appropriate responses, including interdiction at an optimal distance with capable prevention forces.

Achieving awareness of the maritime domain is challenging. The vastness of the oceans, the great length of shorelines, and the size of port areas provide both concealment and numerous access points to the land. Many maritime threats are conveyed in ways that thwart early detection and interdiction.

The lack of complete transparency into the registration and ownership of vessels and cargoes, as well as the fluid nature of the crewing and operational activities of most vessels, offer additional opportunities for concealment and challenges for those attempting to maintain maritime security. Domain awareness requires integrating all-source intelligence, law enforcement information, and open-source data from the public and private sectors.[13]

It is heavily dependent on information sharing and requires unprecedented cooperation among the various elements of the public and private sectors, both nationally and internationally.

References:

[1] With the advent of modern technologies such as Industry 4.0, pirates have become more sophisticated-https://medium.com/@hello_34888/cyber-piracy-on-the-high-seas-e1690bc02115

[2] A faster ship and better weaponry won’t avert cyber-attacks nor keep crews safe-https://medium.com/@hello_34888/cyber-piracy-on-the-high-seas-e1690bc02115

[3] Since the terrorist attacks on US 2001, security has become a major issue confronting the maritime world-https://eandt.theiet.org/content/articles/2019/04/cyber-pirates-terrorising-the-high-seas/

[4] In the recent past, most ocean-going vessels operated with isolated dedicated industrial control systems with customised network protocols- https://medium.com/@hello_34888/cyber-piracy-on-the-high-seas-e1690bc02115

[5] There are many access points for cyber pirates to take control of the- https://eandt.theiet.org/content/articles/2019/04/cyber-pirates-terrorising-the-high-seas

[6] Maritime terrorism is may be defined as “the undertaking of terrorist acts-https://medium.com/@hello_34888/cyber-piracy-on-the-high-seas-e1690bc02115

[7] In recent years, sea-borne terrorism has emerged as a major security threat in littoral-Asia-https://www.bing.com/search?q=piracy+on+high+seas+with+the+help+of+data

[8] In 2013, a failed attempt at digital piracy occurred when a Dutch drug ring used a group of Belgian-https://eandt.theiet.org/content/articles/2019/04/cyber-pirates-terrorising-the-high-seas

[9] The root cause this chain of organised crimes, linked with terrorism-https://www.bing.com/search?q=piracy+on+high+seas+with+the+help+of+data

[10] Crews don’t have enough knowledge and experience to understand-www.mantu.com

[11] A 2017 IHS Markit maritime survey revealed that 74% of respondents believed that their-https://eandt.theiet.org/content/articles/2019/04/cyber-pirates-terrorising-the-high-seas

[12] Be it downloading from unreliable sources while connected to a ship’s-www.mantu.com

[13] A key security requirement in any domain is the effective understanding of all activities-www.mantu.com

The Views and opinions expressed in this above article are those of the author and are informed by his experience with sea domain.