In recent years, we have witnessed cyber security breaches that have severely impacted government departments, large corporations and individuals. The scourge of cybercriminals costs businesses and countries billions of dollars each year, notwithstanding the reputational damage caused by the theft of data.
In shipping, the world’s largest carriers and logistics companies have been targeted by cyber-attacks, the industry is particularly vulnerable because of the multiple players and billions of transactions involved in container shipping in any given year. The cyber criminals, always searching for the weakest link in the supply chain, have found that shipping has many gaps to exploit.
This year has already seen a concerning number of cyber-attacks on ports and terminals. A cyber-attack hit major European ports including Rotterdam and Antwerp, following a suspected ransomware attack causing a full system outage at one of the container terminals in India early this year.
More generally the advent of more employees working from home increased dramatically during the last two years as a consequence of the COVID-19 pandemic. This has also exposed serious weaknesses in digital communications and data sharing across platforms in many industries.
To plug those gaps and raise the security wall even higher, spending on cyber security will amount to US$1 trillion between 2017 and 2021 according to references made in an article published in Infosys.com.
The concern is growing that shipping remains vulnerable to cyber-attacks particularly as global supply chains remain under pressure due to geopolitical conflict, congestion and high freight rates. It is worth remembering that 90 percent of the world’s products are moved to market by ships. With this knowledge, criminals have the leverage to disrupt computer networks for ransom payments.
According to Cybertalk.org between 2017 and 2020, cyber-attacks on shipping increased by 900 percent, translating to roughly one incident on a ship per day. Examples include one carrier having to close its entire IT country network in the US.
A major European liner shipping company recently warned the shipping community to remain alert regarding sophisticated phishing and spear phishing attacks that leverage fake domains.
These cyber-attacks can affect shipping operations, safety or security issues which can result in information systems being compromised, data loss or data corruption, according to Cybertalk.org.
Global Positioning Systems and Automatic Identification Systems are also under attack as both systems rely on radio frequencies that are not encrypted, creating a back door for cyber hackers to feed fake co-ordinates to the ship’s system potentially sending the vessel off course.
Radios also connect to subsystems that control mechanical components of the ship which could result in power and equipment failures.
Insecure Wi-Fi connections at ports’ may leave a ship’s system vulnerable to cyber-attack, with three major shipping companies being victims of ransomware attacks through this threat.
In order to protect assets, it is important to conduct a thorough cyber risk assessment. The risks should include a focus on inventory, control systems and data.
The report recommends that all weaknesses and vulnerabilities be analaysed and fixed across the whole organisation.
Leveraging Artificial Intelligence is one way that organisations can use software to protect their systems, operating 24 hours a day, providing constant vigilance against security breaches.
One of the key tools rolled out globally to prevent data breaches is blockchain, which reduces vulnerabilities and provides strong encryption and more effectively verifies data ownership and integrity. The ‘Achilles’ heel’ in the cyber world are passwords providing criminals with the ‘keys’ to valuable personal and corporate data, blockchain can eliminate the need for some passwords.
The principal advantage of blockchain is its use of a distributed ledger, as transactions are recorded across every node in the network, making it difficult for attackers to steal, compromise, or tamper with data, unless a vulnerability exists at the platform level, according to Infosys.com.
Blockchain’s collaborative consensus algorithm monitors for malicious actions, anomalies and false positives without the need for a central authority. This collective ‘surveillance’ strengthens authentication and secures data communications and record management.
The real strength of blockchain is that all connected network participants have to agree to the validity of each of the records, providing additional security for all parties.
A blockchain is distributed and replicable by nature. It uses the consensus of participants and the latest achievements in cryptography. As a result, blockchain-based solutions are more resistant to cyber-attacks than non-blockchain systems.
THE SECURITY OF BLOCKCHAIN TECHNOLOGY RELIES ON THREE FUNDAMENTAL ELEMENTS
THREE COMMON TYPES OF BLOCKCHAIN NETWORK ARCHITECTURES
One of the major problems is the standardisation of protocols and business standards as some platforms use different ecosystems for their smart contract logic, transaction schemes, and consensus models, Infosys.com suggested.
Weak interoperability limits the scalability of blockchain; for developers’ roadblocks can be created from platform misconfiguration, communication mistrust, specification errors in application development, and cross-chain smart contract logic problems.
Today many of these issues are being overcome thanks to open protocols, multichain frameworks, and algorithms taking root in blockchain and mitigating these issues.
Standardisation is being driven by business communications organization GS1, the company has published global standards for blockchain interoperability, and it is working with Microsoft and IBM on incorporating those standards into their enterprise blockchain applications. The Enterprise Ethereum Alliance is also developing business standards, reported Infosys.com.
One of the leading platforms to develop blockchain technology for the global shipping industry is the Global Shipping Business Network (GSBN).
The idea for GSBN came from a consortium of ports and shipping lines including CMA CGM, COSCO SHIPPING LINES (COSCO), COSCO SHIPPING Ports, Hapag-Lloyd, Hutchison Ports, OOCL, Port of Qingdao, PSA International and Shanghai International Port Group (SIPG).
‘The platform is neutral and not for profit, very important in convincing the shipping industry to share its valuable data,’ according to Bertrand Chen, CEO of GSBN, in an interview with Seatrade Maritime.
The challenge according to GSBN is to develop greater co-operation between all players in the container shipping industry and to leverage the benefits of a platform that will enable them to add value to their own data.
The company is building a platform that is similar to the way the electricity grid or water networks operate, that it can facilitate the movement of data between different parties using a neutral and secure platform.
One of the inhibitors in expanding the number of users to the network is the concern about sharing sensitive and valuable data between banks, regulators, beneficial cargo owners, carriers and terminal operators.
Overcoming those concerns is one of GSBN’s biggest challenges as there are multiple parties in shipping who have conducted business using traditional paper-based contracts and documents for trade and Customs for generations, developing trust and realising the value of blockchain is the key to the acceptance of blockchain.
The golden age for digitising the shipping industry may be upon us as blockchain technology is gathering more pace and support. With the exceptional profits made by container shipping lines during the pandemic, there has been a significant corresponding investment in technology and in digitisation. The benefits of blockchain are many, including providing banks with a digital platform to improve efficiency to assess the credit of shippers and trade finance, etc.
New rules and regulations are also being implemented around International Maritime Organisation (IMO) emissions reduction targets, such as carbon taxes in the US and EU, which will impact shipping lines. Blockchain can provide a neutral platform to ensure that all documentation and transactions are compliant to these new regulations.
A successful pilot of the Cargo Release platform in China harnesses blockchain technology and offers a paperless, transparent solution that connects each individual involved in logistics at the port of import, including agents, consignees, shipping lines, and terminals. It has been deployed by several industry-leading shippers, including COSCO Shipping Lines, OOCL, and SIPG.
By cutting out the paper element of processes, the system simplifies data exchange and shortens operation time among all parties involved through real-time updates, reducing the time it takes for cargo to be ready for release. The processing time can be cut from days to a matter of hours, according to GSBN.
Chen said, ‘Like the early days of cloud technology, the shipping industry is on the cusp of an exciting revolution where major efficiencies will be unlocked, and significant value will be created. This announcement is a milestone for global trade as this sector steps into the next digital era. The deployment of Cargo Release in China is of major significance as one of the most important markets for import and export in the world.’
The Ministry of Transport of the People’s Republic of China is already rolling out its ‘Chang Xing Programme’ to digitise China’s ports and shipping industry in collaboration with carriers and members of GSBN such as COSCO SHIPPING Lines, OOCL and Hapag-Lloyd.
GSBN’s Cargo Release has also expanded its footprint to Hong Kong, Thailand (Laem Chabang) and Singapore to modernise global trade and benefit even more stakeholders in the ecosystem. It has since then been serving more than 10,000 customers in China and across Southeast Asia.
The blockchain-based container logistics platform is also piloting its Cargo Release in Rotterdam, the Netherlands, which involves Hutchison Ports ECT Rotterdam, COSCO Shipping Lines, freight forwarder OOCL Logistics and Chinese merchant trader Sumec Group. The former three companies are affiliated with the existing shareholders of GSBN.
This intertwining of blockchain and cyber security is still an evolving approach. Not all research ideas on digital identities, decentralised storage, securing edge devices, and smart contracts align with business needs.
It will take business time to adapt to blockchain and its processes, but the benefits are clear. In the shipping world where cybercrime continues to grow each year, there is a real need to find a secure digital solution with strong encryption that verifies data ownership and integrity; that is something that blockchain can deliver.
For shipping, blockchain will be one important piece in the armoury to fight data theft and attacks on critical IT systems.
For now, the advice is to undergo a complete audit of IT systems and communications tools to identify the potentially vulnerable areas that may leave a company open to a cyber-attack. This will provide the platform to improve security protocols and minimise the risk of future attacks.