Cyber-Spies Target MARSEC Secrets; 'Sputnik' Moment Ahead?
Contributor: ESPADA Marine Services 
African pirates and their foreign underworld backers will use any technological means—including Internet hacking—to defeat maritime security, some experts say, and the maritime industry needs to “tighten up” its storage and dissemination of sensitive information.
“The exposure [to hostile hacking] has been greatly increased by the participation of organized crime in modern piracy; European organized crime, for the most part,” says a MARSEC CEO who has a background in U.S. military cybersecurity. “They are clearly providing intel to the pirates.”
“You have a sophisticated, well-funded criminal element that can hire hackers and savvy IT [information technology] folks,” Jim Jorrie of ESPADA Marine Services of San Antonio, Texas, explains. “They can hack into a shipping company for information about the ships, [company's] financial health, insurance, cargo, whether the vessel has a security team—and information about the crew, for that matter. And, if they know the security team's origin, they might be able to hack into that company's network to see what kind of weapons and even the number of rounds of ammunition on the ship—and plan an assault to defeat that embarked security.”
This is not a lone voice in the wilderness.
A May 28 online article at Marine Insight, “Pirates Exploiting Cybersecurity Weaknesses In Maritime Industry,” emphasizes MARSEC companies are targets.
“At least one private maritime security firm had its website hacked, which resulted in visitors having viruses downloaded surreptitiously into their machines,” Michael G. Frodl, a maritime-risks consultant in Washington, D.C., writes. “And a premier UK association that’s dedicated to vetting the private maritime security industry also had its e-mails infected by a 'spybot.' The malicious program tracked every keystroke and relayed them to some unknown third party.”
“Somali pirates and their confederates, especially their foreign bank-rollers, are increasingly surfing the Web for loose information that can help them with targeting vulnerable and valuable ships,” Frodl warns. “They are hiring experts who know how to break into the 'secure' computers of ship owners and shippers and obtain information that is not being shared with the public, including blueprints to ships and the insurance they carry.”
Criminal hackers for years have stolen consumers' credit-card numbers. Why wouldn't their ilk help pirates pursue hundreds of millions of dollars in potential ransoms in the High Risk Area?
Perhaps a Sputnik moment, of sorts, is coming to the maritime industry.
“Shipping companies, for the most part, in the past have not had the need to defend themselves against sophisticated cyber-hacking,” Jorrie observes. “The larger corporations are going to have IT-security capability. However, small- to medium-sized shipping companies and ship agents most likely are not going to have very sophisticated IT-security systems. What's going to have to happen is, they'll have to tighten up. It will require a large investment that, given the current economically depressed condition of the shipping industry, they are reluctant to make.”
This also could mean stricter contractual standards for MARSEC firms. “Government contracts, for example, require a company to meet a certain information-security standard to get the contract and then to maintain it,” he adds. “For the private security industry, the TTPs [tactics, techniques, procedures] and identities of embarked-security personnel must be protected.”
Pirates' electronic spying takes other forms, too.
A May 22 Bloomberg News report, “Ships Deter Pirate Stalkers by Signaling Armed Guards' Presence,” describes how some vessels' Automatic Identification Systems are being used to try to intimidate pirates monitoring the messages. “Ships at risk of attack by Somali pirates are increasingly indicating when they have armed guards on board to deter assailants they suspect are using Internet-based vessel-tracking systems to identify targets,” the story out of London begins.
“You can track a vessel with AIS worldwide,” Jorrie comments. Tech-savvy pirates with AIS equipment and access “can track the vessel and vector in with their assault force” of motherships and skiffs. Pirates have exploited this vulnerability for years.
Contributing writer Martin Kufus is a planning and communication consultant for ESPADA.
The views expressed are those of the contributor and do not necessarily reflect those of OCEANUSLive.
Subscribe to our newsletter. Receive a weekly round-up of all the main piracy-related news.
OCEANUSLive.org
Information, Security, Safety; Shared
Submitted by Team@oceanuslive.org