With leaks about governments spying on virtually everybody flooding the media and ships that digitally disappear, the Information Age appears to be in full swing on land and sea. That governments spy on each other and on their own citizens is in itself not particularly new, but the sheer scale and scope of the electronic surveillance, involving apparently millions of e-mails, telephone calls and other communications, might make some wonder how such a massive seam of data could be effectively mined. Casting one’s net wide enough is one thing, but some might see this as industrial-scale trawling to catch the odd minnow.
While the focus is on governments spying on each other, business may be just as big a target. As the International Chamber of Commerce (ICC), parent of piracy experts, the International Maritime Bureau, warned in September, encrypted data harvested from businesses is being stored until a way of cracking it open is found.
“Quantum” computing, the ICC suggests, makes this deferred decoding likely sooner rather than later. It backed this up by quoting an Internet security firm, explaining the closure of its e-mail encryption service: “E-mail as we know it today is fundamentally broken from a privacy perspective”.
Legislation ostensibly aimed at countering terrorism and organised crime can include national “economic well-being” as a justification for spying, but the ICC describes this as “a catch-all phrase” that could mean giving one state’s businesses an advantage over foreign rivals.
This might worry companies who, until now, might have thought their e-mails were safe from prying eyes, but it may depend on how commercially or legally sensitive their data is. Trade secrets may be betrayed, but perhaps not before their tell-by date.
As the flood of spying stories continues unabated, governments and business are reacting by, for example, limiting or even stopping data being stored on servers or in the cyber cloud that are controlled by or in foreign jurisdictions where data protection is less than watertight.
Some see the reaction going even further, with fears nationalisation of data storage leading to the “Balkanisation” of the Internet, i.e. the division of what is now seen, albeit mistakenly, as a public commons into several, small and mutually hostile states. In shipping this could raise interesting questions about flag states’ data protection laws.
All this might, of course, blow over, but it has served as a reminder of the security risks in the modern world of the Internet, satellites and electronic communications. The boon to shipping, with ships spread far across the oceans, could prove as much a bane.
Two years ago awareness of the risks in all levels of the maritime sector – from ports to shipping companies – was rated by a European Union cyber-crime agency as “low to non-existent”, due largely to the low number of reported incidents. Subsequent events may have created a greater sense of urgency.
The vessel-tracking Automatic Identification System (AIS), introduced to enhance safety, openly transmits ship data (now detectable by satellites), making it vulnerable to interception and interference from sources innocent and malevolent. Recent experiments have shown it is relatively easy to tweak AIS to make ships appear to be off-course or to disappear from screens.
Anomalous behaviour by ships can also be detected using satellite AIS. Two that were recently tracked getting abnormally close to each other in the Mediterranean were suspected of illegal at-sea bunkering. Others appear to have swapped digital identities to evade sanctions.
Authorities, of course, say they are alive to some of these threats and, utilising radar, satellites and software, can pick out anomalies or “dark targets”. Ships “seen” where they shouldn’t be – based on known speeds, draughts, last ports of call, for example – or maintaining “AIS silence” can expect a call from the coastguard or a visit from a patrol boat or aircraft.
Dark targets could also be a risk to other ships. Bridges already have enough problems avoiding collisions through mutual misunderstandings over VHF and AIS without having to deal with ships that, like Schrodinger’s cat, might or not might be there. Collisions with non-existent ships might, of course, be less expensive.
If it’s not governments digitally snooping, it’s terrorists or criminals seeking to exploit chinks in the Internet chainmail. It was recently revealed that a drug-smuggling operation had hacked into the tracking system at the port of Antwerp to enable containers, in which narcotics had been hidden among normal cargoes, to bypass customs checks and then be loaded onto bogus trucks.
The incident shows that cyber-attack scenarios that can include the shutdown of a container terminal may not be as fanciful as some of those taking part in crisis-management exercises may think.
As probably the industry’s biggest electronic data user with its need for intermodal cargo tracking, container shipping is more likely to suffer from hacking and viruses, but the whole industry has had to extend its digital security fence wider than most to encompass ships and their crews as they are connected not just to closed company networks but to the wide open spaces of the Internet.
Perhaps somewhere at sea right now bored seafarers, playing games on the Internet or updating their status on social media sites in their cabins, are unwittingly allowing a virus or hacker onto ships.
Well-trained and alert crews with fire hoses may prevent physical hijacking, but keeping at bay digital attackers may require more robust defences than firewalls – the online equivalent, perhaps, of the armed guards that have proved the most effective defence against pirates.
Experts say costly new rules and insurance mandates could result if, say, serious disruption to a major port or the loss of a ship were traced to a cyber attack and shipping’s risk assessments should include such possibilities.
Before the current government spying crisis, the cyber sea, as it has been dubbed, was likened to the Wild West, a frontier territory where outlaw activity was rife. Now, in the light of recent revelations, the question might be where might the needed order come from.