MAY 9 — Malaysian maritime cybersecurity has experienced episodes of cyberattacks. Vulnerability in maritime cybersecurity affects the productivity of the nation’s critical economic sector. Several issues have been discovered as key contributing factors to the instability in cybersecurity.
While having the advantage of strategic geographic positioning as a maritime hub in the region, the density of shipping traffic and critical shipping lanes expose the seaports, logistics networks, and shipping systems to cyberattacks. The aspiration for the integrated seaport ecosystems targeting key seaports in Malaysia to ensure smooth integrated operations as well as fluidity in customs procedures opens a room for a malfunction of the system, mostly due to its structural and operational complexity. It not only results in compromised efficiency but also opens the door for cyberattacks. Inescapably, owing to digitization and the demand for an integrated smart port, dependence on potentially insecure artificial intelligence (AI) and Internet of Things (IoT) devices adds to the vulnerability of maritime cybersecurity and harms the productivity of the entire maritime operation.
The digital transformation, accompanied by cybersecurity attacks, has emerged as a significant concern for maritime supply chain network agents. The Lloyd Register- a technical and professional services organisation and a maritime classification society – has documented an alarming surge in cyberattacks over the last ten years, with an annual increase of 27 per cent.
A lack of readiness of the maritime workers who are yet to be trained for cybersecurity awareness has contributed to the maritime vulnerability to cyberattacks. Inadequate cybersecurity awareness and training make them inefficient at recognizing, stopping, or reacting to cyber threats.
Finally, a lack of standardized cybersecurity policies, enforcement mechanisms among stakeholders, and legislative gaps and fragmentation make it difficult to coordinate and implement measures effectively. Hence, a multi-stakeholder approach that integrates technology, policy, and capacity building is necessary to provide a robust maritime cybersecurity framework.
Albeit Malaysia has put in place many laws and guidelines relevant to its maritime industry, with a strong basis for maritime cybersecurity in the current regulations. However, regular updates, cooperation from stakeholders, and strict enforcement are necessary for them to be effective.
Despite having the guidelines and compliance checks by Malaysia’s Marine Department and port authorities as the main methods of enforcement, stakeholders differ in how they implement them.
Malaysia’s cybersecurity training and enforcement have room for improvement following the examples of those in Singapore, the United States, and Norway. While strengthening its cybersecurity skill pool through national initiatives and partnerships, the majority of training in Malaysia concentrates on general IT rather than requirements unique to the maritime industry.
Malaysia has put in place many laws and guidelines relevant to its maritime industry, with a strong basis for maritime cybersecurity in the current regulations. However, regular updates, cooperation from stakeholders, and strict enforcement are necessary for them to be effective. — Reuters pic
Because it has a lower tech profile and fewer opportunities for specialised education, the marine industry has trouble luring top personnel. There are still gaps in areas like infrastructure, training, and readiness, especially in smaller businesses and lesser-known ports, even though Malaysian ports and shipping corporations are making progress in implementing contemporary cybersecurity measures.
Important practices for managing information security system may include developing computational tools for risk management; implementing detection–blocking techniques to restrict network access to authorized systems; securing email accounts with multi-factor authentication; installing physical barriers, surveillance cameras, and rapid-response alarm systems; having advanced antivirus software; managing RFID usage to protect the personal data; and using VPNs on remote working laptops.
Additionally, establishing international collaboration among maritime stakeholders with aligned risk perceptions, a certification authority to oversee the creation of pseudonyms for ship maritime mobile service identity, a risk assessment library to share mitigating measures and risk experiences, and a ‘port cyber resilience officer’ portfolio can play a critical role in maritime cybersecurity.
In Summary, to adequately prepare for massive cyberattacks, the sector needs improved system integration, more standardized training programs, increased cooperation, and more robust regulatory enforcement. Investing more in highly qualified workers and cutting-edge technology would be essential to enhancing Malaysia’s maritime industry’s overall cybersecurity resilience.
* Dr Marhaini Mohd Noor is Senior Lecturer at the Faculty of Maritime Studies, Universiti Malaysia Terengganu; while Professor Dr. Mohammad Tariqur Rahman is the Executive Director (Development, Research and Innovation) at the International Institute of Public Policy and Management (INPUMA), Universiti Malaya
* This is the personal opinion of the writer or publication and does not necessarily represent the views of Malay Mail.
