There's much to do to counter cyberattacks on maritime industry

There's much to do to counter cyberattacks on maritime industry
Dr Marhaini Mohd Noor, Dr Mohammad Tariqur Rahman - May 12, 2025 https://www.nst.com.my/opinion/columnists/2025/05/1215142/theres-much-do...

The maritime sector in Malaysia has experienced episodes of cyberattacks. Several issues contribute to the instability in cybersecurity.

The density of shipping traffic exposes seaports, logistic networks and shipping systems to cyberattacks.

Integrated seaport ecosystems that ensure smooth operations as well as fluidity in Customs processes may lead to a malfunction, mainly due to structural and operational complexity.

Dependence on potentially insecure artificial intelligence and Internet of Things devices adds to the vulnerability of maritime cybersecurity and harms productivity.

Digital transformation, accompanied by cybersecurity attacks, has emerged as a significant concern for maritime supply chain network agents.

The Lloyd's Register — a technical and professional services organisation and a maritime classification society — has documented an alarming surge in cyberattacks over the past 10 years, with an annual increase of 27 per cent.

A lack of awareness among maritime workers contributes to the vulnerability.

They are unable to recognise, stop or react to cyber threats.

A lack of standardised cybersecurity policies, enforcement mechanisms and legislative gaps and fragmentation make it difficult to coordinate measures effectively.

Hence, a multi-stakeholder approach that integrates technology, policy and capacity-building is necessary.

Malaysia has put in place many laws and guidelines for the maritime industry.

However, regular updates, cooperation from stakeholders and strict enforcement are required for them to be effective.

Malaysia's cybersecurity training and enforcement should emulate practices in Singapore, the United States and Norway.

Much of the training in Malaysia focuses on general information technology rather than requirements unique to the maritime industry.

Because it has a lower tech profile and fewer opportunities for specialised education, the industry has trouble luring top talent.

There are still gaps in infrastructure, training and readiness, especially in smaller businesses and lesser-known ports.

Important practices for managing information security systems include developing computational tools for risk management, implementing detection-blocking techniques to restrict access to systems, and securing email accounts with multi-factor authentication.

Others are installing physical barriers, surveillance cameras and rapid-response alarm systems, having advanced anti-virus software, and managing RFID use to protect personal data.

International collaboration by maritime stakeholders with aligned risk perceptions, a certification authority to oversee the creation of pseudonyms for ship maritime mobile service identity, a risk assessment library to share mitigating measures and risk experiences, and a "port cyber resilience officer" can also enhance maritime cybersecurity.

In summary, to adequately prepare for massive cyberattacks, the sector needs improved system integration, more standardised training programmes, increased cooperation and more robust regulatory enforcement.

Investing more in highly qualified workers and cutting-edge technology is essential to enhance the maritime industry's cybersecurity resilience.

Dr Marhaini Mohd Noor is senior lecturer at the Faculty of Maritime Studies, Universiti Malaysia Terengganu; and Professor Dr Mohammad Tariqur Rahman is the executive director (Development, Research and Innovation) at the International Institute of Public Policy and Management, Universiti Malaya