The Suez Canal block that unfolded in March opened the world’s eyes to the ramifications of disrupting the global logistics industry. But, has the world considered the consequences of a cyber-attack on the shipping channels we rely on so heavily?, says an article published on Lloyd’s register website.
Suez Canal blockage incident
On the 23rd of March, strong winds whipped through the Suez Canal, spinning the Ever Given; one of the world’s largest container ships, causing its bow to become stuck on the shallow eastern banks, while the stern embedded itself in the west bank.
The incident caused a backlog of cargo traffic to build up along the canal – a straight of water that creates a passageway between Europe and East Africa and the Middle East. The event caused a ricochet of backlogs throughout the logistics sector, costing around $10 billion dollars’ worth of losses each day.
The channel of water in question; regulated by the Convention of Constantinople, reduces a cargo ships journey to 7,200 miles, compared to 12,300 miles, when traveling from London to Mumbai. While the incident involving the Ever Given demonstrated the need for the physical infrastructure of the canal to be re-evaluated – given its importance to enabling global logistics – cyber industry experts’ have since raised concerns around cyber-attackers could target vulnerable cargo ships to cripple essential infrastructure like the Suez and Panama canals.
More than just a channel of water
The causal observer would have viewed the Suez Canal blockage as a once in a decade event that made the news after causing weeks of disruptions to the global shipping sector. The reality is that the global logistics industry won’t be back on track after the incident until late June, with 10 weeks of disruptions to supply and demand surfacing as an inevitable by-product of the disaster.
While the event has uncovered what challenges can arise if the canal itself is blocked by cargo ships, experts across the cyber security sector have begun to evaluate beyond the physical infrastructure of the canal and forecast the disruption that could happen should the behind-the-scenes operations of the canal be attacked next.
The Suez Canal’s information technology and communications architecture are comparable to that of an air traffic control system. If an air traffic control system was to be infiltrated by cyber-criminals, alarms would be raised by some of the highest-ranking security forces across the globe, so why isn’t infrastructure like the Suez Canal given the same precedence?
The potential for threat escalation
As a result of the freak disruption to the Suez Canal, planning to improve the physical infrastructure of the canal has been ramped up, yet the multi-disciplinary nature of its ownership, regulated by the Convention of Constantinople, means that taking ownership of the issue is something nations are continuing to swerve.
As ships become increasingly computerised, their onboard systems are a network of interconnected devices where if one goes down, they all do. We can take a ship’s main switchboard as an example; a ship’s switchboard distributes all electrical energy to the ship, so if this central network was affected by a ransomware attack, the power supply could be completely cut off. This means the ship’s motor would stop working and GPS systems would go offline, so the ship could be left stranded in the middle of the ocean.
Not only does this pose opportunities for cyber-criminals to cripple the economy, but it also puts human lives in danger. It’s one thing for this to happen to a cargo ship but if it were to escalate, we could be left with a situation where commercial cruise ships are cut off from help in the middle of the ocean.
Creating a more resilient future for global logistics infrastructure
In order to contain and minimise future cyber-threats to international vessels, a new multi-disciplinary approach is needed to replace outdated approaches like that of the Convention of Constantinople.
Initiatives like the US Combined Task Force Sentinel which was established in 2019 to defend against Iranian piracy and terrorism in and around the Straits of Hormuz and Bab el-Mandeb, could also be widened to include essential shipping passages like the Suez and Panama canals.
The Suez Canal is currently protected by the Egyptian army, as well as the Suez Canal Authority who manage logistics and payment matters. However, when facing the ever-evolving cyber security threats across the globe, separate entities like the Suez Canal Authority and Egyptian Army need to come together to work on a global scale to share knowledge and fire power that can enhance the protection of ships across the globe.
Summary
- The Suez Canal block that unfolded in March opened the world’s eyes to the ramifications of disrupting the global logistics industry.
- The causal observer would have viewed the Suez Canal blockage as a once in a decade event that made the news after causing weeks of disruptions to the global shipping sector.
- In order to contain and minimise future cyber-threats to international vessels, a new multi-disciplinary approach is needed to replace outdated approaches like that of the Convention of Constantinople.
- the Suez Canal Authority and Egyptian Army need to come together to work on a global scale to share knowledge and fire power that can enhance the protection of ships across the globe.
Did you subscribe to our daily newsletter?
It’s Free! Click here to Subscribe!
Source: lr.org