Pirates aren’t what they used to be. The burgeoning image of the ‘new’ pirate projected by security analysts has the traditional maritime villain ditching the rum for the RAM and preparing to lay waste to fleets of underprepared ocean carriers. For those ships, just as much as the people that rely on them, this sea change represents a problem that has implications for global supply chains.
Amongst the central features of this new cyber-supported piracy, and certainly the feature which most proliferates media representations of the problem, is the vision of navigation systems attacks- pirates successfully diverting vessels with false GPS and Automatic Identification System data.
Forbes, in a representative article, cited insurance brokers Willis’ report that the maritime industry ‘may be sitting on an uninsured time bomb’ as an illustration of the huge threat posed. However this representation has hugely overstated the current technological capacity of pirates, fails to recognise the ease with which protections can be put in place and underestimates the capacity of shippers to act on concerns. It’s also a position which looks increasingly dated as shippers are already updating their safety procedures and are already starting to defuse Forbes’ maritime time bomb.
In its analysis of shipper security, which should be an important feature of any procurement decision, it is important that procurement does not centralise these e-navigation concerns to the extent that it sidelines more pressing, longer standing, security concerns; such as data breaches or illicit material transfer.
Whilst high-end cyber-attacks, of the nature recently projected, provide a highly interesting long-term consideration, procurement should focus on immediate security concerns and not neglect less exciting low level security concerns in favour of more interesting speculative provisions.
Whilst navigational vulnerabilities do exist, a particularly valid concern is the unsecured interlinking of online systems with requisitely secure systems, the threat from traditional non-state actors is limited. Somali pirates have demonstrated an ability to view ship data online, but the numbers of reported cyber attacks are low and, outside of an isolated attack on an oil platform by a hacking group, unsophisticated.
The Global Positioning System vulnerabilities were highlighted by University of Texas researchers, whilst the Automatic Identification System issues were demonstrated by a security firm- working with levels of specialised expertise vastly ahead of those available to pirates. Data breaches and surveillance are currently more widespread, if less exciting, prospects when looking at cyber security breaches.
Shipper unpreparedness, a central tenant to recent reports released by the US Government Accountability Office and the European Union Agency for Network and Information Security, is increasingly less of a concern. New Cyber Security guidelines, released this month by Bimco, CLIA, ICS, Intercargo and Intertanko, indicate an admittedly needed shift in focus and it is important to consider that the technology required to create better safety procedures already exists, and is easily accessible. For example developments in VLAN technology already provide ways to isolate systems from internet access. Importantly this still allows for web-access, continuing to provide internet for electronic chart updates, telemedicine and on-shore engineer communication.
Perhaps the most interesting argument projecting future industry cyber security inactivity, leading to continued navigational vulnerabilities, is cost-minimisation. This argument does not really hold out if looked at in the short term, with companies already visibly innovating but is even less convincing when looked at as a longer term theme, as continued cost minimisation is not guaranteed.
Security measures such as Hapag-Lloyd’s Watchdog technology and the increase in armed guards on high-risk vessels highlights the increased spending, and innovations, visible in shipping security. Whilst it is fair to point to the current centralisation of cost-per-unit considerations in the container ship industry, as the analyst Richard Scott pointed out this month, the future is ‘hard to predict’. In an industry influenced by cyclical issues of oversupply, hugely variant demand and changing global competition, to assume a constant shipping position, with regards to spending, is not particularly easy as a long term model.
Shipping security should be a highly important criteria of procurement analysis. It is important however to make sure that rather than merely focussing on the high-end, exciting, ‘in-vogue’ speculations that we take the more prevalent, lower level, security analysis seriously too. Forbes’ ‘ticking time’ bomb of e-navigation difficulties is not as serious an issue as the apocalyptic event many security analysts are pencilling in to their calendars.
This article is a piece of independent writing by a member of Procurement Leaders’ content team.