Introduction
Globalization, industrialization, and fast growth of international relationships all have a considerable impact on the maritime industry at local and state levels in the United States. On the one hand, new developments and options have become available to many organizations in different fields. On the other hand, certain demands and increased values can also be observed among customers and business partners. If a country has a shoreline and direct access to the Pacific Ocean, as in the case of the United States, the benefits, and the number of maritime companies, are hard to quantify. The United States is one of the largest importers and exporters of merchandise in the world, with about $1.5 trillion earned through exports (Garamendi). Today, this industry is the foundation for many aspects of society and business (Jensen 35). It is divided into sectors in terms of which specific goals and expectations are defined, and which measurements and security programs are developed. Each sector has its own goals, responsibilities, and weakness that have to be thoroughly evaluated and understood.
In this paper, special attention will be paid to maritime logistics. This field includes the processes of planning, implementation, as well as the management of goods and information movement as ocean carriage (Lee et al. 55). Regarding current technological progress and the impact of the Internet on business, maritime logistics undergoes numerous challenges and cyber threats regularly. This paper aims to define the main characteristics of the chosen field, including safety, shipping risks, and development, to investigate recent cyber threats that are based on the lack of privacy and spread of piracy, and to identify potential improvements regarding the progress of the Department of Transportation and other organizations in the United States.
Background
Colonization and the British impact defined the possibilities for citizens and the development of trade relations. The actual success and glory of the maritime industry in the United States began in earnest during the 19th century after the proclamation of American independence. Today, this industry is known as one of the most competitive sectors in the world, with shipping companies being able to optimize their costs, choose effective legal frameworks, and maintain customer credibility (Sumser-Lupson 3). The needs of people vary, and the maritime industry can identify those connected with transportation and respond by offering appropriate services.
Some people may confuse transportation and logistics as the two concepts have a similar meaning. American and Yildiz suggest treating these processes as essential but never equal because transportation is only a part of the logistics supply chain (31). The growth of the global economy and its crisis at the beginning of the 2000s created certain challenges in the field of maritime logistics. Trade and market demand increased, promoting severe conditions and requirements in the maritime industry. The Merchant Marine Act of 2001 was used to control ship construction, the Ready Reserve Fleet contributed to equipment provision and combat operations, and the US Department of Transportation continued controlling administrative, organizational, and HR issues.
Current technological progress and the presence of computer-based networks explain the urgency of cybersecurity in maritime logistics. The events of September 11, 2001, dramatically changed the way the United States treated its security affairs. In 2002, the Maritime Transportation and Security Act (MTSA) was signed to control all maritime activities in the country and, in 2006, the Security and Accountability for Every Port Act were passed by Congress to determine the requirements (Hayes 7). However, both acts had little in common with cyber threats, and the government developed several strong presidential policies to check and improve the infrastructure of cybersecurity specifically.
The list of attacks may vary in each country. Still, the most frequent of them are the Icefog attack (when many governmental facilities, maritime groups, and industrial companies lost control over their networks); the attacks on the Islamic Republic of Iran Shipping Lines; and ghost shipping, proving that the cyberspace was not safe for its users (Hayes 12). These cases introduce only a part of the history of cybersecurity, and maritime logistics should be protected against these threats through thorough analysis, effective support, and the development of several backup plans.
Main Characteristics of the Maritime Industry
There are many significant characteristics of the maritime industry and logistics. In this paper, a list of characteristics will be discussed in terms of cybersecurity and existing threats. Not many researchers and writers can give a single definition of maritime logistics due to its complex nature, scope, and goals. American and Yildiz define logistics management as a “physical process of planning, organizing and controlling the flow of materials and services from the supplier’s point to the customer’s as the endpoint” (29). However, it is not their final definition. Throughout the whole chapter, the authors make certain improvements and additions to explain the peculiar features of each process and identify characteristics that matter in logistics. For example, one should say that the importance of logistics directly depends on customers’ needs or expectations and the ability to compete under the conditions of globalization, crisis, and unstable political relationships. Logistics is necessary to minimize costs and maximize benefits (Yercan and Yildiz 30). Such goals can be achieved due to logistics transformations, flexibility, and mobility.
These characteristics may be divided into positive and negative. People usually see the major demerits of maritime logistics as low speed and the additional time that may be required to deliver goods, dependence on weather conditions, and unpredictable delays compared to other types of transport. It is hard to trust in the transportation of goods to a company that is not able to control every aspect of a delivery process, even if this aspect includes weather or the situation in another country. At the same time, the merits of this field attract people’s attention. They include low infrastructure and costs that can be organized and checked online, as well as control of vessels and their qualities over long distances or with high trade volume. Maritime logistics is a continuous attempt to encourage and support confidence and trust in transportation services.
However, not everyone can understand that the more positive characteristics maritime logistics obtain, the more difficulties to support cyber defense occur (Jensen 36). A shipping line may be long and spread over several continents and many countries. Each country has its own offices and services, with the help of which it is possible to track and control delivery. Also, many organizations, like ports, banks, trucking companies, and customs offices, may use this access to get the required information. In other words, one shipping line should share its access to the system with other networks, putting under threat the whole system and question safety issues. As a rule, there are not many technical specialists who can resist cyberattacks on board (Jensen 36). All these characteristics cannot be ignored because they put a certain level of responsibility on the industry to control its IT landscape, protect its shipping lanes, and meet the standards introduced by different local and international offices during the delivery process.
Shipping risks are high because maritime logistics organizations have to include all shipping risks when they add vessels of other companies to their lines. The sources of new vessels are hard to control and investigate, and safety cannot be promised from all perspectives. Therefore, managers and leaders have to be ready for unpredictable problems and challenges.
Cyber Security and Attacks
The topic of cybersecurity undergoes numerous discussions and debates around the globe. Cyberattacks continue to take place in the maritime industry, making logistics companies vulnerable and concerned. Sumser-Lupson calls cybersecurity as one of the “main threats to legal maritime practices” due to its global and multi-dimensional borders (1). It does not take much time for a person who has certain skills or talent in IT or other technologies to learn new cyber tactics, overcoming existing firewalls, and identifying the gaps in cyber systems. Cyberspace continues to grow and it creates new opportunities for ‘evil geniuses’ to scrutinize networks and frustrate plans. By way of explanation, the growth of cyberspace cannot be avoided because it brings a new danger with millions of new cyberattackers penetrating the field.
Modern-day pirates or cyber attackers have access to multiple sources that they can use to break networks, change passwords, and stop the work of millions of people and services in a matter of seconds. The peculiar feature of such attacks is that not many people are aware of them. If a system of one organization is broken or challenged, employees and its leaders try to hide this fact in order not to lose customers, gain a bad reputation or experience financial losses. A cyberattack does not usually require the invention of a new scheme or service. It is enough to investigate an existing system, define its weak and strong points, and push the most vulnerable part (“Common Types of Cybersecurity Attacks”). Cyberattacks are fast and unpredictable. Sometimes, a person or an organization can be ready for changes caused by a cyberattack. Still, in many cases, attackers are properly motivated with clearly stated goals, demands, and a plan of action.
The variety of attacks in cyberspace is impressive, and it becomes clear why not all organizations, even if several technically advanced people work there, can avoid cyber threats. Maritime logistics, as well as other spheres, may be exposed to the following cases of cyberpiracy (“Common Types of Cybersecurity Attacks”):
- Malware or harmful software that can damage systems with the help of viruses are frequently used by attackers. As a rule, a virus may be caught via downloading, clicking unknown links, or using unreliable sources.
- Phishing is an activity that is used by attackers to make a user open or choose a document or program pretending its usefulness. The list of activities possible through phishing is long, including some fraudulent account activities or stealing a personality.
- Structured query language (SQL) is used to promote communication between databases. A person or company cannot even guess that orders or tasks are given by an attacker so that they continue following all instructions coming from unknown people.
- Cross-site scripting (XSS) is a tool based on malicious code that makes it possible to operate users’ financial data, questioning the reputation of these sites.
This list of cyberattacks is far from complete. Every day, a new type of attack or cyber threat is created through the experience and knowledge gathered by users. Information exchange, privacy neglect, and social media are the main contributors to cyberpiracy. In comparison to an old form of piracy when sailors or other representatives of the maritime industry had to deal with real pirates with guns and swords, cyberpiracy turns out to be more dangerous due to its invisibility (ghost shipping), abstractness, and unbelievable growth and development.
Cyber Challenges and Improvements in Maritime Logistics
The future of maritime logistics is hard to predict or control. Despite the possibility to choose a direction for growth and improvements, it may be changed in a short period because of a new invention being offered or a new idea being developed. However, there are some thoughts about its possible development that are closely connected with the integration of new cyber systems, vessel automation, and replacement of human work with computer processes (Jacobs). For that reason, if, several years ago, shipping risks included piracy or human error only, today, these risks are doubled due to a possibility to a Trojan worm attack, ghost shipping, or other viruses that can be delivered to a system by a variety of ways and lead to unpredictable outcomes.
To understand the essence of cyberpiracy and its effects on maritime logistics, one should consider the following example and a variety of cybercrimes that may be observed. There is a team of people organized by a maritime logistics organization to transfer cargo from point A to point B (that is located in another country). The number of team members is impressive, with each person having their instructions and responsibilities. However, there is no technical expertise who can follow all harmful activities on board. The team has access to the Internet via satellite connection (Jensen 36). From time to time, they can use their social accounts to contact their friends or families, share the latest news, or ask for help without even being aware that a team of pirates has already identified their location and have any idea about the situation on board.
The results of such activities may vary from ordinary blackmail to a real seizure of a ship. The online connection can be used to inform the logistics center about the situation, and the credibility of this information cannot be checked. Hackers or modern-day pirates can take different steps and establish various goals as soon as they reach a ship and get access to its system. Money, privacy, data, and even lives can be taken away in several hours.
Information Communication Technologies (ICT) has already brought several benefits to maritime logistics and the industry in general. Advanced navigation is one of the best examples of how ICT can be used in shipping and logistics management. Organizations have access to several processes simultaneously, including the disembarkation of passengers, handling and tracking of goods, and support of communication (Sumser-Lupson 1). To control maritime safety, prevent pollution, and offer compensation, the International Maritime Organization creates international conventions during which the government is invited to participate in maritime activities and use networks. However, neither the IMO nor the government can take enough steps to prevent maritime cyber challenges and control the activities of cyber pirates. Cyber challenges in maritime logistics spread fast.
Some hackers admit that they attack to pursue good goals and help people. For example, there was an attack called Robin Hood when Stratfor, a Texas security organization, was hacked and claimed to donate $500,000. In the end, about 50,000 credit cards, 87,000 email addresses, and 44,000 passwords were posted by Anonymous online (Sumser-Lupson 5). Though this attack did not touch upon the maritime industry, it showed that any company was vulnerable to cyberpiracy. In case maritime logistics organizations are hacked, the results of such activities may touch upon many people’s lives and lead to unpleasant outcomes at both local and international levels.
Though not all cyberattacks are recognized in public, several cases can be used to explain how cyberattacks may challenge ships and ports. In 2011, the Port of Antwerp was hacked and control over ports and terminals was gained by cybercriminals. Contraband containers had to be released without making port authorities aware of this situation (Sumser-Lupson 6). Similar scenarios have been repeated several times during the last two years because the information was successfully removed, and hackers did not leave a message. In 2013, the criminals were recognized and caught. However, the impact that those contraband products brought to society is hard to estimate.
It is not an easy task to catch hackers because this group of people have irrational imaginations and can plan several million steps. These people are sophisticated and technologically advanced. Therefore, to fight such criminals, new “brains” are required. People continue learning and grasping different sides of IT and ITC. Preventive steps and guidelines are introduced to all maritime companies to avoid unpredictable losses or, at least, create a basis for new protective means. Information about types of cyberattacks, description of cyber vulnerabilities, and mitigations in the maritime sectors have to be recognized and discussed at special meetings. Access control, intrusion detection, communication security, governance, and network designs are all improvements that can be offered to every organization today (Sumser-Lupson 8). Instead of discussing all these details and necessities online, it is suggested to gather face-to-face and avoid the use of technologies that could become the new ‘spies’ for modern-day pirates.
Conclusion
In general, this paper creates a solid basis for the understanding of the current situation in maritime logistics in the United States, as well as in other countries. Cybersecurity awareness is a crucial aspect that has to be discussed frequently and worldwide. The maritime industry continues to grow and introduce new services and opportunities for its customers and business partners. Automation, exchange of information, and online control may facilitate many organizational and management processes but it also becomes an opportunity for attackers to achieve their personal or professional goals. Shipping companies and ports may be exposed to different types of cyberattacks without even knowing that such threats are possible. Therefore, increased knowledge, communication, statistics, cooperation, and privacy in cyberspace are the issues to pay attention to avoid or reduce the number of cyber challenges in maritime logistics.
Works Cited
“Common Types of Cybersecurity Attacks.” Rapid7, Web.
Garamendi, John. “Our Maritime Industry Is Too Important to Ignore.” The Hill. 2017. Web.
Hayes, Christopher R. Maritime Cybersecurity: The Future of National Security. Thesis, Naval Postgraduate School, 2016. NPS, 2018.
Jacobs, Lana. “Cyber-Pirates Threaten Shipping Security.” Bowmans. 2017. Web.
Jensen, Lars. “Challenges in Maritime Cyber-Resilience.” Technology Innovation Management Review, vol. 5, no. 4, 2015, pp. 35-39. Web.
Lee, Eon-Seong, et al. “Defining Maritime Logistics and Its Value.” Maritime Logistics: A Guide to Contemporary Shipping and Port Management, edited by Dong-Wook Song and Photis Panayides, Kogan Page Publishers, 2015, pp. 52-66.
Sumser-Lupson, Karen. “Addressing African Maritime Cyber Challenges.” Shipping Review, vol. 18, no. 2, 2016, pp. 1-11. Web.
Yercan, Funda, and Turkay Yildiz. “International Maritime Trade and Logistics.” Maritime Logistics: A Guide to Contemporary Shipping and Port Management, edited by Dong-Wook Song and Photis Panayides, Kogan Page Publishers, 2015, pp. 29-52.