Monthly Archives

June 2015

Cybercrime – Is it a threat to Australia’s marine industry?

By | Legal, News

pdf-screenshotThis article was published in Ausmarine Magazine, 2015.
Written by Maria Dwyer, of Oceanic Marine Risks.

In 2013, Australia established the Australian Cyber Security Centre and created a national cyber security strategy. Each year cyber crime costs Australian businesses $4.5 billion and yet many businesses still fail to recognise cyber crime as a threat to their operations.

It has become obvious that the consequences to a business as a result of security breaches can be dire. One only has to look at the consequences suffered by Target and Sony last year after their vast and complex computer systems were hacked into. Each year the frequency and severity of cyber attacks increases, and there is no reason to think that 2015 will be any different.

John Bruce, the chief executive of Co3 Systems, believes that cybercrime will continue to boom in 2015 and that we will see even more eager cyber criminals enter the profession. He argues that the reason for this is simple: cybercrime pays and the rewards heavily outweigh the risks.

This threat has two sides to it.

Businesses not only need to increase their computer system security levels and focus resources on prevention and detection, but businesses also need to consider what measures they must take to protect their customers from potential losses as a result of a system breach.

What has any of this got to do with the marine industry?

I recently came across a blog by Gilad Zahave, dated February 4, 2014. Gilad’s blog post was an excerpt from a report Cyber Threats to the Shipping Industry.

I realise that Australia’s shipping industry is very small and that the majority of commercial vessels in this country are either small passenger carrying vessels or brown water vessels. However, if the world’s shipping industry is under threat from cybercrime should we not take notice and start thinking about preventative measures at a domestic level?

We currently tend to think of cybercrime as resulting in identity theft, e-business interruption, copyright/trademark infringement, and lawsuits from customers but can cybercrime result in a casualty on a vessel at sea?

I do not have the identity of the author of the report Cyber Threats to the Shipping Industry itself. However, if you are interested in the full report please write to info@sensecy.com.

A section of the report deals with the vulnerability of the AIS system. Trend Micro, a security firm, had claimed it had uncovered major security breaches in the Automatic Identification System (AIS).

The AIS is an automatic tracking system for identifying and locating other vessels by transmitting electronic data with other nearby vessels, AIS base stations, and satellites. Information transmitted can include the position, the speed and the direction the vessel is heading in, among other things. The International Maritime Organisation (IMO) mandated AIS in all passenger and commercial vessels weighing in at over 300 tonnes.

In an experiment to test how secure the AIS was, Trend Micro researchers managed to break into the system and change the data being transmitted.

They did this by manipulating the Internet providers AIS was using to transmit information. They could modify vessel details like the position, the course, the cargo, the flag and the name of the vessel. It was also possible to create fake vessels that could show up in any location.

The researchers then used a basic transceiver to expose flaws in the AIS communication systems. They could send false distress signals, false weather information and even switch off the AIS entirely in a vessel.

These loopholes in the AIS could be used by hostile parties to alter data being transmitted in vessels, with the potential to cause dangerous safety risks, disrupt marine law enforcement, and sabotage rival economic activity. Terrorist organisations could even exploit this weakness as well, given little technical know-how is required.

In an article dated April 23, 2014, Jeremy Wagstaff states:

“In the maritime industry, the number of known cases is low as attacks often remain invisible to the company, or businesses don’t want to report them forfear of alarming investors, regulators or insurers, security experts say.

“There are few reports that hackers have compromised maritime cyber security. But researchers say they have discovered significant holes in the three key technologies sailors use to navigate: GPS, marine Automatic Identification System (AIS), and a system for viewing digital nautical charts called Electronic Chart Display and Information System (ECDIS).”

“While data on the extent of the maritime industry’s exposure to cyber crime is hard to come by, a study of the related energy sector by insurance brokers Willis this month found that the industry ‘may be sitting on an uninsured time bomb’.”

There are a number of discussion papers published on the global threat to the maritime industry – does this threat spill over to Australia’s domestic maritime industry?

 

Yangtze cruise ship disaster will cost insurers

By | Insurance, Legal, News

The fatal Yangtze cruise ship that capsized and killed more than 400 people last week will cost its insurers about $19.2 million, or 92.5 million yuan, Chinese insurance regulatory authorities disclosed.

The four-deck cruiser, christened the Eastern Star, was hit by a freak tornado on the Yangtze River on June 1. The vessel overturned in about a minute only a few dozen meters from the riverbank, leaving an estimated 442 dead or missing, mostly between the ages of 50 and 80. Just 14 people – including the ship’s captain and first engineer – survived.

China has assembled a 60-member team to investigate the incident, which marks of one of the country’s worst shipping disasters in nearly 70 years.

For insurance companies covering the ship and cruise line, the tragedy will mean a sizable payout. According to a conference held by the China Insurance Regulatory Commission Thursday, insurance companies underwrote 340 contracts for parties involved in the incident that live up to requirements for claims. That includes shipowners, travel agencies, passengers and crew members.

The ship itself, which was owned by the Chongqing Eastern Shipping Corporation, was insured for about 15.7 million yuan by the People’s Insurance Company of China.

The CIRC also included estimates for 12 million yuan of liability insurance for travel agencies, 61.7 million yuan of personal insurance for 396 passengers and 3.12 million yuan of personal insurance for 18 crew members.

Already, the People’s Insurance Company of China has paid 10 million yuan to Chongqing Eastern Shipping Corp.

Despite the scale of the tragedy and timing – the news comes one year after the sinking of a ferry in South Korea that killed 304 people on board, including teenagers on a school trip – the incident is not expected to have much impact on the insurance market or the risk profile for cruise ships.

Affected Chinese insurance carriers rushed to the site of the disaster as divers searched for missing people.

“We have set up emergency leadership groups, rapidly implemented emergency response measures and set small teams who have already rushed to the site,” PICC told Reuters.

Ping An Insurance Group Co. of China and China Life Insurance Co. also sent in emergency response teams and had claims teams on-site to work with clients.  Ping An said it has already identified multiple life insurance customers on board the cruise ship and have contacted family members to cover travel and accommodation costs.

Published 15.06.2015 – www.insurancebusinessonline.com.au