Changing Security Course Critical for Global Maritime

By Don Hepburn

Don Hepburn is a former senior CIA and FBI official and is currently President of Boanerges Solutions.

Don Hepburn is a former senior CIA and FBI official and is currently President of Boanerges Solutions.  He wrote this column with significant contributions from CAPT Evan D. Robinson, USN (Ret)

In our modern global economy, over 90 percent of all traded goods, valued at over $4 trillion, are transported from continent to continent by a massive fleet of commercial ships. Losses from maritime piracy, fraud, and theft run in the billions of dollars each year, and it’s likely to get worse.

When we think of threats to shipping, we often think first of dramatic attacks by pirates, like the hijacking of the Maersk Alabama in 2009.  But highly sophisticated, complex cyber attacks are already emerging as a major threat.  In 25 years of intelligence and security work, I’ve witnessed a very fragmented and under-powered response to these constant attacks against the lifeblood of international trade and development – the maritime industry has reached a crisis point.

Within the next decade, global shipping networks will become more reliant on digital automation to deliver goods and services to major and minor ports throughout the world with greater efficiency and at a lower cost.  However, this transformation could be threatened, even crippled, by global criminal enterprises, politically-motivated hackers, and state-sponsored actors all looking to advance their own financial, geopolitical and economic objectives.

Despite the technological advances made by commercial shipping companies, they are increasingly vulnerable to sophisticated attacks such as launching ransomware and redirecting cargo to fabricated shipping destinations, in addition to old school criminal extortion and physical theft.  State actors and criminal organizations will be aided and abetted by crew complicity and inadequate IT firewalls.  AP Moeller-Maersk, has already reported hundreds of millions in losses from cyber attacks.

To continue orderly business and trade, and to minimize financial losses, shipping companies, and the broader intermodal transportation architecture, need to confront these increasingly complex threats.  They must implement dramatic changes in their fundamental understanding of maritime security as we currently know and practice it.  This is not simply an issue of appreciating and building physical defenses or counter-cyber protocols. Rather, it requires a transformative approach about how global maritime operations should be conducted and secured.  Everything from managing and tracking cargo systems and human resource management to high-end information technology will all need to be considered as parts of an integrated intelligence-security ecosystem.  Multiple challenges face the industry in accomplishing this goal,  the most difficult being – overcoming human nature’s resistance to change.

Ultimately, shipping companies, national governments, and maritime insurance agencies need to chart a new course away from traditional security practices.  They need to undertake a new unified, holistic approach that enables advanced commercial intelligence tradecraft to merge all the disparate parts.  Basically, hiring a Chief Security Officer with a traditional skill-set to manage a maritime security group is now insufficient.  The problem requires a much more comprehensive solution that fuses and prioritizes a crowded field of raw intelligence.  Maritime industries, and indeed other industries, undoubtedly need security overhauls.  The maritime industry must build a comprehensive, integrated security environment that uses the tradecraft of counter-intelligence, technical excellence from cyber defense experts, and positive all-source intelligence data.

Today there is a high cost of having no security, or worse, the wrong kind of security.  Most company management’s view security as a necessary expense rather than an integral part of a contribution to their bottom line.  In the maritime world, many complacent companies are happy to maintain current security practices since ‘it hasn’t happened to us (yet).”  Most depend on outdated or inappropriate intelligence tradecraft to inform leadership and operator level decision-making.  However, good intelligence and counterintelligence are no longer only tools for governments, but rather essential components of successful modern company business models.

Companies failing to adapt will be overtaken by their competition and/or criminal organizations. The global maritime industry is steaming into a new digital ocean equipped only with the most rudimentary charts to avoid the rocks, shoals, and tempests that lay just beyond the maritime business horizon.