Fifty years after Australia became ASEAN’s first dialogue partner in 1974, ASEAN has become critical to Australia’s interests with cooperation in key priority areas, including maritime security, trade and development, cyber security, and sustainable development. Among others, cybersecurity in the maritime industry is a growing concern for Australia and ASEAN.
Both maritime security and cybersecurity have been considered areas of cooperation in the Plan of Action to Implement the ASEAN-Australia Strategic Partnership (2020-2024). Given the confluence of the two areas, it is necessary to evaluate these security issues holistically and strengthen sector-specific collaboration and coordination to address the emerging cyber threats in the maritime industry.
Cybersecurity is one of the most critical and complex challenges in the Asia Pacific maritime industry as cyber risks grow along with the increasing application of new technologies and automation. A report published by Lloyd’s of London indicated that a single cyber attack on major ports across Asia-Pacific could cost US$110 billion in losses. Due to the nature of the interconnected global maritime supply chain, disruptions at major ports in the Asia Pacific could result in economic losses worldwide.
Cyber attacks are emerging threats to maritime security and will become more sophisticated over time. Unlike other industries, cyber attacks in the maritime sector will not only disrupt essential services but can even put lives at risk. Many cyber attacks are not reported due to corporate concerns over reputational costs or the rise of insurance premiums.
Various aspects of the maritime industry are vulnerable to cyber attacks, including navigation systems, communication networks, cargo management systems, and port infrastructure. Hackers may gain unauthorised access to the vessel network systems, taking control of its navigation systems, which may lead to dangerous situations like loss of control over propulsion or steering. They could also target port infrastructure to disrupt cargo handling, customs clearance, and logistical operations.
In recent years, cyber attacks against ships and ports have occurred globally. This includes the attacks on Maersk NotPetya in 2017, Swire Pacific Offshore (SPO) in 2021 and the Jawaharlal Nehru Port Terminal attack in 2022. In 2023, Japan’s Nagoya Port fell victim to a ransomware attack. Australia has recently faced cybersecurity implications in its maritime industry when DP World Australia fell victim to a cyber attack, which led to the operator temporarily shutting down its network and closing four of its port operations in Melbourne, Sydney, Fremantle, and Brisbane. DP World handles over 40 per cent of the nation’s container trade and such an attack can have serious consequences for Australia’s economy, security and sovereignty.
Located north of Australia, Southeast Asia is a globally significant strategic location with major sea lines of communication and is at higher risk of maritime cyber threats. As such ASEAN needs to take proactive actions in countering maritime cyber threats through cooperative mechanisms with its regional dialogue partners including Australia.
Cybersecurity in the maritime industry is a shared security interest and concern for both Australia and ASEAN. Further cooperation can be done regarding capacity building, such as regular maritime cybersecurity training and seminars for law enforcement officers. Australia can also participate in joint maritime cybersecurity drills with ASEAN member states. It can also share effective maritime cyber risk management practices on early threat detection and practical incident response plans.
There has been strong cooperation between Australia and ASEAN in terms of cybersecurity. Australia, for example, has a A$74 million (US$49 million) Cyber and Critical Tech Cooperation Programme to ensure cyber resilience in Southeast Asia. Among ASEAN member states, only Singapore has been taking proactive actions to counter maritime cyber threats by conducting regular maritime security training and seminars.
To increase awareness of the cyber threats in the maritime industry, Expert Working Groups (EWGs) on maritime security and cybersecurity under ASEAN Defence Ministers Meeting Plus (ADMM-Plus) could collaborate in organising conferences and workshops to deepen dialogues and cooperation on maritime cybersecurity. In addition, regular engagements and close cooperation with the maritime industry are essential to prepare sector-specific guidelines and mechanisms.
Since Australia will be co-chairing the ADMM-Plus EWG on Cyber Security for the Cycle of 2024-2027, addressing cybersecurity concerns in the maritime industry should be one of the priorities for the discussions. In addition, information exchange regarding maritime cybersecurity can be done through the ASEAN Regional Forum, while the Expanded ASEAN Maritime Forum (EAMF) can promote technical cooperation, capacity building, exchange of experience, and sharing of knowledge and expertise on maritime cybersecurity.
Practical and timely actions are required for Australia and ASEAN to strengthen partnerships in addressing maritime cybersecurity. This should be done through forward-looking legal and policy frameworks and working together to effectively implement International Maritime Organization guidelines on maritime cyber risk management.