A group of academics is arguing that the maritime sector has been overlooked in Australia’s cyber security policy development.
In an unpublished submission prepared for the federal government’s Australian Cyber Security Strategy consultation, the group from Griffith University and Queensland University of Technology say Australia should engage with the International Maritime Organisation.
The paper, a copy of which has been seen by iTnews, states that “Australia should take a leading role in the International Maritime Organisation (IMO) for the development of international law for enhancing maritime cyber security.”
One of the paper’s authors, Dr Simon McKenzie of Griffith University, told iTnews that "ports and offshore hydrocarbon infrastructures should be treated as critical infrastructure given their importance to the global economy.”
While Australia controls very few of its own vessels, “Australia is an IMO Council member as one of the 10 states with the largest interest in international seaborne trade, and it is has the legal, technical and diplomatic capacity to initiate proposals for negotiation at the IMO to develop of international law promoting maritime cyber security.”
McKenzie added: “The maritime sector poses complex legal challenges as the supporting cyber-infrastructure is located on land, on the offshore installations in the sea, and in space (for example, GPS satellites).”
The researchers note that, as with all other critical infrastructure sectors, maritime is experiencing growing volumes of cyber attacks.
For example, the submission references a January 2023 attack that brought down the servers of classification organisation DNV.
The January 7 attack brought down the company’s ShipManager servers, which provide fleet management for 70 customers, and wasn’t fully remediated until later that month.
As this QUT post noted, the pandemic was accompanied by a growth in attacks on the maritime sector.
The submission states that “there is an urgent need for an IMO initiative for further international legal development for enhancing maritime cybersecurity”.
Governments also need to address “uncertainty about crucial legal issues including those related to sovereignty, jurisdiction, and the attribution of responsibility for non-state cyber actors,” the submission said.
“The cyber security strategy should recognise that strengthening maritime cyber security
requires a multi-faceted approach including security-by-design as self-regulation, coregulation at the national level, and cooperation to develop international law.”
The submission was co-authored by Dr McKenzie, Dr Samuli Haataja of Griffith University, and Dr Saiful Karim and Dr Michael Guihot of the Queensland University of Technology.