The bunkering industry experiences exactly the same cyber security vulnerabilities as other parts of the maritime industry and its exposure includes employees’ cyber hygiene, operational technology and financial transactions, says the VP of Cyber Security at Wärtsilä.
“It’s a business risk and people within the bunker industry have to know the threats they are facing and mitigate measures; the only way to do that is to have better understanding of the threat,” Mark Milford tells Manifold Times.
“Unless the equipment is up to date with the latest software or there are processes in place to prevent unauthorised access, anything that is connected either remotely or through physical means can have data accessed, altered or is vulnerable to cyber-attacks.”
Phishing, a fraudulent attempt at obtaining sensitive information by disguising as a trustworthy entity in an electronic communication, is especially common in the bunkering industry, states Milford.
He uses the example of a 2014 bunkering scam which cost World Fuel Services (WFS) approximately USD $18 million in damages where, in short, a scammer sent messages to WFS with payment information belonging to the criminal.
“The people aspect is particularly important in avoiding being a victim of cybercrime,” says Milford adding “educating people has the biggest affect across the board in terms of cyber resilience.”
“The cybercriminal will always go after easiest options for generating revenue for themselves and in most cases that is actually the person who is operating the system; for example, in a phishing campaign with a fake invoice.
“The solution will be to educate the staff about cyber hygiene so they are aware of the threat likely to face them. This includes people involved in bunkering and people working in finance.”
Meanwhile, Milford questions the reliability of cyberattack figures within the maritime industry.
“Nobody knows whether or not there were 2,000+ attacks last year in the bunkering industry because nobody wants to disclose them. The bunkering sector is especially reticent because you are not just dealing with reputation risk but also environmental impact as well if the operational technology is compromised,” he says.
“So only by understating what the threat is can you put in place mitigation measures.”
Milford was speaking to Manifold Times on the side lines of the launch of the International Maritime Cyber Centre of Excellence (IMCCE) at Singapore. The IMCCE consists of a Maritime Cyber Emergency Response Team (MCERT) and a cyber-academy.
The IMCCE is the world’s first industry solution for the marine industry, founded by Wärtsilä together with its strategic partner in cyber security, Templar Executives.
“So in terms of understanding the threat we are partnering with Templar Executives to produce the first ever maritime threat integration facility,” notes Milford.
“Templar Executives are specialists working with government and has vast knowledge in maritime sector because they are responsible for drafting the BIMCO cyber security guidelines as well as working with International Maritime Organisation (IMO) departments.
“So, with vast maritime experience Wärtsilä has and their experience in the cyber sector we hope to be able to offer a holistic threat picture for all of our customers – this includes bunkering.”
Photo credit: Wärtsilä
Published: 24 October, 2018
Session will provide insights on bunker quality issues from a bunker supplier, shipping company and surveyor, as well as providing insight and guidance on legal and dispute resolution issues.
Gealubes Consulting & Trading, the authorised marine business distributor of PANOLIN EALs at Singapore port, shares a two-part education series on Environmentally Acceptable Lubricants on Manifold Times.
Danny Lee Chee Keong was sentenced to nine months’ imprisonment over the theft of MFO from the Consort Bunkers owned and operated bunker tanker at the sea off Eastern Petroleum ‘B’ anchorage.
‘Metcore’s MFM+ Program exemplifies serious oil suppliers and buyers who advocate fair trading using a recognised and widely-accepted technology,’ highlights Darrick Pang, Managing Director of Metcore.
‘The victim is Consort Bunkers Pte Ltd, the owner of the Pearl Melody,’ states the joint statement of facts (SOF) document obtained by Singapore bunkering publication Manifold Times.
Between November 2016 and October 2017, Mr Tan falsified at least 20 invoices and submitted these invoices to UOB and OCBC, according to court documents obtained by bunkering publication Manifold Times.