Africa's Maritime Cyber Security Progress After the Transnet Attack

istock - Credit: gorodenkoff — iStock - Credit: gorodenkoff

On Thursday, the Institute for Security Studies (ISS) brought cybersecurity professionals together in a webinar to discuss Africa’s maritime security preparedness. The event is a response to the Transnet cyberattack in South Africa in July.

The attack on Transnet, which manages South Africa’s rail, port and pipeline infrastructure, served as a wakeup call to professionals in the fledgling African marine economy.

Speaking at the conference, Chairman AU Cyber Expert Group Abdul Hakeem urged greater collaboration by African coastal states to streamline their maritime cybersecurity strategies. Crucially, Abdul advised, states need to speed investment in combating maritime cybersecurity threats. As African coastal states continue to adopt port digitalization, the opportunity for hackers to disrupt the operations of vulnerable ships and ports is growing.

"Regulators must also provide a safe space for sectoral players to report and exchange cybersecurity information,” Hakeem said.

The possible limits of government assistance in building maritime cyber defense came to the fore of the seminar’s discussion. Many African navies have limited budgets, in addition to vessels and weaponry carrying third party software, ultimately causing a structural barrier to widely implementing a modern model. The conference held up the model of Estonia: the small Baltic state set up a cyber command in 2018 consisting of military and civilian personnel, including private professionals tasked with protecting the nation's cyberspace.

ISS research officer Denys Reva noted that Africa has capacity to deal with maritime cyber threats, but lacks the coordination. One huge barrier to this is lack of trust between the public and private sector, which hinders information sharing. Reva stressed that Africa’s port digitalization efforts should be accompanied by training for maritime workers on cybersecurity threats.

Some of the suggested security measures port authorities could adopt include a clear governance structure around cybersecurity at all levels, enforcing technical cybersecurity basics like network segregation, software updates management and password hardening, with attack detection and response capabilities at the port level to react as quickly as possible. A fast response can reduce the odds of a cyberattack affecting port operations.

Last year, ISS released a report on Africa’s maritime cybersecurity readiness, which found that there is lack of Africa-centric research and knowledge on maritime cyber security. The report suggests that solutions to the threats on Africa’s maritime cyber space should be addressed collectively through treaties, like the 2014 Malabo Convention, which addressed cybersecurity and personal data protection.