Cyber Risk Forces Africa’s Maritime Security Concerns to Evolve

One critical aspect of maritime security (and by far the most studied in the African context) is piracy. The effort and funding put towards anti-piracy efforts have borne some fruit in Africa, especially along the notorious Somalian coastline, but there is always a fear of recurrence.

Unfortunately, the next African maritime security issue may not come from piracy but from a cyberattack, which few are prepared for. A report by the Institute of Security Studies, Africa (ISS) released earlier this month highlights a difficult reality in terms of cybersecurity unpreparedness in the African maritime sector. The report observes that many African states are not dedicating sufficient resources to address current and future cyber security challenges.

As most modern ports and logistics hubs integrate innovative technologies, including automation, the threat of a hacking attack increases tremendously. Despite the fact that Africa has not experienced any hacking incidents like those that have affected the maritime sector in the developed world, it’s no longer a question of if, but when such an incident will happen.

It’s difficult to find Africa-centric research on maritime cybersecurity, and it is a field that few stakeholders in the industry focus on in their rush to modernize ports. Notably, this conversation is late, as the past few months have proved that the global maritime sector has become a hacker’s playground. It is therefore imperative for Africa to learn from the impact  caused by hackers in the developed world, which has caused the shutdown of logistics hubs and losses amounting to millions of dollars. A recent estimate by the University of Cambridge’s Center for Risk Studies found that a cyberattack targeting cargo databases at major ports in Asia- Pacific region could result in $110 billion in damages.

Due to the high dependency of the 16 landlocked African countries to their neighbor’s access to the sea, a cyberattack would be very damaging to their economies. For example, Mombasa Port serves five East African countries, and the Durban port serves the whole of the Southern Africa region. It is for this reason that Africa has to depart from the traditional reactive response that cybersecurity has been receiving and take a more proactive approach to reinforce ports and vessels from a possible attack.

In June, Israeli cybersecurity company Naval Dome released a report that indicated there was a 400 percent increase in attempted hacks between February and May of 2020, while COVID-19 was raging. It noted the threats emanated from malware, ransomware and phishing emails, corroborating findings from a similar study by Safety at Sea and BIMCO, which found that 31 percent  of organizations in the maritime sector had experienced a cyber incident in 12 months before February 2020 - a rise from the 22 percent recorded in 2019.

IMO has published international guidelines on maritime cyber risk management, and most countries in Europe and Asia have taken a cooperative regional approach to improving their cybersecurity preparedness. The Association of Southeast Asian Nations has established a cybersecurity cooperation agreement, and in Europe, the European Union Agency for Cyber-Security oversees the whole aspect of maritime transport and ports cybersecurity, including capacity building among member states.

However, the recent ISS report noted that although the African Union and Regional Economic Communities (RECs) have been championing cybersecurity through various legal instruments, their focus in the maritime sector is insufficiently reflected.

Take the case of the African Union Convention on Cyber Security and Personal Data Protection (Malabo Convention), which was adopted in 2014. This flagship framework adopts a general description of cybersecurity threats but fails to directly address its palpable impact on crucial industries like maritime. Despite its over-arching role in Africa’s preparedness in cybersecurity, only 14 countries have signed the convention, and it has been ratified by only eight since 2014. In addition, only 25 out of the 55 African countries have passed data protection laws. At a general level, cybersecurity laws in Africa need to be harmonized to foster cross-boundary cooperation in addressing the matter.

To all African maritime stakeholders, we should make hay while the sun still shines, or we may reckon with a billion-dollar cyberattack in the near future.

Brian Gicheru Kinyua is a freelance writer based in Mombasa City, Kenya, where he researches and writes on logistics and the African Blue Economy. His primary focus is on shipping and ports development in Sub-Saharan Africa and how it fits into the global maritime order. He also provides consulting services in communications and public relations.