Posted: June 26th, 2023

Maritime Cybersecurity: Comparing Practices between Developing Countries

Maritime Cybersecurity: Comparing Practices between Developing Countries

Maritime cybersecurity is the protection of the maritime sector from cyber threats and attacks that could compromise its safety, security, and efficiency. The maritime sector is vital for global trade, energy supply, and national security, as it carries over 90% of global merchandise trade and over 60% of global oil and gas supply. However, the maritime sector is also vulnerable to cyber risks, as it relies on various digital technologies and systems to operate, such as navigation, communication, cargo management, port operations, and shipboard systems. Cyberattacks on the maritime sector could have serious consequences, such as disrupting trade flows, causing environmental damage, endangering human lives, and undermining national security.

The level of maritime cybersecurity awareness and preparedness varies significantly among different countries, especially between developed and developing countries. Developed countries tend to have more advanced and comprehensive maritime cybersecurity strategies, policies, and capabilities, as well as more effective collaboration among public and private stakeholders. Developing countries, on the other hand, often face challenges such as lack of resources, expertise, awareness, regulation, and coordination in addressing maritime cybersecurity issues. This paper aims to compare the maritime cybersecurity practices between developing countries, using Kenya and India as case studies. The paper will examine the current state of maritime cybersecurity in these two countries, identify the main challenges and gaps, and provide some recommendations for improvement.

Kenya

Kenya is a coastal country in East Africa that has a strategic location along the Indian Ocean. Kenya’s maritime sector contributes to about 6% of its GDP and supports about 3 million jobs. Kenya’s main port is Mombasa, which is the largest port in East Africa and handles about 30 million tons of cargo annually. Mombasa is also a regional hub for transshipment and transit trade for neighboring landlocked countries such as Uganda, Rwanda, Burundi, South Sudan, and Ethiopia.

Kenya’s maritime cybersecurity situation is characterized by low awareness and readiness. According to a recent survey by the International Association of Ports and Harbors (IAPH), only 36% of Kenyan ports have implemented the International Maritime Organization (IMO) guidelines on maritime cyber risk management, which are voluntary recommendations for enhancing the resilience of the maritime sector against cyber threats. Moreover, only 18% of Kenyan ports have conducted a cyber risk assessment, and only 9% have a cyber incident response plan. The survey also revealed that Kenyan ports face various cyber threats such as phishing, malware, ransomware, denial-of-service attacks, data theft, and unauthorized access.

Some of the main challenges that hinder Kenya’s maritime cybersecurity development are:

– Lack of a national maritime cybersecurity strategy or policy that defines the roles and responsibilities of different stakeholders, sets clear goals and objectives, and allocates adequate resources and funding.
– Lack of a dedicated maritime cybersecurity agency or authority that oversees and coordinates the implementation of maritime cybersecurity measures across the sector.
– Lack of a legal framework or regulation that mandates the compliance of maritime operators with international standards and best practices on maritime cybersecurity.
– Lack of technical expertise and capacity among maritime operators to identify, prevent,
Maritime Cybersecurity Challenges in Kenya

Kenya is a coastal state that relies on its maritime sector for trade, tourism, fishing, and other economic activities. However, the sector faces various threats from cyberattacks that can disrupt its operations, compromise its safety and security, and cause significant losses. This paper examines some of the main challenges that hinder Kenya’s maritime cybersecurity development and proposes some recommendations to address them.

One of the challenges is the lack of a national maritime cybersecurity strategy or policy that defines the roles and responsibilities of different stakeholders, sets clear goals and objectives, and allocates adequate resources and funding. Without such a strategy or policy, Kenya’s maritime sector lacks a coherent and coordinated approach to deal with cyber threats and incidents. Moreover, there is no clear division of labor or accountability among the various actors involved in maritime cybersecurity, such as the government, the private sector, the academia, and the civil society.

Another challenge is the lack of a dedicated maritime cybersecurity agency or authority that oversees and coordinates the implementation of maritime cybersecurity measures across the sector. Currently, there is no single entity that has the mandate and the capacity to monitor, regulate, enforce, and respond to maritime cyber issues. This creates gaps and overlaps in the governance and management of maritime cybersecurity, as well as confusion and uncertainty among the stakeholders. Furthermore, there is no mechanism for information sharing and collaboration among the relevant actors to enhance their situational awareness and preparedness.

A third challenge is the lack of a legal framework or regulation that mandates the compliance of maritime operators with international standards and best practices on maritime cybersecurity. Kenya has not ratified or implemented any of the existing conventions or guidelines on maritime cybersecurity, such as the International Maritime Organization (IMO) Resolution MSC.428(98) on Maritime Cyber Risk Management in Safety Management Systems or the International Organization for Standardization (ISO) 27001 on Information Security Management Systems. As a result, there is no legal obligation or incentive for maritime operators to adopt and implement appropriate cybersecurity measures to protect their systems and data.

A fourth challenge is the lack of technical expertise and capacity among maritime operators to identify, prevent, detect, and recover from cyberattacks. Most of the maritime operators in Kenya have limited awareness and understanding of the cyber risks they face and the measures they need to take to mitigate them. Moreover, they have insufficient human, financial, and technological resources to invest in cybersecurity solutions and training. Additionally, they have inadequate cyber incident response plans and capabilities to deal with cyber emergencies.

To overcome these challenges, Kenya needs to develop and implement a comprehensive national maritime cybersecurity strategy or policy that provides a clear vision, direction, and framework for enhancing its maritime cybersecurity. The strategy or policy should involve all the relevant stakeholders from the public and private sectors, as well as the academia and the civil society, in a participatory and inclusive manner. The strategy or policy should also align with Kenya’s national cybersecurity strategy and other related policies and laws.

Moreover, Kenya needs to establish a dedicated maritime cybersecurity agency or authority that has the mandate and the capacity to oversee and coordinate all aspects of maritime cybersecurity in the country. The agency or authority should be responsible for setting standards and guidelines, conducting audits and assessments, providing guidance and support, facilitating information sharing and collaboration, enforcing compliance and accountability, and responding to cyber incidents.

Furthermore, Kenya needs to adopt and implement a legal framework or regulation that mandates the compliance of maritime operators with international standards and best practices on maritime cybersecurity. The framework or regulation should be based on a risk-based approach that takes into account the specific characteristics and needs of each operator. The framework or regulation should also provide incentives and sanctions for compliance and non-compliance respectively.

Finally, Kenya needs to enhance its technical expertise and capacity among maritime operators to identify, prevent,
detect, and recover from cyberattacks. This can be done by providing training and awareness programs, investing in cybersecurity solutions and infrastructure, developing cyber incident response plans
and capabilities, and fostering a culture of cybersecurity among
the operators.

By addressing these challenges,
Kenya can improve its maritime
cybersecurity development
and ensure its maritime sector
is resilient,
secure,
and prosperous.

Bibliography

– International Maritime Organization (IMO), ‘Resolution MSC.428(98) Maritime Cyber Risk Management in Safety Management Systems research paper writing service’ (16 June 2017) accessed 26 October 2023.
– International Organization for Standardization (ISO), ‘ISO/IEC 27001:2013 Information technology — Security techniques — Information security management systems — Requirements’ (25 September 2013) accessed 26 October 2023.
– Kenya National Bureau of Statistics (KNBS), ‘Economic Survey 2021’ (April 2021) accessed 26 October 2023.
– Kenya National Computer Incident Response Team Coordination Centre (KE-CIRT/CC), ‘National Cybersecurity Strategy 2014-2017’ (2014) accessed 26 October 2023.
– United Nations Conference on Trade and Development (UNCTAD), ‘Review of Maritime Transport 2020’ (12 November 2020) accessed 26 October 2023.