1 November 2016

Mr Mark Ames, Distinguished Chair of Maritime Cyber Security Conference

Distinguished guests,

Ladies and Gentlemen,

Good morning. It gives me great pleasure today to join you at the Maritime Cyber Security Conference. As maritime organisations innovate, automate, and grow with technology, security gaps in the maritime cyberspace have become a real threat and the conversation on cyber security is now more important than ever. 

Cyber security has evolved to become one of the predominant challenges facing the world today. Countries are facing an emerging spectrum of cyber threats from cybercrime attacks, espionage and other equally malicious activities. Attack targets could range from financial to data theft, reputational damage, and also disruption to our critical information infrastructures. These attacks will be detrimental to our economies and societies. As systems become more inter-connected, a cyber-attack in one country may easily impact another.

We see that cyber-attacks have been increasingly sophisticated and pervasive, with severe consequences. For example, last month in October, a massive Distributed Denial-of-Service (DDoS) attack was launched against a major US-based Domain Name System (DNS) service provider which left many popular websites including  Twitter, Netflix, Spotify, CNN and The New York Times inaccessible to US users.  The attacks were reportedly conducted with the aid of thousands of Internet of Things (IoT) devices such as CCTV cameras and digital video recorders.

In December 2015, cyber attackers also took down 30 Ukrainian power substations resulting in hours of loss of electricity for over 230,000 residents. 

According to Forbes, geopolitics and cyber deterrence will be core determinants of the shape and severity of the cyber threats that many public and private sector organisations face. To drive home the point, just a few months ago in July, suspected Russian hackers used malware for the first time to withdraw more than US$2mil from dozens of ATMs of a major bank in Taiwan.

Singapore is not immune to these cyber threats. Fake websites hosted overseas masquerading as government websites attempting to phish for personal information or swindle victims have been discovered. Just last week, StarHub reported that they had experienced malicious DDoS attacks which had caused internet connection problems for some home broadband customers.

The Government is acutely aware of today’s cyber threats and has taken decisive steps to address the issue. 

Early last month, our Prime Minister launched Singapore’s Cybersecurity Strategy at the opening of the inaugural Singapore International Cyber Week (SICW). The Strategy outlines how Singapore will continue to strengthen the resilience of our country’s cyber security as we move towards becoming a Smart Nation. This will be through four broad strategies namely; - strengthening critical information infrastructures, creating greater awareness amongst businesses and communities, developing a vibrant cyber security ecosystem and fostering strong international partnerships. 

The maritime industry today is highly reliant on technology especially in areas of marine activities and operations; ranging from port operations onshore to shipboard operations, to navigation at sea. This inevitably leads to increased exposure to emerging cyber threats which are growing rapidly in both numbers and sophistication. We may have heard of the drug smuggling incident through the Port of Antwerp due to a persistent cyber-attack that started in 2011 - a classic case of cybercrime involving illegal contraband trafficking through ports. Cyber piracy, which makes use of ransomware, is another emerging threat in which the malware can encrypt and deny user access to their files residing in their computers unless a ransom is paid. This can be employed by hackers to target shipping companies and encrypt their data files such that these companies are unable to access information for business operations unless the ransom is paid.

The Maritime and Port Authority of Singapore (MPA) has been taking proactive steps to tackle these growing cyber security threats. We believe in the need to engage the industry in regular dialogue so together, we can implement the right solutions and identify the potential risk points. MPA has formed a Maritime Cyber Security Network (MCSN in short) consisting of members from key maritime stakeholders from port terminal operators as well as cruise terminal operators. The network meets regularly to address cyber security issues and explores ways to strengthen critical information infrastructure. 

The solution to cyber threats is a multi-layered one requiring the effort of the entire industry. Two weeks ago, MPA had conducted our inaugural Maritime Cyber Security Table Top Exercise participated by the MCSN to validate and assess the readiness of the sector’s incident response processes and procedures to cyber incidents. 

During the Singapore Maritime Week in April this year, MPA had also organised the inaugural Maritime Cyber Security Seminar to reach out to the shipping community and promote greater awareness on cyber threats and best practices for the shipping and port sectors. 

The event was well-received with strong international and local participation and we received many positive feedback and suggestions. The industry will need to build on this momentum to create even greater awareness, and focus on the measures that we need to undertake. For MPA, this means continuing our engagement with the shipping and port industry, the International Maritime Organization (IMO), cyber security vendors and various government agencies. 

One key area where shipping is vulnerable to cyber-attacks is the increasing interconnectivity of shipboard systems.  In this regard, MPA keeps close tabs on the ongoing developments on the maritime cyber security guidelines for shipboard protection in the international regime undertaken by the IMO.  MPA also participated in the discussion on maritime cyber security risk management guidelines proposed in the last Maritime Safety Committee (MSC) meeting held in May 2016. 

We now live in a digitally reliant and interconnected world where cyber criminals, regardless of their background and capability, operate across borders and can be very evasive. Right now, the question is no longer whether we will be attacked, but a matter of when. The maritime industry can no longer afford to view cyber security as a luxury, but as an important business priority.

This conference will raise awareness and encourage the sharing of valuable ideas for building robust cyber capabilities in the maritime industry. I strongly encourage all of you to take the ideas and insights from today’s discussions, and bring them “to the boardroom”.

With this, I wish all of you an inspiring and fruitful time at the conference.

Thank you.