By MarEx 2019-05-15 20:59:11
The United States and France are assisting the government of the UAE in investigating the attack on four oil tankers at an anchorage off Fujairah last Sunday. The incident has raised tensions in a region already on edge over the confrontational rhetoric between the U.S. and Iran.
Multiple private-sector analysts have suggested that the attack was likely carried out using limpet mines, small explosive charges that can be attached by divers or boat teams to a vessel’s hull. In comments to U.S. news outlets, American officials have said that the initial U.S. assessment is that Iranian forces or Iranian-backed groups used explosives to carry out the attacks. However, an official told Reuters that the U.S. does not have “hard evidence” to show who conducted the operation.
Tehran has denounced the attacks and has denied any involvement, asserting instead that the damage was caused by foreign “ill-wishers to undermine stability and security in the region.”
On Wednesday, the UAE’s top diplomat called for careful deliberation as the investigation proceeds. “We need to emphasize caution and good judgment. It is easy to throw accusations but it is a difficult situation, there are serious issues and among them is Iranian behavior,” said UAE foreign affairs minister Anwar Gargash. “We will . . . be deliberate in considering our response, what to do about it, how to deal with it.”
The U.S. ambassador to Saudi Arabia, John Abizaid, suggested that any response should be carefully calibrated. “We need to do a thorough investigation to understand what happened, why it happened, and then come up with reasonable responses short of war,” Abizaid said Tuesday. “It’s not in [Iran’s] interest, it’s not in our interest, it’s not in Saudi Arabia’s interest to have a conflict.”
The U.S. recently deployed a carrier strike group, a contingent of B-52 strategic bombers and an amphibious assault ship to the region in response to an allegedly increased Iranian threat to U.S. forces.
In addition to new hazards like the attack at Fujairah, merchant vessels may also face an elevated risk of cyberattack in connection with these regional tensions, according to Itai Sela, the CEO of cybersecurity firm Naval Dome.
“There has been increased activity in the cyber domain over the last few months, which is very worrying,” said Sela. “It is highly likely that vessels operating in high-risk areas could be targeted, systems hacked and GPS spoofed in order to render vessels immobile or re-directed.”
Sela advised shipowners with operations in the area to inspect their PC-based navigation and machinery control systems. He also cautioned that contractors or crewmembers should not be allowed to plug in external devices or download maps and charts for specific areas “unless they absolutely need to do so.”
Words and images courtesy of The Maritime Executive.
Additional TMT comment
The problems associated with cyber attacks and shipping are not that new and were beginning to be particularly worrying in the last period of pirate-activity in the seas off the Horn of Africa some ten years ago.
AIS is an automated ship identification and tracking system that allows interested parties to follow the course of a ship around the world. A few years ago, “interested parties” included pirates who in some cases paid port official to give them information about the location of likely targets, or who hacked into the AIS system to see what ships were passing specific locations at any given time. This allowed pirates to operate far out to sea and well beyond the high-risk areas identified by the likes of Lloyds and other agencies trying to reduce the likelihood of attack.
After it became clear that attacks were resulting from the AIS information becoming increasingly available to criminals, some ship-operators and crews took the not-unreasonable precaution of switching off their AIS as they approached higher-risk areas such as the Horn of Africa and the Somali coast. (Some also said that this was being done by operators trying to avoid giving away commercial information to competitors in an increasingly cut-throat market.)
However, the lack of AIS made it more difficult for naval forces to protect shipping and gave rise to a number of false alerts when an unidentified vessel was spotted. In such cases the assumption had to be made that this could be a potential pirate vessel or indeed a ship that had been hijacked.
The problem highlighted the need to have a system that provided information to the legal authorities and genuine commercial parties, but which could not be seen by anyone else.
At the end of the day, however, all such information systems become vulnerable at the “human end” of the chain. Port officials, coastguards or others who have a bona-fides reason for handling such information are susceptible to being tempted or coerced into handing it over to criminals. In such circumstance, even the finest cyber-crypto protection in the world is useless.