Introduction

Straits of Malacca and Singapore (SOMS) stretch over approx. 520 miles from northernmost point of Sumatra to Southern extremity of Goh Puket and 43 miles from Southeast point of Johore to Northeastern extreme of Bintan. The Malacca Strait has experienced a highly dense ship traffic, with annual traffic over 60,000 vessels. The increased traffic due to international shipping has posed significant risks even to the biodiversity and the marine environment, the livelihood of the coastal communities, and the fishing and tourism industries. Owing to the density of the traffic, several navigation aids have been devised to cope up with the competing marine activities and various types of threats to maritime including the security issues, and navigation theftamounting often to cybercrimes as well. Strategically, dlis was a high-risk area for navigation because collisions were a major security problem in many sea ports (Ramiit el aL, 2020; Rasdi et al., 2021).

In 1971, Traffic Separation Schemes (TSS) were introduced for the first time. In a joint Statement, the TSS was adopted as a common governance principle between Malaysia, Indonesia, and Singapore, the three surrounding nations around Straits of Malacca and Singapore (SOMS). Rule lOof TSS emphasized upon the safety of navigation and declared internationalization of straits as a separate issue. It meant that the governments of Indonesia, Malaysia and Singapore agreed that the SOMS were not international straits, but they could be used fully for international shipping in accordance with the principle of innocent passage. Rule 10 also stated that the three States bordering the Straits should take the primary responsibility about the safety of navigation, environmental protection, and maritime security. To comply widi this regulation, a Tripartite Technical Experts Group (TTEG) was established in I·>75 with Indonesia, Malaysia, and Singapore to discuss the issues related to die SOMS and enhance the experience of international navigation. This step was seen as a good initiative by die three littoral states and their commitment towards ensuring navigational safety, protecting the marine environment, and facilitating the shipping traffic. The tripartite group was consistent with the international law as stayed in the Article 43 of United Nations Convention on the Law of the Sea (George, 2008; Merdekawati et al., 2021;Ozer& Akbas, 2020).

The TTEG comprised maritime experts from the three littoral States. Till date, the TTEG has taken several initiatives to enhance navigational safety and protection of the marine environment in the Straits of Malacca and Singapore (Hashim et al., 2020). One key initiative was the Routing System which enhanced the Traffic Separation Scheme (TSS) and overhauled the shipping traffic rules in the Straits. Another major initiative taken by die TTEG in 1998 was the mandatory ship reporting system (or STRAITRE1') in the Straits. The STRAITRfcl' empowered the coastal authorities to update transiting ships on the traffic situation and to contribute positively towards search and rescue response and operations to marine incidents in the Straits. Figure I presents its vast extent.

With the implementation of the STRAITREP. the three littoral states developed a cooperative mechanism on safety of navigation and environmental protection in the Straits of Malacca and Singapore. They jointly facilitated user states and other key stakeholders on issues of navigational safety and marine environment protection inside and outside the Straits to ensure a safe international navigation. This not only enhanced the navigational safety of the marine environment hut also reduced the risk of marine incidents in the Straits of Malacca and Singapore (Hashim et al., 2(120; Leifer. 1978). The tripartite group also initiated to work with a cooperative mechanism to maintain the sovereign rights, jurisdiction and territorial integrity of the littoral States over the SOMS. For this purpose, it outlined the topics such as navigational safety as well as e-navigation by devising a new ship traffic management system and making use of electronic nautical charts and huilding marine electronic highways for safe data transfer and cope up with navigational hazards (Rush, 2020; M. Zamaii et al., 2021; M. B. Zaman, 2019; Zulkitli et al., 2020). Figure 2 illustrates the Traffic Separation Scheme in the Straits of Malacca and Singapore.

In more recent times, the shipping safety issues have been redefined. The safety of the navigation data against cybercrime is now seen much more significant to check the pollution of the marine environment or check vessel collisions. Marine traffic analysis reflects that the actual condition of ship navigation is performed to enhance maritime traffic safety. An examination of frauds and crimes such as navigation data theft and piracy committed in the Malacca Strait suggest over hauling of the current security measures and taking revolutionary steps to face the challenges (Hidayat & Tan, 2021).

There are various initiatives already taken to ensure the safety of navigation data. Two of these measures are the use of accurate navigation charts and automatic identification system (AIS) which allow for the accurate investigation of shipping routing and iheir encounters. Navigations charts are now outdated since they were first used in 1950s and were based on obsolete hydrographic surveys carried out in other straits in UK and the Netherlands and also did not have unified standard (Mak, 2006; Runnier & Lee, 2007). On the other hand, A1S is the technology-assisted ship navigation systems managed through the ship radars. The AIS provides real time information about ships and their locations through very high frequencies (VHF). The information that AIS transmits between ships and from the ship to the coast or vice versa helps improve their safety and facilitate communication and real time information. The AIS provides information like ship's identity, its types, its speed, MMS1, destination, current location, COG and so on. AIS displays all this information on a chart plotter, or a PC assisted with a marine navigation software (Boyes & lsbell, 2017).

The International Maritime Organization (IMO) is the United Nations specialized agency responsible for stipulating rules, regulations, criteria and guidelines for the safety and security of shipping and prevention of marine and navigation theft, die International Maritime Organization (IMO), as die main United Nations (UN) body to ensure maritime safety and marine environmental protection, plays a central role in adopting codes and recommendations to regulate maritime traffic in both national and international waters [10|. Under the Safety of Life at Sea (SOLAS) convention (regulation V719.2.4), the IMO mandates the use of AIS on all larger vessels (>300 GT) and all passenger vessels sailing in international waters, in order to nuke a remote assessment of ship's position, speed and heading, but also compliance with conservation measures (Favier & Fontaiia, 2020; Jensen, 2015).

In the wake of the pandemic, the IMO also mandated all shipping companies and crew members to configure cyber risk management and safety management protocols ships in their ship safety manuals in accordance with the International Safety Management Code (ISM Code) and stricdy adhere to them. During the COVID-19 pandemic, jn increase in eyber-attacks was seen against ships and supcryachts. During the last one decade, cyher-attacks in the maritime sector increased over 40% annually (IJ1MCO, 2020); however during the pandemic, cyber-crime increased by more than 400%, as estimated. This suggests the vulnerability of die information technology setups on ships and yachts and failure of operational technology. The increase in the risk curve also suggests that the criminals found more opportunities to attack the cyber systems ami put the privacy of all ship owners, yacht crews, and shore-side service providers under risk. The severity of dlis risk increases when such criminal activity extend to issues such as espionage, damage to reputation, safety of individuals and of vessels, hijacking, ransom and, in worst case, assassination.

In order to develop a defence mechanism, the IMO was forced to issue new guidelines such as installing cyber security systems and practising robust risk management widi effect from January 2021. The cyber security of ships across straits globally was also pushed under International Safety Management System (ISM) Codes, vice IMO Resolution MSC.428(98). The new guidelines proposed all ship-owners and managers to periodically assess cyber risk and adopt suitable preventive measures such as using new technology, better autonomy, antivirus enabling, updated versions of software and greater work stability. All diese measures should Ik- initiated with a proactive approach, anticipating every possible threat that might come in the form of a cyber-attack (Duke & Osim, 2020; Payne & Hadzhidimova, 2020; Svilicic et aL, 2019).

All commercial vessels of more than 5iK) gross torn were required 10 comply with new IMC) requirements with immediate effect (January 2021). As an extra backup plan, each vessel's cyber security resilience was also linked with the ISM Code, requiring the ship's all cyber arrangements to be configured into its safety management systems and in accordance with the IMO's new regulations. Likewise, coastal authorities were also instructed to increase cyber surveillance

Problem statement

Prior to the introduction of ISM, the jurisdiction of 1MO was limited. Article 4 had directed SOMS to work only within the designated sea lanes and implement TSS. When IMC) started its operations, one of the measures was to ensure the adherence to the international shipping regulations by all the littoral states and operate within their respective-jurisdictions. However, whenever a need was fell to amend the international rules, the littoral stales would make proposals before the IMC), which would he discussed and approved in mutual interest. For instance, in 2005, Indonesia and Malaysia demanded separating security issues from the issues of navigation safety when the Indonesia-Singapore Coordinated 1'atrols failed to tackle piracy issues and sea robber)' threats. Lloyd's Joint War Risks Committee had also listed the SOMS region as "high-risk war zone" (Zulkifli et al., 2020).

Currently, Uiere are pressures from the domestic administrations of the three littoral states. It is evident that a distrust has developed between the three littoral states on security issues and there does not exist any efficient bilateral or tri-lateral framework. The entire global shipping industry is demanding to "internationalize" the issue of SOMS's security (M. Zaman et al., 2021; M. B. Zaman, 2019; Zulkilli et al., 2020). The safety issues are so grievous that demands are made to take the help from Chinese /Japanese/ Indian patrolling vessels to escort each commercial vessel passing through SOMS to safe zones. The security concerns have grown more post 9/11 and US has proposed a Regional Maritime Security Initiative (RMSI) and a unified Malacca Strait Patrol (MSP) service. Eventually, in 2005, a coordinated patrol titled Malacca Straits Sea Patrol (MALS1NDO) was launched jointly by Indonesia, Malaysia and Singapore (M. Zaman et al.. 2021; M. B. Zaman, 2019).

In the meantime, cyber threats and online risks have also endangered the security of the navigation data, hut very few initiatives have been taken to check Ulis threat (Bellamy, 2020). In 2006, a combined maritime air patrol agency called Eyes-ii>-ihe-Sky (EiS) was launched with the assistance of Thailand. A Malacca Straits Patrol Joint Co-ordinating Committee was also formed which made members sign Terms of Reference and Standard Operating Procedures for e-navigation for the Malacca Straits Patrolling. In 2008, the Intelligence Exchange Croup (1EG) was launched to enhance the Malacca Straits Patrol Information System (MSP-1S) in order to consolidate information-sharing, data protection and checking against hacking and cyber threats. In 2009, Singapore Navy hosted the Information Fusion Center (IFC) to act as a regional maritime security center and facilitate information sharing, coordination and collaboration through the use of e-navigation technology. Despite all these initiatives, there is still a need to launch a robust anti-cybercrime intelligence system or bring changes in die current operations to check all types of security threats.

The paper is organized as follows: The first part dealt with the background information about the current state of safety mechanisms employed in the SOMS and a problem statement of the current study. The next section discusses significant findings of the study highlighting types of maritime based attacks, vulnerabilities in shipping sector, regulatory framework and cybercrimes in shipping industry. The third section presents an analysis of die cybersecuriry landscape in the maritime sector and finally, the last section, conclusion, provides some recommendations.

Findings

I. Typo of Mjritiinc-ltascd cyberattacks

Cybercrimes in shipping industry are not much different from what exist at any other places. There can be data hijacks, hacking attacks, phishing, dangerous malware and viruses. Initially, the cyber criminals made virus attacks on PCs of the crew and coast officials to back the documents. These viruses entered into PCs through crew members who loaded pirated computer games on their personal computers and laptops which risked both their data and the machines. Since PCs are isolated devices, die virus would remain limited and not spread to the system computers. However, in modern times of digitalization of data and internet operations, a cyberattack would be more dangerous and problematic and carry a more malicious intent (Miranda Silgado, 2018; Tain & Jones, 2019).

Due to digitization and online operations, ships are required to be integrated with coast side operations to smoothly conduct business, manage operations, and maintain communication with the headquarters. A few of these operations are critical to the safety of navigation and carry out a few legitimate functions such as monitoring engine performance, maintenance of spare parts, loading and unloading of cargo, power and energy management and stow planning during and post voyage. These operations produce a lot of data which may be exploited by cyber criminals to indulge in maritime-based cyherattacks and cause business disruption and subvert the supply chain in several ways. They may compromise equipment and machines, or software and supporting services to be delivered to / from the ship, their main aim is to damage the reputation or defame the shipping company that may be held guilty of breaching the International Ship and Port Facility Security Code (ISPS Code) and its noncompliance caused due to the delay of the vessel.

Often the hackers may indulge in espionage and steal sensitive information and sell it to die competitors. The shipping businesses also sometimes are victims of distributed denial of service (DDoS) attacks, a hacking event that takes control of multiple computers and prevents legitimate and authorized users from accessing information or usually by Hooding a network with data. For their vested interests, the attackers may also manipulate passenger lists, indulge in illegal activities, breach sensitive cargo transports, cause engines failures, shut down vessels, or even disrupt the onboard control systems (Caponi & Belmont. 2015). The attackers may also demand extortion/ransom ware from the ships to restore operations digital piracy by shutting down the vessel/port. Such malicious attacks on ships could sometimes debilitate the whole operating system, preventing cargo bookings, delaying cargo documents and stopping or de-routing payments of dues and invoices (Zagan el a!., 2018).

ii. Vulnerabilities in shipping sector

The increase in cybercrime in the recent years has made the shipping sector more vulnerable. Owing to these vulnerabilities, new types of crimes such as cyber espionage supply chain subversions, cyber activism, and cyber terrorism have crept in the maritime domain. A typical rise in spear-phishing of vessels at sea has also been discovered. An example of this vulnerability was presented in a BIMCO survey which showed how a malicious software (malware) can significantly degrade the functionality of the ship's onboard computer system, thus making an impact on its control system. The BIMCO survey also showed how the maritime companies sum-red huge losses ot their systems and work practices hut were also exposed to risk across their supply chain (BIMOO,2020). The results of the survey hinted at the vulnerability of the shipping company toward cybercrime. Several studies have identified the vulnerability of a ship's onboard systems to a cyberaitack (DiRenzo et al., 2015; Hareide et al., 2018; Tarn et aL, 2016). A few have highlighted the weaknesses of these systems and the failure of modern technologies and the integrated IT (Information Technology) and OT (Operational Technology) networking and internet connectivity.

Owing to such vulnerability, anonymous hackers succeed in disrupting ships' communications system and steal sensitive information. They can easily penetrate into the OT system of the shipping company and get the remote access to intelligence systems through the satellite and breach the 4G, or Wi-Fi connections of the vessel (Glomsvoll & Bonenberg, 2017). Technological vulnerability thus expose the lack of data integrity and lack of alignment of the onboard systems with the cyber safety and cyber security measures, remotely available at the headquarters of the shipping company. This could have very dangerous consequences including a targeted attack to their databases and accounting information.

Two empirical studies (Svilicic et al., 2019) and (Hareide et al.. 2018) demonstrate that integrated navigational systems (INS), are more vulnerable to cyberatiacks. Though a disconnection from the internet might prevent outside threats but vulnerabilities could still arise from the offline operating system triggered by a crew member unintentionally or maliciously. Likewise, the BIMCO survey (CyberSail, 2016) found the positioning systems (GPS. A1S, Radar), Electronic Chart Display and Information System (ECDIS) engine control, and monitoring are most vulnerable systems onboard ships. The reason is that A1S and GPS are not encrypted or authenticated, and hence they are potentially vulnerable to cyberaitack. ECDIS is so vulnerable that it is much easier for a cybercriminal to modify its Hies and infect the INS with malicious content (Hareide et al., 2018), resulting in directing die vessel to a tiilse route or position. A few examples include a cyberaitack that misdirected two naval ships to a false route in 2016 in the Persian Gulf. A year later, in February 2017, a German-owned 8250 TEU container vessel fell victim to cyber-criminals who deactivated its navigation system. The Voyage Data Recorder (VDR) is also a good example of cyberspace vulnerability as it is connected to the ship's systems that are linked to online services through satellite communications (Kala & Balakrishnan, 2019).

iii.Regulatory Framework and organizations

The SOMS falls within the scope of international navigation regulations in accordance with Article 37 and Article 38 of the IMO, which concerns the right of transit passage enjoyed by all ships and aircrafts. The states bordering a strait are under an obligation not to hamper transit passage and there shall be no suspension of transit passage under Article 44 (Proelß, 2017). There are two significant regulatory documents issued by the IMO. First is the IMO's resolution (MSC.428(98), 2017) on Maritime Cyber Risk Management mandating every shipping company to get Safety Management System (SMS) approved prior to its operations (IMO, 2017b). The resolution insisted that the approved SMS should be built upon the objectives and functional requirements of the International Safety Management Code (ISM Code) (ISM, 2018). Second, the IMO has developed certain guidelines on maritime cyber risk management in the form of recommendations to safeguard ships from cyber threats and vulnerabilities (IMO, 2017a).

Aliened with IhhIi IMO documents, there is a third regulation known as "Guidelines on Cyber Security Onboard Ship," which provides practical recommendations on maritime cyber risk management, covering both cybersecurity and cyber safety. In addition, IMO is also preparing, in collaboration with the International Electro-technical Commission (1EC), a new standard for maritime navigation and radio-communication equipment and systems: I EC 63,154 "Cybersecuricy-General Requirements, Methods of Testing and Required Test Results" (International Electroiechnical Commission, 20V)}. The US has specifically taken die initiative and established the Information Muring and Analysis Centres (ISACs) to act as "trusted entities" and guide the shipping industry against physical and cyber threats and their mitigation (European Union Agency for Cybersecurity, 201S). A second US agency, known as Information Sharing and Analysis Organization (ISAO). is also actively working to implement the US government regulations and helping the shipping industry' to light cyber threat. Likewise, in the EU, the organization known as The European Cyber Security Organization (ECSO) set up a cybersecurity Contractual Public-Private Partnership (cPPP) cell to legal and ethical support to the maritime sector against cybercrimes.

In 2019, the EU Cybersecurity Act was established with new objectives and tasks to implement cybersecurity in die EU and provide a legal framework to all digital products, services, and processes (European Union, 2017). Specifically for the maritime sector, there already exists die 2014 European Union Maritime Security Strategy which recognizes cyber as one of die risks in die maritime domain (Council of die EU, 2014, 2018; European Commission, 2020a. 2020b; European Union Agency for Cybersecurity et al., 2019). Recently, die EU also devised a Security Union Strategy for 2020-2025 (European Commission, 2020a) against cyberaitacks and cybercrimes by calling upon community approach to security and unitedly fight the risks to infrastructures in transport and maritime sectors.

iV.Cytwrcrimes in shipping industry

The shipping sector refrained from publicizing cyber-attacks until 2017 when APMoller Maer-ik. the largest Danish international shipping and logUtiis company, made public the NotPetya malware attack on its computer system, which caused the company a loss of over $300m in revenue. After this cyber incident infected the IT systems of the shipping giant Maersk, it was forced to shut down all its operational devices and handle all operations manually (Hareide et al., 2018; Lagouvardou. 2018; Shiplnsighi, 2018). There are two other major cyber incidents reported in 2018. The first occurred when COSCO Shipping Lines fell victim to a cyberattack. The company's internet connection was disrupted within its offices in the Americas. After activation of COSCO's contingency plans, operations were back to normal after five days. Being aware of what happened to Maersk, they had taken proactive steps to minimize their risk of a cyberattack.

The second incident occurred in October 2018 when the Australia-based ferry and defense shipbuilder Austal was hit by a cyberattack that penetrated their data management systems. The attackers managed to steal internal data and offered some of it for sale on the dark web in an apparent extortion attempt. Carnival Corporation was the latest to fall victim to a ransomware attack on its IT systems in August 2020. The cybercriminals managed to download certain data files related to guests and employees' personal data, which could result in potential claims from guests, employees, shareholders, or regulator)' agencies. Besides, diere are several leading liner operators and logistics companies that were subjected to malicious activities such as phishing e-mails and hacking on a daily basis putting their data at high risk.

Various guidelines have been given to tackle cyber security in the shipping industry such as those by IMO, BIMCO, Class societies, P&I club and others (Cimpean et al., 2011) For instance, the IMO released a document called MSC-FAL.l/Circ.3 Guidelines recommending high level action plan and functional elements to achieve maritime cyber risk management. The MSC adopted the Resolution MSC.428(98) - Maritime Cyber Risk Management in Safety Management Systems for bringing effective maritime cyber risk management. The BIMCO Guidelines are the most comprehensive ones as these are based on inputs from at least 16 shipping companies. Last, but not the least, guidelines of the class societies are customized upon class notation data of vessels which employed best practices.

Discussion

Article 41 ofl.MO recommended setting up sea lanes along the straits to be governed by traffic separation schemes (TSS). The proposal contained a mandatory ship reporting system in the Straits of Malacca and Singapore known as STRAITREI'. which IMO's Maritime Safety Committee (MSC69) approved on 1 December 1998. The provisions of S'I'RAI TREI' followed die mandate of the International Convention for Safetv of Life at Sea (SOLAS), which emphasized on navigational safely, navigation efficiency and protection of marine environment. The S I RA1TREI' was applicable on all ships plying the Straits of Malacca and Singapore (SOMS). All ships regardless of length were required to maintain instant communication with other ships, and the coastal authorities through their Very High Frequency (VHF) Marine Radio fitted with radiotelepbony services. The STRAITREP facilitated transferring and receiving communication and particularly distress signals between ships in the periphery and coastal authorities. The coastal authorities would advise ships about the traffic situation in the Straits and paths of safe transition in case of a scarch-and-rescue (SAR) operation and to avoid marine hazards.

The SOMS was also the first Strait to implement United Nations Convention on the Law of the Sea (UNCLOS). It was also die first strait to implement the IMO Art. 43 which required all littoral states to demonstrate their willingness to cooperate with the user states and other stakeholders. This showed that the three littoral states, Indonesia, Malaysia and Singapore, recognized each other's sovereignty, sovereign lights and jurisdiction over the waters of the SOMS. This can be seen as adherence to the international law. However, despite this sovereignty, the vulnerability of the shipping industry to cyberattaeks was still evident in die inevitable use of technology and software based systems and instruments. The dependence on e-navigation for all types of operations further increased the risk of cyberattaeks. In an attempt to check cyber-attacks, certain regulations were framed. Initiatives such as integrated navigation systems and mandatory use of Electronic Chart Display and Information System (ECDISJand VDR data were adopted to check the cybercrimes. The ECDIS is a tvpe of geographical information system introduced by IMO as an alternative to paper nautical charts employed in nautical navigation. Both ECDIS and VDR could prevent die contamination of the system to some extent.

However, a drawback was felt when neither IMO nor any oilier international regulatory' agency mandated any basic safety training under SOLAS or Standards of Training, Certification, and Watchkeeping (STCW) forseafarers or crew members working onboard conunercial ships or superyachts. If dm could lake place, diere would be enough trained staffto prevent cybercrimes or contribute to system recovery in case of contingent situations. However, operations under Global Maritime Distress and Safety System (GMDSS) or under International Ship and Port Facility Security Code (ISPS), a lew safety norms could be implemented to enhance maritime security and by complying with the ISM guidelines and compliance to implement tlirough the International Convention for die Safety of Life at Sea (SOLAS).

It has also been felt that cybcrattacks take place when a large range of IT equipment such a· personal computers, laptops, tablet devices, servers, networking routers, switch gears, sensors, actuators, radar are used in excess (Jensen, 2015). With the advent of advanced technology, when ships switch over to automated control systems and e-navigation for performing complex functions, there is a great change not only in the cost reduction and performance improvement but also in checking the cybersecurity-related risks (Babineau et al., 2012; Masala & Tsetsos, 2016). However, cyber criminals show their ability to infiltrate into satellite navigation, especially the GPS and jam the operating systems through malwares like denial of data reception (competing signals) or spoofing (false signals) (Glomsvoll & Bonenberg. 2017). The IMC) introduced the Automatic Identification System (AIS) for navigation safety and to protect the satellite navigation applied on ships and ports but that too was cracked by hackers (DiRenzo et al., 2015; Ziebold et al., 2016).

Cyber security strategies need to take into account targets and reasons for attack and vulnerabilities of the system. Financial gain or competition could be the cause of most cybercrimes, shipping companies with large operational networks would be on top priority of the cyber criminals. The cybercrimes are mostly in the form of attacks on coastal networks in order to cause disruption to services and endanger the shipping networks and systems. The role of shipping companies and owners is very crucial here. Unless they take the onus to protect their own sensitive information and commercial assets, the safety and security of ports is also jeopardized. Often the training to crew members or seafarers would not work as hackers and cvbercriminals are steps ahead of the equipment manufacturers and system designers. For instance, ECD1S or VDR data could easily be infected by a virus by inserting a memory stick into a personal device connected to it.

In the shipping industry, the communication systems and equipment surveillance are the most vulnerable points that could be under cyberaltacks. The communication system checks die shipping trallic and the equipment monitor their movement and the crew officers working on that system. Though there might he firewalls and virus protection but unless diese protected gears are regularly updated, the system can be easily infected with indigenized viruses. Moreover, it is difficult to maintain a constant surveillance on emails and data exchanges since the crew might open m attachment to an e-mail without even imagining that it could be a malware targeting to attack their communication system. The question is whether to stop all types of such crew communication if the problem of cybercrime continues to grow in such a manner. It is also difficult to monitor the equipment as the anti-viruses cannot constantly scan the communication system for the corrupt data or detect the communication system has been compromised.

IMO has undoubtedly redefined navigation regulator)' framework and extended its jurisdiction to maritime safety and security through e-navigation. It made positioning, navigation, and timing (PNT) services more robust and cybercrime-safe by introducing a more viable terrestrial system called LOng-RAnge Navigation (LORAN) or eLoran which is capable to provide not only better horizontal positioning accuracy to prevent the damage or disruption to the maritime transportation system (MTS) (Radgowski & Tiongson, 2014) but can also pre-warn against cyber-induced environmental attacks that might put the maritime environment at stake.

Conclusion

Despite all preventive cyber protection and cyber security measures, the shipping defense mechanism has failed to check malicious hackers and cyber criminals. Studies have suggested that cyber-criminals employed not only primitive and tailor made hacking tools such as spoofing and phishing or attacking crew-members' emails with malware, but also made use of very advanced maritime enabled tactics which could at least subvert their ship's supply chain and corrupt their communication systems. Analysts have studied both residual risks and software-borne viruses and come to several conclusions including providing training to marine supply chain crew members for detecting cyber-attacks and potential phishing; observing the nature of cyber-attacks and understand their modus operandi; making the supply chain communication more robust and finding measures how to block cyber-attacks by successfully identifying malicious attempts in advance.

There are various other suggestions such as embedding a high level of security networks in shipping communication systems and providing suppliers the remote access to navigation and other ОТ systems to get backup support on board and, if required, allow suppliers to take over the entire control for upgrading or remote servicing and exterminate any unidentifiable malware placed by hackers. Such shore side and external access points with suppliers or at headquarters should be free from unauthorized access. Other strategies that can work is to segregate the control systems related to cargo stowage, loading and unloading, and disallow any guest access in the form of passenger recreation or private internet access for the crew.

Effectively segregated networks are capable of impeding the cyber attacker's access to the ship's communication systems and prevent the spread of malware. Although remotely piloted and automated marine vessels are revolutionary steps in maritime operations, but these make vessels more vulnerable to cyberattacks. IMO should consider navigation issues and cyber risks while creating rules for autonomous shipping. Last, but not the least, any wireless network onboard should also be discouraged. If required, onboard wireless networks should be partitioned by firewalls to create safe zones. All these measures could help in the prevention of cyber-attacks.