cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Australia’s cyber security strategy fails to consider maritime sector

The maritime industry is being increasingly targeted by hackers, and Australia’s cyber security strategy has failed to take it into consideration.

user icon Daniel Croft
Tue, 28 Mar 2023
Australia’s cyber security strategy fails to consider maritime sector
expand image

An academic group made up of researchers from Griffith University and the Queensland University of Technology said in a submission to the Australian Cyber Security Strategy Consultation that Australia should be leading the charge in the International Maritime Organization in developing international law to bolster the sector’s cyber security.

“The international maritime transport industry is currently facing exponential growth in cyber attacks,” said the submission.

“Ships, ports, shipping companies and offshore infrastructures (e.g., offshore hydrocarbon structures) face unprecedented cyber threats.


“Considering the growing threats of cyber attacks to the maritime sphere, there is an urgent need for an IMO (International Maritime Organization) initiative for further international legal development for enhancing maritime cyber security.

“The 2023–2030 Australian Cyber Security Strategy should include a clear strategy for Australia to take a leadership role in the IMO for the development of maritime cyber security-related international regulations.”

Griffith University’s Dr Simon McKenzie, who was a part author of the paper, has said that “the maritime sector poses complex legal challenges as the supporting cyber infrastructure is located on land, on the offshore installations in the sea, and in space (for example, GPS satellites)”.

With much of the infrastructure being discussed being located offshore, the report also said that Australia must clarify the relationship between state legal obligations and international cyber law.

The report said that currently, there is a lack of clarity regarding what protections are covered as state legal obligations regarding the safety of maritime traffic and ships and the emerging international law of cyber space.

While nations have agreed to “non-binding norms of responsible state behaviour in cyberspace”, at an international level, the relationship between legally binding international law and those norms is still unclear.

The submission suggests that Australia clarifies “the extent of Australia’s responsibility for ensuring the cyber security of critical maritime infrastructures and when it can look to other states to manage and respond to cyber risk”.

“After all, maritime infrastructure is critical to the economic and security interests of states: working ports and consistent shipping are essential parts of the supply chain for almost all goods, ranging from pharmaceuticals, consumer electronics, natural resources, and food,” it said.

Mckenzie said that Australia has both the capacity and a reasoning to want to police the cyber space surrounding the maritime sector.

“Australia is an IMO Council member as one of the 10 states with the largest interest in international seaborne trade, and it has the legal, technical and diplomatic capacity to initiate proposals for negotiation at the IMO to develop of international law promoting maritime cyber security,” McKenzie told ITNews.

McKenzie has also said that offshore infrastructure, due to its importance to the global economy, should be treated as critical infrastructure from a cyber point of view.

Australia and the Cyber and Infrastructure Security Centre (CISC) have placed an increased focus on critical infrastructure sectors over the last 18 months, introducing mandatory reporting on 1 April last year. In addition, critical infrastructure operators will soon be required to develop risk management programs, according to CISC head Hamish Hansford.

For the full submission and list of suggestions, head to the Queensland University of Technology website.

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.