Cyber Risk, Intellectual Property Theft and Cyberwarfare. Asia, Europe and the USA. Major new book by Ruth Taplin
Review by James Brewer
Human intelligence is harnessing artificial intelligence for the benefit of science, infrastructure, medicine and commerce: notably shipping and transport. At the same time, multiple interests – from governments to tech giants to malicious actors – have seized on the power of AI variously to scoop up unhindered ever more data, steal and resell creative content such as books, academic research and music, manipulate electors and wreak targeted havoc. It is the enabler of sinister new forms of military conflict: war itself is being outsourced and privatised to cyber-mercenaries
For enlightened societies, the stakes could hardly be higher, as Ruth Taplin makes clear in her new book. Mapping out where this wild sprouting of the mostly ethics-free jungle is taking us, Dr Taplin advances in compelling and concise form the frightening portents for nation states, businesses and individuals.
Her simple, descriptive title Cyber Risk, Intellectual Property Theft and Cyberwarfare. Asia, Europe and the USA beckons the reader into the tangled and often dark (!) web of the uses and misuses of technology in 2021.
The challenge, she shows, is for fair-minded interests to grasp the significance of the new cyber realities before they race ahead and overwhelm us.
Given the morass of tech corporates and of state and private marauders, Dr Taplin underlines that proactive strategies are critical for industries prone to intellectual property theft, cyberattack and cyberwarfare variants which often manifest themselves in unexpected ways. She adduces the dilemmas for operators of such vital functions as merchant shipping, national grids, defence capabilities and retail banking systems: in fact, every type of business on earth has much to lose, but much to gain with proper, safeguarded applications of technology.
In terms of the shipping sector, the threat is particularly stark: because of its global nature, huge disruption can originate anywhere. Many economists and political leaders have been slow to take into account how shipping is the fulcrum of global trade and globalisation and can be an inadvertent casualty of, or cause of geopolitical conflict. In flashing a red warning about the vulnerability of maritime, the book serves to move the heavily exposed nature of nautical hardware and software up the agenda.
After the aviation sector tightened security in response to the 9/11 terror attacks and other outrages, the shipping industry lagged behind and has perhaps still not heeded the wake-up call from episodes such as the NotPetya attack of June 2017 (which hit financial, energy, pharmaceutical, and transport and logistics company operations – among them Maersk, which lost some $300m), and attacks on GPS navigational systems in the Strait of Malacca and by pirates off the Horn of Africa. Maersk was again obliged to fend off a serious cyberattack in February 2020.
Cyberattacks on ships are accelerating at an alarming rate, with malware and phishing emails a prime method of infiltration.
Ruth Taplin is in a good position to draw all the strands together – she is editor of the Interdisciplinary Journal of Economics and Business Law, and has authored or edited 23 books. She is the director of the Centre for Japanese and East Asian Studies.
One of the sensitive questions she tackles worrying governments, industrialists and insurers, is the legal definition of a cyberattack: is it an act of war or basically a crime when it involves, for example, compromising a ship’s navigational system to change course to a location where it can be robbed or held to ransom to fund terrorist activities?
The author analyses the agonising in the insurance industry over how to cater for cyber risk –the difficulties include a lack of historical data and assessing market values of such losses. Many in the insurance industry say that more consensus and consistency are necessary before there can be workable solutions.
One attempt to provide effective cover has come from the broking group Willis Towers Watson, which in April 2020 launched CyNav, designed specifically for shipowners rather than using pre-existing generic cyber products amended marginally. It includes cover for business interruption losses and crisis management.
The dangers have increased so acutely that cybersecurity systems have become as integral a framework for a ship’s safety as the physical structure and machinery, as the chairman of the International Association of Classification Societies has emphasised.
As ships become increasingly digitised using the latest IT to store data, new applications, and advanced GPS, it is easier for hackers, whether state actors, pirates, military intelligence or cybercriminals, to invade their systems electronically.
A study commissioned by Lloyd’s estimated that a sustained cyberattack on major ports in the Asia-Pacific region could lead to $110bn in losses. At current rates of insurance coverage that would leave roughly $101bn uninsured.
Navies of the world have already risen to such challenges by spending as much on cyber defence as they do on weaponry and ship structures.
The Internet of Things (IoT) which was widely trumpeted a few years back as the means to create the perfect self-running domestic home, is an area of growing interest to shipowners, but they should beware. IoT devices allow many ways for hackers to exploit weaknesses in connections to enter the set-up. A robot you might install to cook your potatoes might end up feasting on or frying your chips.
Software developers therefore need to create cyber-resilient systems bespoke to critical ship infrastructure which differs from other industries, and AI itself risks being subverted by… hostile AI.
As unprecedented numbers of people are working from home, maintaining adequate cybersecurity for soft access points such as printers, webcams and routers must be confronted.
When the IoT is used by hackers who use the dark web, the capacity for damage multiplies.
Dr Taplin has mustered and mastered a thicket – many thickets – of research material and examples of shocking system breaches to produce an readable account of how the cyber-quicksands can devour those who are just slightly less than vigilant, and on the macro scale, how this is creating geopolitical nightmares.
Even the most savvy of the “good guys” can fall victim. One of the biggest cybersecurity firms in the world, FireEye, reported in December 2020 that it had been assailed by hackers with “world-class capabilities.” Its chief executive said that villains used “a combination of techniques not witnessed by us or our partners in the past.”
The threat to intellectual property rights must be kept to the fore. Vast amounts of information travels through the networks with little human intervention tempting hackers to tap into the data without the owners of the networks being aware.
The global political question yet to be firmly addressed is that the ‘tsars’ of the digital age having earlier plundered content at will now justify themselves under the “freedom-loving” guise of championing “open access.” It remains almost impossible to hold the tech giants to account,
Dr Taplin says that the key to preventing and mitigating cyber risk is not based on statistical modelling or on IT packages, but on human-based variables. “Hackers cannot steal IP or alter GPS systems connected to ship navigation without human ignorance or error, collusion, grudges, greed, malice and geopolitical imperatives,” she insists.
In an introduction to the book, Todd Williams, director of Australia’s NSW Cyber Security Node, concurs that traditional ways to defend against cyber threats need to evolve and be implemented at an increasingly fast rate to keep pace with the advanced attacks. Cyber is primarily a people problem not an IT problem.
Mr Williams warns that Just as AI can ‘learn’ to spot patterns of coincidence or behaviour that can signal an attempted attack, it can learn to trick its way past our defences. Attackers will have the choice of targeting either vehicles or homes, perhaps using them to access e- mail accounts and then personal information, or the cloud services where our data are routinely sent for storage and analysis. Large-scale harvesting and resale of such data on the black market is highly lucrative for cybercriminals.
Cyber Risk, Intellectual Property Theft and Cyberwarfare. Asia, Europe and the USA. By Ruth Taplin Routledge Studies in the Growth Economies of Asia. ISBN 978-1-138-32058-1 hardback; ISBN 978-0-429-45319-9 ebook