October 2019

The container cycle and the data security

by Giambattista Ravano, DSP Chairman

— Posted in Ship2Shore on October 2019

The description of the data associated with the voyage of a container has been given careful thought since the container itself existed and began. Even before the information treatment, mainly in paper form, of the goods transported by ship.

The transition to the digital age has marked a change in the ways in which this information is exchanged, it has certainly helped to revise the professions associated with it, and has made the formal act more fluid and faster. Not immediately, it has also accompanied a change in mode and control of transport.

We know how the new information technologies are modifying the operation of the logistics at least in the vehicles automation, in the optimization of the positioning and in the time and place evaluation.

This happens thanks to the ever more refined algorithmic processing of large masses of data and the corresponding insertion of a logic of interpretation and proposed decision.

But less attention is paid to this data and less concern about their intrinsic value and the security risks that multiply as much as the data themselves are exchanged and processed.

It is natural that this happens, and so it has happened in all the economic sectors that have faced major waves of innovation related to data processing. The example of e- commerce, which is intrinsically linked to security rules, has regulated (and is still doing so) these aspects since its introduction and not before.

But let’s come to our cases. The exchange of information to a macro level like those between ocean carriers, land transporters, terminal operators, responsible owners of the cargo, public administrations (customs) and financial services have always been potentially possible and then favoured by ICT but potentially influenced and, on the security side, certainly attackable. This did not happen in a systematic way, as far as we know, also because the sectors in which we could act for the purposes of manipulation of the information were advantageous in other fields.

What can be done if you own all the detailed information on the traffic goods?

I leave it to the readers imagination, remembering that malevolent actions are generally greater than our thoughts.

But another level is and will be potentially critical, is that of the processing of local information. Think about a container terminal that knows and treats information from its sensors and actuators of the handling equipment (which carry much of information on the cargo, the destination and provenance). But not only is that, the same information and the administrative data also exchanged locally also intercepted, modifiable, exchangeable.

There are many examples of attacks for various purposes. All position sensors and actuators have access to the clear information at some time. There is the possibility to secure and make the data within the instrument that reads or communicates, accessible again but this is not applied everywhere and in all instruments. The transition to intelligent objects that carry out the transformation clear of the data and of the information is a necessary condition also for the shipping world in the near future.

In the offices in which the data is processed, rules are not applied for surveillance giving priority to today’s more critical problems on the operations of handling equipment and the containers, ships included.

In communication between partners, things go a bit better. But despite this they are not always safe during the shipping phase or immediately before and in the receiving phase or immediately after. There is therefore a real possibility of intercepting the data.

The recent initiative – TradeLens- created by the world’s leading shipping companies, paves the way for the use of safer trading methods. Particularly, it relies on blockchain technology by providing a secure trading platform according to these parameters.

However, like all trading platforms, it will have many obstacles. The first is to become a monopolistic brand to solve the problem. It is likely that in a future development it will have to be transformed into an open platform for technological choices while remaining secure in the transmission phase.


Nevertheless, this is the only way forward and the initiative is to be followed.
Much less convincing are the national data exchange platforms that solve (when they succeed) only part of the problem (generally at regional or national level) leaving completely uncovered the real field of maritime transport that is international.

It will not, however, solve the problems I mentioned before, linked to the in and out of the data.

A decisive step forward will be taken when we will see in this area too, an in-depth examination of security problems within the social sphere. To be better understood, when the main operators will be aware of the risks they face, when safety issues are not addressed.
Security is a mental habit that begins and ends on seemingly trivial things like not communicating access keys, nor making them easily accessible. If it seems obvious it is not. And the risk in this field is also very wide.

Let me cite, for example, some possible scenarios.
You intercept all boarding orders from one geographic area to another in a defined time frame. With them you can:

  • manipulate the data and demand a ransom to release it correctly
    • enter the commercial community by offering alternative solutions
    • impose unauthorised loading, transport and discharging

You interfere with the communications between operators potentially causing:

  • ransom on restoring communications
    • changes in priorities to favour its own purposes
    • access to financial data

But there is no limit to fantasy, so it is appropriate to stop and come to a conclusion.

For a long time, data security has been seen as an unnecessary and secondary issue but now the majority of operators have started to take an active interest in it. Many of the solutions proposed generate a lot of work but solve few problems (regional and national initiatives). Some of them are starting to address the issue globally, but they still have to assert. The individual operators (the people who daily operate on the data) have little sensitivity to implement precautions relating to an area that deserves more attention of safe behaviour. And finally, automation technology is still poor in security solutions.

In such a scenario the world of the maritime transportation is potentially under security risk and it needs a lot of work in order to change the evaluation and to bring down the risks for its operators.T