The Maritime and Port Authority of Singapore (MPA) has held an inaugural sector-wide maritime cybersecurity exercise, codenamed ‘Exercise CyberMaritime 2021’, to put the sector’s coordination on cybersecurity incident management, emergency response plans, and crisis communications to the test.
The three-day table-top exercise on November 26, 29 and 30, was conducted in a hybrid format involving some 90 participants from MPA, port terminal operators PSA Corporation Ltd (PSA) and Jurong Port Pte Ltd (JP), as well as shipping company, Pacific International Lines (PIL).
The exercise focused on the cyber-physical implications of potential cyber-attacks and the increased risks in data theft and loss. The scenarios covered data leak, ransomware, web defacement, distributed denial of service (DDoS), supply chain attacks, and compromise of critical maritime and port infrastructure and systems. In the lead-up to the three-day exercise, participants undertook a series of scenario-planning sessions and workshops and updated their incident management and mitigation plans.
“The maritime industry is undergoing rapid digitalization. It is imperative to better prepare against the threat of cyber-attacks which have become more sophisticated,” said Mr Niam Chiang Meng, Chairman of MPA. “As the world’s busiest transhipment hub and a key node in the global supply chain, the maritime sector in Singapore will be more vulnerable if it is not prepared to deal with such cybersecurity threats. I am glad that the exercise has brought together our partners to test not only our readiness, but also enable better coordination in crisis response amongst all stakeholders in the maritime sector should an incident occur.”
The MPA Chairman observed the exercise on November 30, together with Ms Quah Ley Hoon, Chief Executive of MPA, Mr Ong Kim Pong, Regional Chief Executive Officer Southeast Asia of PSA International, Mr Ooi Boon Hoe, Chief Executive Officer of JP, and Mr Gan Chee Yen, Co-President and Executive Director of PIL. They will witness the operational responses to the attack scenarios and be updated on the exercise outcomes.