For years, Red Sky Alliance has been monitoring the Chinese Communist Party (CCP) in both cyber activity and geopolitical matters. The CCP has been and continues to be aggressive in their Belt and Road, long term, initiatives, or the China Maritime Silk Road. The CCP yearly train approximately 20,000 cyber ‘professionals’ in hacking type activities. This permeates into the business and citizen cultures of the Chinese population. China controls all business ventures inside its borders and encourages hacking activities among its own businesses and with their foreign business ties to other countries. It is a country bent on cyber poking and prodding. Since 90% of all commerce moves via maritime transportation modes, cyber has been pushed to the forefront in the transportation sector security focus.
In the last year and a half, Red Sky Alliance has been providing both Vessel Impersonation reports and weekly Maritime Watchlists to our friends and colleagues at Dryad Global, a maritime intelligence and risk management organization. Many of the vessel impersonations our analysts have seen, originate and target many Asian nations. These are nations directly affected by the CCP in their ongoing ‘claims’ in the South China Sea.
Dryad Global South China Sea Assessment – “Beijing keeps expanding the areas of the sea it claims as its own, despite those territories belonging to other countries. The US-China tension related to the South China Sea has been going on for years, and there is no end in sight.’
“China recently sent its second aircraft carrier, the Shandong, into the region and the Pentagon reports that a US Navy destroyer recently conducted a Freedom of Navigation Operation (FONOPS) wherein it sailed within the twelve-mile territorial boundary of island territory claimed by China. FONOPS has been going on for years as part of a visible and decided effort to challenge what the Pentagon regards as illegitimate, erroneous and provocative territorial claims in the highly disputed areas of the South China Sea.’
“The area in question, referred to as the Spratly Island chain, consists of an island chain that has long been at the center of many territorial disputes wherein numerous countries have claimed certain areas as sovereign territory. Of course, China, along with a collection of US allies in Southeast Asia such as the Philippines, Vietnam, Taiwan and Japan, have for years disagreed about who owns various elements of the islands.
“ ‘On December 22, the USS John S. McCain asserted navigational rights and freedoms in the Spratly Islands,’ a Pentagon report says.’
“Tensions massively escalated years ago when Navy P-8 surveillance planes discovered China’s phony island-building, calling it “land reclamation.” China has now spent many years building man-made structures on and near islands it claims to own in a transparent effort to fortify its territorial claims. In recent years, China has built aircraft landing strips and based fighter jets, artillery, missiles on islands areas it claims to possess.’
“ ‘Unlawful and sweeping maritime claims in the South China Sea pose a serious threat to the freedom of the seas, including the freedoms of navigation and overflight, free trade and unimpeded commerce, and freedom of economic opportunity for South China Sea littoral nations,’ the Pentagon report states.’
“The United States, and most of the international community, follow what’s known as the 1982 Law of the Sea Convention, a sweeping agreement which identifies the first twelve miles of ocean surrounding the coastline of a sovereign territory can be “claimed” by that nation as their own. The treaty also provides provisions for what’s called Exclusive Economic Zones (EEZ) wherein allies or foreign countries need permission to conduct certain operations within several hundred miles of a country’s coastline. Therefore, to fully explain the rationale behind the US FONOPS, one need only to recognize that sailing within twelve miles of a disputed area is intended to challenge illegitimate territorial claims.’
“ ‘The United States challenges excessive maritime claims around the world regardless of the identity of the claimant. The international law of the sea as reflected in the 1982 Law of the Sea Convention provides for certain rights and freedoms and other lawful uses of the sea to all nations,’ the Pentagon essay explains.”
“Interestingly, man-man or artificial island structures do not, according to the Pentagon, align with the Law of the Sea Convention’s definition of that which constitutes an “island.” Therefore, until or unless there is some kind of agreement or resolution to the long-standing crisis in the South China Sea, a development which is highly unlikely by any estimation, the US will continue to conduct FONOPS and challenge China’s claims.’
“ ‘As long as some countries continue to assert maritime claims that are inconsistent with international law as reflected in the 1982 Law of the Sea Convention and that purport to restrict unlawfully the rights and freedoms guaranteed to all States, the United States will continue to defend those rights and freedoms. No member of the international community should be intimidated or coerced into giving up their rights and freedoms,’ the Pentagon report says.”
Yesterday, the National Law Review highlighted that the maritime industry as an enticing target for hackers. So true. “The Port of Los Angeles (the Port) alone facilitated about $276 billion in trade last year (2020), and the International Chamber of Shipping estimated that the total value of world shipping was around $14 trillion in 2019. The Port has plans to construct a multi-million-dollar cyber intelligence facility as a hub for information sharing between the public and private sectors to thwart the increasing attacks on the maritime and logistics industries. This facility, the Cyber Resilience Center, is one of the first of its type to be built in the United States. The Port’s Executive Director, Gene Seroka, said, ‘What we’ve noticed over time is that the potential penetrations and cyber threats have grown each and every year,’ including incidents like the 2017 NotPetya attacks that affected shipping lines, the 2018 ransomware targeting of the Port of Long Beach, and the October 2020 ransomware attack on CMA CGM S.A., a French transportation and container shipping company. Seroka said that as the threat become more evident, the Port ‘“needed to find a way to bring the private sector into this space as well.’ The Cyber Resilience Center is expected to go live by the end of 2021. Participants in this information exchange will be able to share information anonymously through the platform, which will standardize data from different companies’ cybersecurity tools. The Port’s Chief Information Officer will lead the project, which will operate alongside the Port’s cybersecurity operations center.’
“Seroka said that he hopes the Cyber Resilience Center will be a model for other large ports across the United States since information-sharing is such a vital defensive tool. As the shipping industry becomes even more digitized, cyber threats will require facilities such as ports to prioritize set data standards, business rules and open architecture for facilitating information sharing in a secure, protected manner.”
The entire transportation supply chain, to include ships and maritime ports, are huge targets – targets that hostile nations, such as the CCP governed China, are constantly probing to gain an advantage through theft and/or subversion.
Red Sky Alliance has been collecting, analyzing and documenting cyber threats and vulnerabilities for over 9 years and maintains a resource library of malware and cyber actor reports. Specifically, our analysts are currently collecting and analyzing Asian based cyber-attacks which target the transportation sectors.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the lab directly at 1-844-492-7225, or email@example.com
Weekly Cyber Intelligence Briefings: https://attendee.gotowebinar.com/register/8782169210544615949
- Reporting: https://www.redskyalliance.org/
- Website: https://www.wapacklabs.com/
- LinkedIn: https://www.linkedin.com/company/64265941
 dtd: 31 DEC 2020