Tokyo MOU Reports Previously-Undisclosed Cyberattack in 2022


Published May 10, 2023 9:44 PM by The Maritime Executive

The Tokyo MOU, the international body that coordinates port state control across the Pacific region, reports that it likely sustained a damaging cyberattack in July 2022, two months before it launched a concentrated inspection campaign. 

In its annual report, the Tokyo MOU said that its inspection database, APCIS, sustained an "extremely unfortunate" and prolonged outage beginning in July. The likely reason was a cyberattack, according to the agency, and it took down access to the full system for several weeks. Restoration of data was achieved, but it took several more months. 

The disruption caused serious difficulties for national port state control agencies, as well as commercial users of the database. The data maintained by the Tokyo MOU is used by port officials to select ships for inspection, and non-government users can also access it to check up on ships' backgrounds. 

It is extremely unfortunate that the Tokyo MOU PSC database, APCIS, suffered an outage in July 2022 due to the unforeseen reason, likely a cyber-attack. 

"Taking the lesson from this incident, the Tokyo MOU will pay higher attention to the matter of cyber-risks and take all possible measures to enhance cyber security to prevent [a] recurrence," the agency said in a statement. 

Though it was just disclosed this month, the attack on the Tokyo MOU database actually came before a string of well-publicized cyber incidents affecting maritime organizations. 

On Christmas Day, the Port of Lisbon sustained a major cyberattack, which took down the port's website and its internal computer systems. Hacking gang LockBit claimed responsibility for the incident and demanded a $1.5 million ransom. The group claimed to have stolen the port's financial reports, audits, contracts, cargo manifests, crewmember information and other sensitive data. 

On January 7, class society DNV was forced to take its ShipManager vessel operations software offline due to a cyberattack, shutting down access for an estimated 300 customers and 7,000 ships around the world. The desktop version of this software (the version used aboard vessels) remained functional, but all online cloud computing features were shut down.

Last month, the ports of Halifax, Montreal, and Quebec sustained a major “denial of service” attack, which took their external websites offline. A pro-Russian hacking group claimed responsibility for the attack, which did not affect the ports' internal data or day-to-day operations.