Navigating the complex maritime cyber regime: a review of the international and domestic regulatory framework on maritime cyber security.

Abstract

Modern shipping companies are reliant on the proliferation of refined technological advancements such as Electric Chart Display and Information Systems (ECDIS), Automatic Identification System (AIS), Global Maritime Distress and Safety System (GMDSS), Compass (Gyro, fluxgate, GPS and others), Computerised Automatic Steering Systems, Voyage Data Recorders – “Black box” (VDR), Radio Direction and Ranging or Automatic Radar Plotting Aid (Radar/ARPA). These technological advancements are vulnerable to cyber security threats. The prevalence of maritime cyber security incidents is increasing worldwide therefore it is imperative for the maritime industry to have legal regime in place that adequately regulates these cyber security threats. This dissertation undertakes a critical analysis of the legal framework governing maritime cyber security and the adequacy in combating maritime cyber threats. The first chapter will provide an introduction and background to maritime cyber security. The second chapter focuses on the different threats and vulnerabilities to maritime cyber security. In addition to this reference will be made to the types of cybercrimes and their possible ramifications. The third chapter will analyse the International regulatory regimes in place, regional regulatory framework and South Africa’s domestic laws regulating maritime cyber security. In the fourth Chapter a determination will be made as to the existence and adequacy of the law in combating maritime cyber threats and crimes. A conclusion will be derived from the findings of this dissertation, and recommendation will be submitted The purpose of this study is to establish whether, (a) the existing law applies to maritime cyber security threats at all, and, if so, what is the extent of the existing laws applicability to maritime cyber security threats? (b) whether the domestic and international legal framework is adequate, in respect to enforcement and comprehensiveness, to address/respond to maritime cyber security threats? and (c) whether it is necessary to establish new regulations to address maritime cyber security or develop existing laws?