The Bunker Industry’s Evolving Cybersecurity Challenge

January 22, 2024

 By David Varghese, CFO, Glander International Bunkering


The digitalisation of the bunker industry can’t just be an optional upgrade.

Singapore’s MPA has highlighted the potential savings in man-hours as it pushes its local bunker firms into using e-BDNs, barge data tracking and other digital services.

But this trend goes a lot further than that; it’s an essential defence against some of the cybersecurity risks facing everyone. We can make a majority of all bunker documentation electronic within the next five years, and we will both make the handling of that paperwork easier and more transparent, and do much to protect our industry against evolving threats.

The Bunker Industry’s Vulnerability

The bunker sector’s critical infrastructure automatically makes it a prime target for cyberattacks, because of the potential for significant economic and environmental impact. The industry’s large financial transactions also make it vulnerable, coupled with its lack of cybersecurity measures, employee training and incident response plans.

Bunkering relies on a complex supply chain involving multiple parties. If one or more of these entities has cybersecurity weaknesses, this can compromise the whole chain. At the same time, shipping companies often rely on outdated, legacy systems that may not be equipped for modern cybersecurity threats. Retrofitting these systems can be expensive, which in particular can discourage smaller shipping companies.Chief Financial Officer of Glander International Bunkering discusses cybersecurity in maritime.

Evolving Threats

The financial risk that may be the costliest – but also the easiest to rectify – is fraudulent invoices. Not detecting a fraudulent invoice can lead to operational disruption and damaged relationships, which is why employee training and awareness are pivotal.

Data breaches that can give unauthorised parties access to sensitive information are another problem. Ransomware attacks can halt bunkering operations, causing disruption and potential environmental incidents. Any non-compliance with regulations could result in fines, legal liabilities and reputational damage.

Pitfalls to Avoid

But a move towards electronic record-keeping can bring new problems of its own; get digitalisation wrong, and you’ll expose your company to a whole new set of risks.

Without adequate protection, documents can be altered or manipulated. There are now more phishing attacks, where recipients click on email attachments and links sent by cybercriminals that initially appear legitimate.

That is why data needs to be encrypted and employees must be educated on best practices.

At Glander International Bunkering, we have implemented digital signatures to enhance the integrity and efficiency of our business transactions. These documents signal to the recipient whether or not there has been an unauthorised alteration, or if they are sent from another source.

Working With the Shipping Industry

Upholding the highest standards of cybersecurity to protect our clients’ interests and finances goes beyond our digitally secure invoicing system.

We also share information and work closely with shipping companies, suppliers and industry stakeholders in order to collectively stay vigilant against cyber threats, fortify our defences and respond effectively.  In the unfortunate event of a cybersecurity incident, our team is proactive about reporting the information to the relevant authorities.

We also strongly encourage all companies in the shipping industry to take a proactive approach to protect themselves from potential cyberattacks. The most essential step is to invest in continuous cybersecurity training for employees to avoid human error. An informed employee is your first line of defence.

Beyond that, companies need strict access controls to limit who can access sensitive data. Stronger IT security measures are needed, and updates to older systems. Data encryption and strong firewalls are also critical technologies for business continuity.Digital security in bunkering industry

Future Outlook

Singapore’s MPA is currently the most active authority in imposing bunker-industry digitalisation. In October the authority announced the introduction of e-BDNs, keeping to an ambitious digitalisation timeline announced at SIBCON 2022.

This initiative is positive, but the pace and success of similar efforts elsewhere may vary. The digital transition is complex, and requires careful planning, regulatory adjustments and cooperation.

More port authorities should be able to enforce electronic documentation in time, especially as more companies gradually digitalise their processes for their own efficiency and competitiveness.

Eliminating paper documents in bunkering, like any other industry, hinges on factors like technological advancement, regulatory changes, adoption rates and the readiness of all stakeholders.

At Glander International Bunkering, we already use electronic documentation for bunker transactions. But since some of our clients continue to rely on paper documents, we maintain a dual approach to provide both paper and digital formats for various regulatory and operational needs.

We are optimistic that a majority of bunkering transactions can be electronic within the next five years, if all factors are addressed successfully.