Cyber Incident Victim: Maritime Trade Information Sharing Centre, Gulf of Guinea (MTISC-GoG)
Date:
Mar 2016
Location:
Nigeria
Summary
A potential security breach at the Gulf of Guinea's Maritime Trade Information Sharing Centre raised concerns that vessel data could be exposed to pirates. The Baltic and International Maritime Council and The Standard Club issued an advisory urging ships transiting the region to limit sharing identifiable or tracking information while still subscribing to security alerts. The organizations emphasized maintaining standard anti-piracy measures like vessel hardening and risk assessments to mitigate hijacking risks, though the incident remained unconfirmed by the centre itself at the time of initial reporting.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On March 1, 2016, the Baltic and International Maritime Council (BIMCO) and The Standard Club issued a joint warning regarding a suspected security breach affecting the Maritime Trade Information Sharing Centre, Gulf of Guinea (MTISC-GoG). The organizations expressed concern that the alleged breach could have compromised sensitive ship data, potentially exposing vessel identification or tracking information to piracy groups operating in the region. While the breach remained unconfirmed by MTISC-GoG at the time of the announcement, BIMCO advised vessels transiting the Gulf of Guinea to immediately restrict the submission of identifiable information through the center's reporting systems. Specifically, ships were instructed to omit positional data when signing up for MTISC-GoG's security alerts while continuing to participate in the program to maintain regional maritime security coordination. BIMCO emphasized that standard anti-piracy protocols – including vessel hardening measures and pre-voyage risk assessments – should remain strictly enforced to mitigate hijacking risks despite the information-sharing limitations.
The incident prompted immediate operational adjustments across the maritime industry, with ship operators instructed to balance threat reporting necessities against potential data exposure vulnerabilities. MTISC-GoG did not publicly confirm or deny the breach when contacted by media outlets shortly after the warning's release, leaving the incident's scope and origin formally unverified. Industry responses focused on procedural adaptations rather than system-wide shutdowns, maintaining the Gulf of Guinea's collaborative security framework while reducing identifiable data points in maritime reporting. The advisory maintained that selective information sharing would preserve the center's alert functionality without providing pirates targeting specifics. No confirmed hijackings directly linked to the suspected breach were reported in the immediate aftermath, though the warning underscored persistent cybersecurity challenges in maritime threat intelligence platforms servicing high-risk regions.