Cyber Incident Victim: Tokyo MOU
Date:
Jul 2022
Location:
Japan
Summary
The Tokyo MOU experienced a cyber-attack compromising its Asia-Pacific Computerized Information System (APCIS), causing a multi-week outage and prolonged data restoration, which disrupted port State control operations by hindering ship inspection selection, data transmission, and industry access to port State control information. The incident prompted commitments to strengthen cybersecurity measures to prevent recurrence.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 0 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The Tokyo Memorandum of Understanding on Port State Control (Tokyo MOU) experienced a significant cybersecurity incident in July 2022, which disrupted its Asia-Pacific Computerized Information System (APCIS). The outage, attributed to a suspected cyber-attack, rendered the entire system inoperable for several weeks, with full data restoration requiring months of recovery efforts. This system serves as the primary database for port State control activities across the Asia-Pacific region, storing inspection results and facilitating information exchange among 21 member maritime authorities. The disruption severely hampered the ability of Port State Control Officers (PSCOs) to conduct accurate ship risk assessments, select vessels for inspection, and efficiently transmit inspection reports. Industry stakeholders, including ship operators, charterers, and classification societies, who routinely access APCIS data for compliance verification and operational decisions, also faced prolonged difficulties accessing critical information.
The incident’s operational impacts extended beyond immediate technical failures. During the outage, member authorities resorted to alternative methods to maintain inspection activities, though with reduced efficiency and data coherence. The Tokyo MOU Secretariat acknowledged that the compromise affected not only routine port State control functions but also undermined broader maritime safety oversight, particularly as deficiencies related to engine maintenance and power systems had been rising prior to the incident. While the 2022 inspection cycle saw partial recovery from COVID-19 disruptions—with 24,894 inspections conducted, including 2,515 remote examinations—the cyber-attack introduced new vulnerabilities in data integrity and accessibility. In response, the Tokyo MOU committed to strengthening its cybersecurity protocols, prioritizing system resilience, and implementing enhanced preventive measures to avoid future breaches, as outlined in its 2022 annual report. No specific threat actor or attack vector was publicly identified during the disclosed investigation.