A day after disclosing digitization and streamlining efforts for its legacy systems, the Maritime Industry Authority (MARINA), under the Department of Transportation (DOTr), has confirmed that four of its web-based systems were attacked and compromised on Sunday, June 16.
Last Saturday, June 15, the agency announced an upcoming rollout of a blockchain-powered certification system for real-time online application processing called MARINA BEST, and a potentially mandatory virtual ticketing and advanced booking system for passenger ships to curb extended queues during peak travel seasons.
In a statement during a recent forum, MARINA Director Luisito delos Santos said that the most practical way to elevate the playing field between local and multinational shipbuilding entities across the country’s economic zones is legislative enactment to modernize the current state of the country’s shipbuilding industry, specifically via automation and digitalization.
In an unverified post at the hacking forum and marketplace BreachForums, a user named “ph1ns” claimed the hack of MARINA’s website and obtained access to four (4) systems: Authority to Accept Payment (ATAP), Accomplishment Report Management System (ARMS), Integrated Domestic Shipping Information System (IDSIS), and the SRB/SID Expedite Application System.
While MARINA is yet to divulge which specific applications were subject to the exploit, the agency is already hosting several web-based systems at this time, this includes the MARINA Integrated Seafarers Management Online (MISMO) System, which replaced the outdated Seafarer’s Certification System (SCS), and an information and monitoring system called Shipyards Regulation Service Information Management System (SRSIMS) among others.
MARINA officials and employees were deployed onsite at the MARINA Central Office to activate emergency measures dedicated to maintaining the integrity of the systems.
The agency’s in-house information technology (IT) team worked together with the Department of Information and Communications Technology-Cybercrime Investigation and Coordinating Center (DICT-CICC) to mitigate the data breach and investigate the attack, so the systems can be fully operational by Tuesday, June 18.