Ever Increasing Attacks On Maritime Ports & Systems

The cyber threat to the maritime industry is real, significant and frequently taking place. Attacks on the maritime industry’s operational technology systems have increased by 900% over the last three years with the number of reported incidents set to reach record volumes by year end. 

Cybersecurity and Infrastructure Security Agency (CISA) director Jen Easterly has revealed to a Senate committee that malicious hackers targeted the Port of Huston in August.

Houston is a 25-mile-long port complex is one of the largest on the US Gulf Coast and handles around 247 million tons of cargo per year. Threat actors installed malicious code to expand their access to the system and then exfiltrated all the login credentials held in Microsoft password management software used to control network access.  Authorities believe the attack was sponsored by a foreign power.

Cyber attacks on port systems are no longer considered hypothetical and preparations in case of a cyber breach make people far more likely to act correctly if a breach takes place. However, a cyber attack scenario on a container ship calling at a port illustrates two facts:-

  • There are a large number of contracts between the various parties involved.
  • The answers to the legal questions surrounding cyber attacks remains untested and usually uncertain.  

The maritime shipping industry has grown more alert to cyber risk particularly in the wake of the 2017 NotPetya malware attack that crippled ports, terminals and cargo handling operations.  

In June 2017 the Maersk shipping company was hit by a cyber attack. The NotPetya virus entered Maersk’s systems through a widely used piece of tax accounting software in Ukraine. Maersk was not the intended target for the attack, but the consequences for the company were very real. The virus spread through the company globally and made all their applications and data unavailable for several days. Worldwide operations, including its Rotterdam terminal, were seriously affected, with losses in the region of $200-300million.  

NotPetya could attack the Maersk global network because it was loaded onto one unpatched computer operating in a single local office connected to the global network. The incident shows the vulnerability of everyone to cyber attacks and you do not have to be the intended victim to be badly affected.

Maersk could recover relatively quickly because it recognised that resilience and recovery processes are as important as trying to prevent an attack. Being able to recover all your systems and data from secure backups within hours of an attack will protect your business from potentially serious financial and reputational damage. 

In other cyber security incidents, port assets have been infected with malware and there has been unintentional jamming or interference with wireless networks.

There are some important things for port authorities and operators  to consider: 

  • Do you operate or occupy a port or port facility that has electronic or computer-based systems? 
  • If the port systems were to fail, malfunction or were misused, would this result in economic,  operational, physical or reputational loss or damage, or disrupt operations? 
  • Do you own an information asset that includes information about your strategy or commercial operations, either the construction or the operation of your port or port facility, including any port systems? 
  • If this information asset were compromised, could this result in economic, operational, physical or reputational loss or damage? 

If your answer to any of the above questions is ‘yes’, then the updated British  Code of Practice Cyber Security for Ports and Port Systems) is essential reading to determine who in your organisation needs to take action. 

The Belgian Port of Antwerp has recently carried out unique trials involving a ‘fixed-wing’ drone providing images of realistic incident scenarios. The port of Antwerp is over 120 km in size and forms part of Belgium’s critical infrastructure. Thanks to the unique views they provide from the air, drones can make a significant contribution to overall safety within this complex environment. 

Cyber security is not just about preventing hackers gaining access to systems and information. It also addresses the maintenance, integrity, confidentiality and availability of information and systems, ensuring business continuity and the continuing utility of cyber assets.

When designing port systems or when supporting operational processes, port operators need to consider how to protect systems from both physical attack, malicious online attacks and the ever present insider threat from their own employees.

GovUK / IET:      Insurance Marine News:      Infosecurity Magazine:     Port of Houston:     I-HLS:

You Might Also Read:

Outdated Strategies In Maritime Cyber Security:

« The Many Dangers Of WFH
Russia's Criminal Hackers »

Perimeter 81

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Perimeter 81

Perimeter 81

Perimeter 81 is a Zero Trust Network as a Service designed to simplify secure network, cloud and application access for the modern and distributed workforce.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Cylance Smart Antivirus

Cylance Smart Antivirus

An antivirus that works smarter, not harder, from BlackBerry. Lightweight, non-intrusive protection powered by artificial intelligence. BUY NOW - LIMITED DISCOUNT OFFER.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

ImageWare Systems

ImageWare Systems

ImageWare Systems is a leader in cutting-edge, identity management solutions driven by biometric technology.

Claranet

Claranet

Claranet are experts in modernising and running critical applications and infrastructure through end-to-end professional services, managed services and training.

NeuraLegion

NeuraLegion

NeuraLegion revolutionizes the way Application Security Testing is conducted, by combining Machine Learning Algorithms and an offensive approach.

SpectX

SpectX

SpectX is software for parsing and analysing raw logs and any other unstructured data for applications such as Infosec incident investigation and forensics.

Statice

Statice

Statice develops state-of-the-art data privacy technology that helps companies double-down on data-driven innovation while safeguarding the privacy of individuals.

CyBOK - University of Bristol

CyBOK - University of Bristol

CyBOK is a comprehensive Body of Knowledge to inform and underpin education and professional training for the cyber security sector.

Verificient Technologies

Verificient Technologies

Verificient Technologies specializes in biometrics, computer vision, and machine learning to deliver world-class solutions in continuous identity verification and remote monitoring.

Chicago Quantum Exchange (CQE)

Chicago Quantum Exchange (CQE)

Chicago Quantum Exchange is an intellectual hub and community of researchers with the common goal of advancing academic and industrial efforts in the science and engineering of quantum information.

New Net Technologies (NNT)

New Net Technologies (NNT)

NNT SecureOps provides ultimate protection against all forms of cyberattack and data breaches by automating the essential security controls.

GRSi

GRSi

GRSi deliver next-generation systems engineering, cybersecurity, technology insertion and best practices-based Enterprise Operations (EOps) management.