Ever Increasing Attacks On Maritime Ports & Systems

The cyber threat to the maritime industry is real, significant and frequently taking place. Attacks on the maritime industry’s operational technology systems have increased by 900% over the last three years with the number of reported incidents set to reach record volumes by year end. 

Cybersecurity and Infrastructure Security Agency (CISA) director Jen Easterly has revealed to a Senate committee that malicious hackers targeted the Port of Huston in August.

Houston is a 25-mile-long port complex is one of the largest on the US Gulf Coast and handles around 247 million tons of cargo per year. Threat actors installed malicious code to expand their access to the system and then exfiltrated all the login credentials held in Microsoft password management software used to control network access.  Authorities believe the attack was sponsored by a foreign power.

Cyber attacks on port systems are no longer considered hypothetical and preparations in case of a cyber breach make people far more likely to act correctly if a breach takes place. However, a cyber attack scenario on a container ship calling at a port illustrates two facts:-

  • There are a large number of contracts between the various parties involved.
  • The answers to the legal questions surrounding cyber attacks remains untested and usually uncertain.  

The maritime shipping industry has grown more alert to cyber risk particularly in the wake of the 2017 NotPetya malware attack that crippled ports, terminals and cargo handling operations.  

In June 2017 the Maersk shipping company was hit by a cyber attack. The NotPetya virus entered Maersk’s systems through a widely used piece of tax accounting software in Ukraine. Maersk was not the intended target for the attack, but the consequences for the company were very real. The virus spread through the company globally and made all their applications and data unavailable for several days. Worldwide operations, including its Rotterdam terminal, were seriously affected, with losses in the region of $200-300million.  

NotPetya could attack the Maersk global network because it was loaded onto one unpatched computer operating in a single local office connected to the global network. The incident shows the vulnerability of everyone to cyber attacks and you do not have to be the intended victim to be badly affected.

Maersk could recover relatively quickly because it recognised that resilience and recovery processes are as important as trying to prevent an attack. Being able to recover all your systems and data from secure backups within hours of an attack will protect your business from potentially serious financial and reputational damage. 

In other cyber security incidents, port assets have been infected with malware and there has been unintentional jamming or interference with wireless networks.

There are some important things for port authorities and operators  to consider: 

  • Do you operate or occupy a port or port facility that has electronic or computer-based systems? 
  • If the port systems were to fail, malfunction or were misused, would this result in economic,  operational, physical or reputational loss or damage, or disrupt operations? 
  • Do you own an information asset that includes information about your strategy or commercial operations, either the construction or the operation of your port or port facility, including any port systems? 
  • If this information asset were compromised, could this result in economic, operational, physical or reputational loss or damage? 

If your answer to any of the above questions is ‘yes’, then the updated British  Code of Practice Cyber Security for Ports and Port Systems) is essential reading to determine who in your organisation needs to take action. 

The Belgian Port of Antwerp has recently carried out unique trials involving a ‘fixed-wing’ drone providing images of realistic incident scenarios. The port of Antwerp is over 120 km in size and forms part of Belgium’s critical infrastructure. Thanks to the unique views they provide from the air, drones can make a significant contribution to overall safety within this complex environment. 

Cyber security is not just about preventing hackers gaining access to systems and information. It also addresses the maintenance, integrity, confidentiality and availability of information and systems, ensuring business continuity and the continuing utility of cyber assets.

When designing port systems or when supporting operational processes, port operators need to consider how to protect systems from both physical attack, malicious online attacks and the ever present insider threat from their own employees.

GovUK / IET:      Insurance Marine News:      Infosecurity Magazine:     Port of Houston:     I-HLS:

You Might Also Read:

Outdated Strategies In Maritime Cyber Security:

« The Many Dangers Of WFH
Russia's Criminal Hackers »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

BackupVault

BackupVault

BackupVault is a leading provider of completely automatic, fully encrypted online, cloud backup.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Agari

Agari

Agari is the Trusted Email Identity Company™, protecting brands and people from devastating phishing and socially-engineered attacks.

Caretower

Caretower

Caretower is one of Europe’s leading value added managed service provider in cyber security.

FoxGuard Solutions

FoxGuard Solutions

FoxGuard Solutions develops customized cyber security, compliance and industrial computing solutions for critical infrastructure entities and control system vendors.

Six Degrees Group

Six Degrees Group

Six Degrees is a specialist managed IT services organisation offering a range of solutions including Managed Security Services.

Cequence Security

Cequence Security

Cequence secures web, mobile, and API applications. We discover all apps, detect malicious bots, and stop attacks with an AI-integrated security platform.

Blu Venture Investors (BVI)

Blu Venture Investors (BVI)

Blu Venture Investors is a venture capital firm that supports early stage companies with a focus on technology in diverse domains including cybersecurity, IoT, defense and homeland security.

Nokia

Nokia

Nokia is a proven leader in fixed, mobile and IoT security offering capabilities that range from systems design to integration and support.

Earlybird Venture Capital

Earlybird Venture Capital

Earlybird is a venture capital investor focused on European technology innovators.

Coveware

Coveware

Coveware helps businesses remediate ransomware. We help companies recover after files have been encrypted, and our analytic, monitoring and alerting tools help companies prevent ransomware incidents.

Spike Reply

Spike Reply

Spike Reply is the company within the Reply Group focusing on cybersecurity and personal data protection.

IN4 Group

IN4 Group

IN4 Group is a skills, innovation and start-up services provider that specialises in supporting businesses with the training, communities, networks and advice they need to scale.

Privacy Compliance Hub

Privacy Compliance Hub

Privacy Compliance Hub provide an easy to use platform with a comprehensive data protection compliance programme including training, information, templates and reporting.

SHI International

SHI International

SHI International deliver against your IT and business needs, helping you build strategies and solutions that will drive innovation, collaboration and security.

NormCyber

NormCyber

NormCyber provide award-winning cyber security and data protection as a service for midsize organisations.

HWG

HWG

HWG is a company specialized in providing cyber security solutions and consulting services.

National Cyber Security Agency (NCSA) - Thailand

National Cyber Security Agency (NCSA) - Thailand

National Cyber Security Agency of Thailand is responsible for coordinating and implementing national cybersecurity policies, strategies, and initiatives.