Ever Increasing Attacks On Maritime Ports & Systems

Uploaded on 2021-10-13 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-Transport & Travel

The cyber threat to the maritime industry is real, significant and frequently taking place. Attacks on the maritime industry’s operational technology systems have increased by 900% over the last three years with the number of reported incidents set to reach record volumes by year end. 

Cybersecurity and Infrastructure Security Agency (CISA) director Jen Easterly has revealed to a Senate committee that malicious hackers targeted the Port of Huston in August.

Houston is a 25-mile-long port complex is one of the largest on the US Gulf Coast and handles around 247 million tons of cargo per year. Threat actors installed malicious code to expand their access to the system and then exfiltrated all the login credentials held in Microsoft password management software used to control network access.  Authorities believe the attack was sponsored by a foreign power.

Cyber attacks on port systems are no longer considered hypothetical and preparations in case of a cyber breach make people far more likely to act correctly if a breach takes place. However, a cyber attack scenario on a container ship calling at a port illustrates two facts:-

  • There are a large number of contracts between the various parties involved.
  • The answers to the legal questions surrounding cyber attacks remains untested and usually uncertain.  

The maritime shipping industry has grown more alert to cyber risk particularly in the wake of the 2017 NotPetya malware attack that crippled ports, terminals and cargo handling operations.  

In June 2017 the Maersk shipping company was hit by a cyber attack. The NotPetya virus entered Maersk’s systems through a widely used piece of tax accounting software in Ukraine. Maersk was not the intended target for the attack, but the consequences for the company were very real. The virus spread through the company globally and made all their applications and data unavailable for several days. Worldwide operations, including its Rotterdam terminal, were seriously affected, with losses in the region of $200-300million.  

NotPetya could attack the Maersk global network because it was loaded onto one unpatched computer operating in a single local office connected to the global network. The incident shows the vulnerability of everyone to cyber attacks and you do not have to be the intended victim to be badly affected.

Maersk could recover relatively quickly because it recognised that resilience and recovery processes are as important as trying to prevent an attack. Being able to recover all your systems and data from secure backups within hours of an attack will protect your business from potentially serious financial and reputational damage. 

In other cyber security incidents, port assets have been infected with malware and there has been unintentional jamming or interference with wireless networks.

There are some important things for port authorities and operators  to consider: 

  • Do you operate or occupy a port or port facility that has electronic or computer-based systems? 
  • If the port systems were to fail, malfunction or were misused, would this result in economic,  operational, physical or reputational loss or damage, or disrupt operations? 
  • Do you own an information asset that includes information about your strategy or commercial operations, either the construction or the operation of your port or port facility, including any port systems? 
  • If this information asset were compromised, could this result in economic, operational, physical or reputational loss or damage? 

If your answer to any of the above questions is ‘yes’, then the updated British  Code of Practice Cyber Security for Ports and Port Systems) is essential reading to determine who in your organisation needs to take action. 

The Belgian Port of Antwerp has recently carried out unique trials involving a ‘fixed-wing’ drone providing images of realistic incident scenarios. The port of Antwerp is over 120 km in size and forms part of Belgium’s critical infrastructure. Thanks to the unique views they provide from the air, drones can make a significant contribution to overall safety within this complex environment. 

Cyber security is not just about preventing hackers gaining access to systems and information. It also addresses the maintenance, integrity, confidentiality and availability of information and systems, ensuring business continuity and the continuing utility of cyber assets.

When designing port systems or when supporting operational processes, port operators need to consider how to protect systems from both physical attack, malicious online attacks and the ever present insider threat from their own employees.

GovUK / IET:      Insurance Marine News:      Infosecurity Magazine:     Port of Houston:     I-HLS:

You Might Also Read:

Outdated Strategies In Maritime Cyber Security:

« The Many Dangers Of WFH
Russia's Criminal Hackers »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Cyber Conflict Studies Association (CCSA)

Cyber Conflict Studies Association (CCSA)

Cyber Conflict Studies Association (CCSA) is a non-profit organization dedicated to leading a diversified research agenda in the field of cyber conflict.

Cyber Akademie (CAk)

Cyber Akademie (CAk)

Cyber Akademie is a training and education center providing high-quality training and information events on information security and data protection.

Azeti Networks

Azeti Networks

Azeti Networks is a global provider of IoT technology to a variety of verticals including telecomms, oil/gas, manufacturing, finance and healthcare.

Avatier

Avatier

Avatier identity management software products automate identity access management, user provisioning and IT governance to ensure information security and compliance.

Intrasoft International

Intrasoft International

Intrasoft International is a leading European IT Solutions and Services Group offering a full range of IT services including Information Security.

Modux

Modux

Modux focus on a number of core competencies across cyber security including; cyber intelligence & analytics, penetration testing and training.

Visual Guard

Visual Guard

Visual Guard is a modular solution covering most application security requirements, from application-level security systems to Corporate Identity and Access Management Solutions.

Arab Information & Communication Technologies Organization (AICTO)

Arab Information & Communication Technologies Organization (AICTO)

The Arab ICT Organization (AICTO) is an Arab governmental organization working under the aegis of the league of Arab States.

Capsule8

Capsule8

Capsule8 is the only company providing high-performance attack protection for Linux production environments.

Kickstart

Kickstart

Kickstart supports your startup in scaling deep technology businesses in Switzerland in areas such as AI, Blockchain and Cybersecurity.

Fudo Security

Fudo Security

Fudo Security is a leading provider of privileged access management and privileged session monitoring solutions.

Code Intelligence

Code Intelligence

Code Intelligence offers a platform for automated software security testing to help developers make their software more robust and secure.

Pionen

Pionen

Pionen are a specialist information security consultancy with excellent people and proven security delivery methodologies at its core.

National Coordinator for Security and Counterterrorism (NCTV) - Netherlands

National Coordinator for Security and Counterterrorism (NCTV) - Netherlands

The NCTV serves the Netherlands’ national security. We protect national interests, identify threats and strengthen resilience.

Blackpanda

Blackpanda

Blackpanda is Asia’s premier cyber security incident response group, hyper-focused on digital forensics and cyber crisis response.

AccessIT Group

AccessIT Group

AccessIT Group is a specialized cybersecurity solutions provider offering a full range of advanced security services.