Ever Increasing Attacks On Maritime Ports & Systems

Uploaded on 2021-10-13 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-Transport & Travel

The cyber threat to the maritime industry is real, significant and frequently taking place. Attacks on the maritime industry’s operational technology systems have increased by 900% over the last three years with the number of reported incidents set to reach record volumes by year end. 

Cybersecurity and Infrastructure Security Agency (CISA) director Jen Easterly has revealed to a Senate committee that malicious hackers targeted the Port of Huston in August.

Houston is a 25-mile-long port complex is one of the largest on the US Gulf Coast and handles around 247 million tons of cargo per year. Threat actors installed malicious code to expand their access to the system and then exfiltrated all the login credentials held in Microsoft password management software used to control network access.  Authorities believe the attack was sponsored by a foreign power.

Cyber attacks on port systems are no longer considered hypothetical and preparations in case of a cyber breach make people far more likely to act correctly if a breach takes place. However, a cyber attack scenario on a container ship calling at a port illustrates two facts:-

  • There are a large number of contracts between the various parties involved.
  • The answers to the legal questions surrounding cyber attacks remains untested and usually uncertain.  

The maritime shipping industry has grown more alert to cyber risk particularly in the wake of the 2017 NotPetya malware attack that crippled ports, terminals and cargo handling operations.  

In June 2017 the Maersk shipping company was hit by a cyber attack. The NotPetya virus entered Maersk’s systems through a widely used piece of tax accounting software in Ukraine. Maersk was not the intended target for the attack, but the consequences for the company were very real. The virus spread through the company globally and made all their applications and data unavailable for several days. Worldwide operations, including its Rotterdam terminal, were seriously affected, with losses in the region of $200-300million.  

NotPetya could attack the Maersk global network because it was loaded onto one unpatched computer operating in a single local office connected to the global network. The incident shows the vulnerability of everyone to cyber attacks and you do not have to be the intended victim to be badly affected.

Maersk could recover relatively quickly because it recognised that resilience and recovery processes are as important as trying to prevent an attack. Being able to recover all your systems and data from secure backups within hours of an attack will protect your business from potentially serious financial and reputational damage. 

In other cyber security incidents, port assets have been infected with malware and there has been unintentional jamming or interference with wireless networks.

There are some important things for port authorities and operators  to consider: 

  • Do you operate or occupy a port or port facility that has electronic or computer-based systems? 
  • If the port systems were to fail, malfunction or were misused, would this result in economic,  operational, physical or reputational loss or damage, or disrupt operations? 
  • Do you own an information asset that includes information about your strategy or commercial operations, either the construction or the operation of your port or port facility, including any port systems? 
  • If this information asset were compromised, could this result in economic, operational, physical or reputational loss or damage? 

If your answer to any of the above questions is ‘yes’, then the updated British  Code of Practice Cyber Security for Ports and Port Systems) is essential reading to determine who in your organisation needs to take action. 

The Belgian Port of Antwerp has recently carried out unique trials involving a ‘fixed-wing’ drone providing images of realistic incident scenarios. The port of Antwerp is over 120 km in size and forms part of Belgium’s critical infrastructure. Thanks to the unique views they provide from the air, drones can make a significant contribution to overall safety within this complex environment. 

Cyber security is not just about preventing hackers gaining access to systems and information. It also addresses the maintenance, integrity, confidentiality and availability of information and systems, ensuring business continuity and the continuing utility of cyber assets.

When designing port systems or when supporting operational processes, port operators need to consider how to protect systems from both physical attack, malicious online attacks and the ever present insider threat from their own employees.

GovUK / IET:      Insurance Marine News:      Infosecurity Magazine:     Port of Houston:     I-HLS:

You Might Also Read:

Outdated Strategies In Maritime Cyber Security:

« The Many Dangers Of WFH
Russia's Criminal Hackers »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

LogicManager

LogicManager

LogicManager offer a complete set of IT governance, risk and compliance software solutions and advisory services.

Retail & Hospitality Information Sharing & Analysis Center (RH-ISAC)

Retail & Hospitality Information Sharing & Analysis Center (RH-ISAC)

Retail & Hospitality ISAC operates as a central hub for sharing sector-specific cyber security information and intelligence.

Global Information Assurance Certification (GIAC)

Global Information Assurance Certification (GIAC)

GIAC provides certification in the knowledge and skills necessary for a practitioner in key areas of computer, information and software security.

Neoteric Networks

Neoteric Networks

We deliver a no nonsense procedure to implementing technology. The technology selection process ensures that all customers enjoy an engineered methodology implementing technology.

netfiles

netfiles

netfiles offers highly secure data rooms for sensitive business processes and secure data exchange.

H-ON Consulting

H-ON Consulting

H-ON Consulting develops and applies robust cyber security procedures enabling control systems to be secure.

Alyne

Alyne

Alyne is a Munich based 2B RegTech offering organisations risk insight capabilities through a Software as a Service.

Veracity Industrial Networks

Veracity Industrial Networks

Veracity provides an innovative industrial network platform that improves the reliability, efficiency, and security of industrial networks and devices.

Cybeats Technologies

Cybeats Technologies

Cybeats delivers an integrated security platform designed to secure and protect high-valued connected devices.

Phronesis Security

Phronesis Security

Phronesis Security is committed to delivering world-class cyber security consulting with a tangible social and environmental impact.

Evervault

Evervault

Evervault provides engineers easy solutions to complex data security and compliance problems.

Nightwing

Nightwing

Nightwing is the intelligence services company that continually redefines the edge of the possible to keep advancing our national security interests.

ITRM

ITRM

ITRM are one of the UK’s top managed service providers and offer a range of award-winning IT solutions, from ad-hoc consultancy to cyber security.

Incode

Incode

Incode is the leading provider of world-class identity solutions that is reinventing the way humans authenticate and verify their identities online.

Twine Security

Twine Security

Twine is pioneering the creation of AI digital cybersecurity employees to help improve efficiency for cybersecurity teams.

Point Wild

Point Wild

Point Wild is a holding company that acquires, integrates and manages a diverse portfolio of best-in-class cybersecurity brands for consumers and enterprises.