The State of Cyber Security at Ports | SaltDNA

The State of Cyber Security at Ports

13/05/2020 | John Bailie

For years, ports have been undergoing a digital transformation, due to the ever emerging challenges brought about by the optimisation of existing processes and the introduction of many new capabilities.

For years, ports have been undergoing a digital transformation, due to the ever emerging challenges brought about by the optimisation of existing processes and the introduction of many new capabilities. Digital transformation is pushing the maritime industry beyond its traditional limits to provide opportunities and to improve productivity, efficiency and sustainability. Such digital transformation has come about from the advancements in the interconnectivity of IT and the introduction of cloud computing, big data and Internet of Things (IoT). However, for ports, transitioning with the digital transformation brings along cyber security challenges that need to be met in order for future ports to fully unlock the potential of these new technologies. As a result, ports have discovered that there is a price to pay for modern technological marvels. Cyber criminals are attracted to the centralised systems which ports have that provide fraudsters with a wealth of target information.

The need for increased cyber security in ports is evident by the proliferation of cybersecurity incidents that have occured in ports over the past few years. For example: in 2011, the Belgian port of Antwerp experienced a cyber attack by where drug traffickers recruited hackers to breach IT systems to control the movement and location of containers in order to intercept and smuggle drugs. This particular cyber attack was regarded as a multi stage attack as it occured over a period of 2 years. Furthermore, Maersk experienced a NotPetya ransomware attack which infected 50,000 endpoints and thousands of applications and servers across 600 sites in 130 countries. During the 2019 Association of Bulk Terminal Operator’s annual conference, Ian Adam, chief executive said: “both physical and cyber security remain to be a particularly weak spot for the ship to shore interface,” further highlighting the need for stronger cyber security for ports.

Increasingly, ports are seen as key targets for those who are looking to disrupt national infrastructure and hostile governments. Many insiders have viewed ports as being underprepared for the likes of these cyber threats, even though major players in the industry have recognised and acted on the risks posed by cyber threats. However, the majority of the major players have been very slow to recognise the need for cyber security. There are a number of key reasons and challenges ports face as to why there are lacking effective cyber security.

  1. Lack of digital culture in ports, some stakeholders are still very conservative. Traditional stakeholders do not consider cyber security to be a priority over technology adoption.
  2. Lack of awareness and training regarding cyber security.
  3. Lack of an understanding of what time and budget should be allocated to cybersecurity.
  4. Lack of qualified IT and OT human resources regarding security matters, skills shortage.
  5. The ability to find a balance between business efficiency, digital transformation and cyber security.
  6. Difficult to stay up to date with the latest cyber threats and therefore lack of cyber security against these.
  7. The convergence and interconnection of OT and IT systems, greatly exposes OT systems to higher risks.
  8. Supply chain challenges: the lack of control over the cyber security level of suppliers presents cyber security challenges for ports.
  9. Strong interdependencies between port systems and external services from other sectors (such as energy) that introduce interdependency cyber security risks.
  10. New cyber risks resulting from digital transformation of ports.

It is important that cybersecurity becomes a top priority for ports, in order to ensure the safety, security, compliance and commercial competitiveness, while also ensuring they have the full capabilities for a digital transformation. Port operation is very complex because of the nature of the services provided, the number of processes taking place in the infrastructure and the large number of workers involved in the operation, which includes land, sea and economic activities, so there are many reasons for cyber security. With all the new and modern systems and equipment, ports are exposing themselves more to the risk of cyber attacks.

Ports can be found vulnerable to a number of types of cyber attacks due to the vast quantities of data that is stored and transmitted in port infrastructure, this is a key attraction for cyber criminals. Due to the automated navigation, logistics systems and ports fleet management software, all are presented as being a rich source for criminal activity. It is more and more evident that the incorporation of digital tools in the day to day activities of ports has not removed the threat of crime, but rather shifted criminals focus to digitally enabled activities. There are a number of cyber attacks ports can potentially face:

  • The theft of sensitive and critical port data, such as: location of content of containers or competitive know-how, along with the ability to delete and alter such data.
  • Hackers can intercept the communications between the port and different stakeholders, also referred to as ‘man in the middle attack’ that relays and alters communications between 2 parties who believe they are directly communicating with each other.
  • The scanning of port systems to intercept data for corporate or state espionage or criminal crime and privacy espionage.
  • Session hijacking- the exploitation of system vulnerabilities to gain the same access rights than the targeted clients (such as authentication cookies).
  • Network reconnaissance and traffic manipulation- an attack scans the network until he finds an entry door which reveals internal port network information, to therefore compromise the targeted systems.
  • The use of phishing attacks to compromise networks with inadequate security.
  • The illegal smuggling of people and drugs due to organised crimes viewing ports as a nexus point for smuggling
  • The ability to shut down the entire port by compromising port systems
  • Other examples of cyber crime on ports is: fraud, sabotage, vandalism, theft, unauthorised access, terrorism and corruption.

Therefore, there is an increased call for cyber security at ports due to the impact cyber crime can have on the port itself. Cyber attacks have the ability impact to how a port safely carries out operations, they also have the ability to reduce the speed and efficiency a port operates at. There is the risk of damage to ships and crews, if, for example, a ship collision occurred due to a hacking of e-navigation. The overall port business could be disrupted and damaged, resulting in a tarnished reputation. There is the risk of huge losses, be it in regards to, physical assets, the loss of cargo or the loss of personal data of employees or customers. These are only to name a few of the impacts that a lack of cybersecurity can do to ports.

What can ports do to increase their cyber security? It is important to implement security measures to identify and manage the continuous risks and threats to a port system.

  • Define a clear governance, objectives and strategic guidelines around cyber security at port level.
  • Identify all potential external and internal cyberthreats and the vulnerabilities associated with these.
  • Involve all stakeholders involved in port operations.
  • Raise awareness of cyber security matters at port level.
  • Infuse a cyber security culture.
  • Adopt a secure and controllable communications system.
  • Adopt a risk-based approach to build a port cybersecurity strategy.
  • Ensure that all identified risks are under control and properly identified in a timely manner.
  • Conduct and regularly update security risk analysis.
  • Enforce detection and response capabilities at port level to react as fast as possible to any cyber attack.
  • Strictly control access of third parties to the port system.
  • Develop specific and mandatory cybersecurity training courses.

With the recent growth of cyberattacks and increased awareness of cybersecurity, it appears that ports have been somewhat neglected. It is evident that with the world rapidly becoming digitalized and dependent on efficient communication systems, cyber security has been identified as a top-level priority among policymakers and scholars. The gap of knowledge on cybersecurity in ports is a key issue, as it makes them more and more vulnerable to cyberattacks which will prove a major problem in years to come. The limited amount of information and guidance available about cybersecurity related practices in ports and maritime as a while, indicates the essential need for increased cybersecurity protocols. Traditionally ports were only concerned with physical security and safety, it is now more important to integrate cybersecurity into a global strategy.

About SaltDNA

SaltDNA is a multi-award winning cyber security company providing a fully enterprise-managed software solution giving absolute privacy in mobile communications. It is easy to deploy and uses multi-layered encryption techniques to meet the highest of security standards. SaltDNA offers ‘Peace of Mind’ for Organisations who value their privacy, by giving them complete control and secure communications, to protect their trusted relationships and stay safe. SaltDNA is headquartered in Belfast, N. Ireland, for more information visit www.saltdna.com.