When you think of a cyber attack on a vessel you might assume that the majority of incidents take place whilst the ship is at sea, perhaps thinking it is more vulnerable then. However research by RightShip reports that 50% of cyber security attacks on vessels occur whilst vessels are in ports/terminals. Docked ships regularly interact digitally with shore-based operations and supply chain providers to ensure the smooth flow of operations, bringing an increased risk of cyber attacks via malware and phishing attempts, and the longer a ship is docked, the more vulnerable both the vessel and port is to a cyber attack. With ship infrastructure and port activity now increasingly connected and reliant on OT (operational technology), the attack surface has again expanded, increasing the risk further.
Whilst some of the cyber risks are outside of the ports control, the impact can be significant, and ports need to be ready to deal with issues as they occur to minimise disruption.
Ports themselves are an attractive target for cyber attacks. With 90% of traded goods carried over the waves, ports play an important role in the global supply chain and are part of our global critical infrastructure.
Attacks against critical infrastructure are designed to cause the biggest disruption, and therefore potentially offer the best return for cyber attackers looking to be paid a hefty ransomware demand, or for a political gain.
Over the past 5 years there has been some notable incidents of cyber attacks against ports, all designed to bring maximum disruption:
- September 2018 – the Port of Barcelona’s internal IT systems were attacked, which affected loading/unloading processes.
- September 2018 – the Port of San Diegowas also disrupted by a “highly sophisticated” cyberattack which included the potential of threats to public safety.
- October 2018 – the Port of Vancouver suffered a brute force attack.
- March 2020 – the port of Marseilles was attacked with ransomware.
- May 2020 – the Shahid Rajaee Port Terminal in Iran was hacked in which all of its operational processes almost completely interrupted.
- May 2020 – Hormuz Port was attacked, damaging some operating systems.
November 2020 – the Port of Kennewick in Washington was hit with ransomware, which completely locked access to its servers.
- July 2021 – four major ports in South Africa (Cape Town, Ngqura, Port Elizabeth and Durban) were paralysed following a massive attack on the Transnet National Port Authority, the country’s main freight manager.
- August 2021 – the Port of Houston resisted an attack exploiting a critical flaw in a password management solution.
- February 2022- India’s state owned container terminal at Jawaharlal Nehru Port Trust (JNPT) was hit by a ransomware attack that affected its management information system (MIS).
- February 2022 – Major oil terminals in some of Western Europe’s biggest ports fell victim to a cyberattack.
- May 2022 – The Port of London Authority (PLA) was hit by a cyberattack which knocked its website offline.
- January 2023 – Port of Lisbon suffered a ransomware attack that took down its website and internal computer systems, reportedly stealing financial reports, audits, budgets, contracts, cargo information, ship logs, and port documentation.
Many of these attacks involved ransomware and will have targeted operational technology (OT). It was reported in 2020 that cyber security attacks on the maritime industry’s operational technology (OT) systems increased by 900% over the previous three years.
In 2022 The Port of Los Angeles claimed that cyber attacks nearly doubled since the start of the Covid pandemic, with the number of monthly attacks it faced at around 40 million, the aim being to cause as much disruption as possible and to slow down economies.
The Secretary of the U.S. Department of Homeland Security (DHS) confirmed the most significant threat to ports are cyber attacks, due to the amount of harm which can be caused plus the increasing level of technology by which ports operate.
And just this month research by the European Union Agency for Cybersecurity (ENISA) confirms that ransomware is the top threat to the entire transport sector including maritime, and it is expected that ransomware groups will continue to disrupt operations due in part to an increasing number of OT and ICS (industrial control system) vulnerabilities. As a result European ports are preparing for a major regulatory change in 2024 that will require hundreds of firms that operate out of Europe’s big ports to use basic security measures and report hacks to cybersecurity authorities,
The Infosec Partners team of cyber experts have significant experience working within the Maritime sector, and within complex OT environments.
We are globally recognised by Fortinet for our advanced skills and ability to deploy, administer and troubleshoot OT cyber security solutions in complex environments, assisting Ports and Vessel owners to mitigate security and threat concerns, improve productivity and optimise the security of their OT network.
We advise that Port and Vessel owners don’t wait until they fall victim to a cyber attack – contact our team of OT cyber security consultants today to learn how we can help protect critical infrastructure, prevent disruptions, and safeguard operations from the growing cyber threat landscape.