Maritime Port Cyber Security: The Achilles Heel of the Global Economy

The maritime industry is the unquestionable driver of the global economy. Through a vast network of vessels, ports, logistical and administrative infrastructure - some 90% of the world’s goods are moved each year. Like most industries, maritime has become increasingly automated, connected, and remotely monitored.

Not surprisingly, maritime trade has also become a prime target for cyber-attackers. The sector is especially vulnerable owing to its dependence on technology for navigation, communication, and logistics. At the same time, both onboard and land-based systems are aging rapidly – a fact exacerbated by the average 25-30 year lifespan of many cargo vessels.

This combination of vulnerability and economic centrality has led to ever-increasing pace of cyberattacks on maritime vessels and infrastructure. The World Economic Forum cited cyberattacks on transportation infrastructure as the world’s fifth highest risk in 2020^[1], and cyberattacks on the maritime sector increased by a staggering 900% over the last three years^[2]. Among the targets hit in 2020? The UN Maritime Agency^[3], shipping giant MSC^[4], and French container transport company CMA CGM^[5].

Ports - Notably Vulnerable

A high profile attack^[6] in May last year on Iran's Shahid Rajaee port facility at Bandar Abbas illustrated the domino effect of disruption cyberattacks on port computer systems can have. This attack, considered relatively minor, nonetheless created long lines of vehicles outside the port, and led to numerous vessels being stuck in the harbor for hours.

The motivations of cyberattackers in choosing ports are diverse. From pure financial motives to international espionage, and including straightforward criminal activity – ports are a focal point for both domestic and national threat actors seeking:

• Financial gain - ransomware thrives in under-protected environments like ports, where ransom payoffs are often a fraction of the potential loss from shutdowns and disruptions.
• Criminal goals – since ports regulate the influx and exit of goods to a country, smugglers that can control port computing systems can gain access to valuable cargo or tamper with records to facilitate criminal gain.
• Intelligence: Information on the movement of good and passengers is valuable to rival nation-states looking to better understand a country’s activity and plans. In the event of war, disruption of the flow of goods can impede military plans, potentially tipping the scale of conflict.

The problem of port cyber vulnerability is compounded by the state of networks and training. Port and maritime employees often lack the skillset to deal with common cyberthreats, leaving them open to social engineering attacks like phishing emails. Moreover, the legacy OT networks that control the operations of many of the world’s ports are frequently not updated and thus unprepared to meet a concerted cyber onslaught by a well-funded attacker. Through exploiting exposed services like websites, email logins or VPN gateways, attackers can easily gain remote access.

Finally, ports are large and geographically diffuse facilities. Unauthorized physical access to port facilities can offer attackers direct access to actual target computers and systems. 

Mitigating the Risk to Ports

Securing the industrial networks, that control the world’s physical ports, demands a different type of maritime cybersecurity approach.

OTORIO offers the world’s first end-to-end, industrial-native portfolio of cybersecurity solutions together with a rich portfolio of field-proven professional services including Incident Response, Risk Impact Assessment, Penetration Testing, and Training.

Discovering, analyzing, and monitoring all OT, IT, and IIOT assets within the operational environment, OTORIO’s digital and cyber risks management system, RAM², correlates security events and digital risks from across the entire OT network. OTORIO’s OT security solution RAM² platform helps our maritime clients mitigate the risks to ports and shipping alike.

This enables our industrial and maritime partners to leverage attack mitigation tools that were designed and built from the ground up for OT ecosystems with operational processes and port business continuity as their number one priority.

_______________________

^[1] https://www.weforum.org/reports/the-global-risks-report-2020

^[2] https://www.maritime-executive.com/article/naval-dome-cyberattacks-on-ot-systems-on-the-rise

^[3] https://www.zdnet.com/article/un-maritime-agency-says-it-was-hacked/

^[4] https://securityaffairs.co/wordpress/101740/cyber-crime/msc-malware-attack.html

^[5] https://www.portstrategy.com/news101/port-operations/safety-and-security/data-breach-during-cma-cgm-cyber-attack

^[6] https://www.aljazeera.com/news/2020/5/19/israel-cyberattack-caused-total-disarray-at-iran-port-report