 Ports and marine shipping companies are adopting new technologies and automizing operations which has increased the risk of cyberattacks that could disrupt trade. In 2020, Naval Dome, a maritime cybersecurity company, estimated that cyberattacks on the maritime industry’s operational technology (OT) systems increased by at least 900% over the 3 years prior with more than 500 major cyber security breaches.[1] In 2023, there were 46 cyber incidents in the United States reported to the Maritime Cyber Readiness Branch (MCRB), which is likely an underestimate as many incidents go unreported.[2] The impact of these cyberattacks could be detrimental to stakeholders of all supply chains as 75% of U.S. freight trade (by volume) is dependent on the maritime sector[3] and their operations generate over $5.4 trillion for the U.S. economy.[4]
Cyberattack Risks and Solutions According to a 2021 report published by the Atlantic Council, an international affairs think tank, cyber-attackers can be categorized into the following groups based on motivation:
These attackers target a wide range of parties involved in the movement of goods from the private sector, including maritime logistics and technology service providers, to government agencies, including port operations. Their methods of attack focus on infiltrating an organization’s systems, networks or accounts via Global Positioning Systems (GPS) and/or Automatic Identification Systems (AIS), OT systems, Industrial Control-Systems (ICS) devices, human targets and Information and Communications Technology (ICT) systems.[6] The United States Coast Guard’s 2023 Cyber Trends and Insights in the Marine Environment report lists various tactics and techniques utilized to gain access to an organization, including phishing/spoofing, password cracking, software attacks (including ransomware), business email compromise and structured query language (SQL) injection.[7] U.S. ports may be vulnerable to these attacks due to the multiple stakeholders involved in port operations, and the sharing between ships and ports of network connections and USB storage devices, among other technology, as advised by the Department of Transportation Maritime Administration.[8] The consequences of a cyberattack could include access to sensitive information (which could lead to financial extortion or theft of cargo), reduced operation capacity or closure of ports, physical damage to equipment or cargo, safety risks to employees and others and reputation damage.[9] For example, GPS/AIS jamming and spoofing could make it difficult for ships to know their current location and the direction of their route, causing the ship to be lost and, as a result, delayed. Likewise, it could also make it difficult for the destination port to estimate times of arrival for ships when planning/managing port traffic. Ways to mitigate the risk of attacks include password policies (on length, complexity, history and expiration), multi-factor authentication, user training (for employees and relevant external entities), software updates (to have supported operating systems, patched software and antivirus/protection from malware),[10] monitor network traffic (try to separate internal entities from external), user account management and access controls for third parties, audit systems and information sharing between organizations, government agencies and other stakeholders in the supply chain about risks and incidents.[11] In addition to the methods to mitigate the risk of attacks, the Department of Homeland Security makes high-level recommendations on mitigating the impact of attacks for stakeholders in the industry through their U.S. Maritime Trade and Port Cybersecurity report, including:
Recent Examples of Cyber Risks to Infrastructure The most recent, major cybersecurity issue that impacted global trade operations was in July 2024 after a computer update administered by the cybersecurity company Crowdstrike disabled Microsoft Windows systems worldwide, creating disruptions for businesses, airports and port facilities.[14] The inability to use essential systems caused thousands of flights, including those dedicated to air freight, to be grounded or delayed. The Ports of Houston, New York and New Jersey, and Los Angeles also reported disruptions.[15] Although the Crowdstrike incident was not an intentional attack, but a faulty software issue, a cyberattack with similar widespread consequences occurred in 2017 when multiple businesses, including Maersk the global shipping company, fell victim to malware cyberattacks. For Maersk, this caused the computer system across several ports to be down, including the Port of Rotterdam, the Port of New York & New Jersey and a container facility at Jawaharlal Nehru Port.[16] Some cyberattacks have not been as widespread but have still caused major disruptions in trade, such as the ransomware attack on DP World Australia, a port operator which manages nearly 40% of Australia’s imports and exports, that interrupted operation for three days and caused cargo traffic in November 2023.[17] The Port of Lisbon also experienced ransomware attacks in 2023 that took down its internal computer systems and allowed the cyber-attacker to steal sensitive information such as financial reports, budgets, cargo information, ship logs and port documentation.[18] Initiatives to Mitigate Cyber Risk in the United States Due to the increasing threat of cyberattacks and the potential widespread impact, on 21 February 2024, the Biden-Harris administration announced actions to strengthen the cybersecurity of American ports through an executive order that requires all ports to comply with international and industry recognized safety regulations, such as mandatory reporting of attacks to the Coast Guard Cyber Command. In addition, government entities, like the Supply Chain Resilience Center announced in November 2023 and the multiple Cyber Security Operations Centers (CSOC) at certain ports, are intended to reinforce port security.[19] For example, the Port of Los Angeles CSOC stopped 750 million cyber intrusion attempts in 2023.[20] Lastly, under the Investing in America Agenda, $20 billion will be invested in strengthening U.S. port infrastructure. As a subset of the discussion on trade infrastructure cybersecurity, there is concern that the equipment at ports, such as the ship-to-shore cranes moving cargo on and off ships, will be targets of cyberattacks because about 80% are made in China with Chinese software. As part of the 21 February executive order, the Coast Guard was instructed to publish a maritime security directive outlining cyber risk management of ship-to-shore cranes from China. The Biden administration supplemented these policies with a 25% tariff on ship-to-shore cranes from China. This has also prompted the House of Representatives to propose port crane security legislations, the most recent being the Port Crane Security and Inspection Act of 2023, that would limit the use of foreign cranes and require CISA to inspect foreign cranes for potential security vulnerabilities.[21] Under the incoming Trump administration, increased protective measures from cyber threats on the maritime sector are likely as they would mirror actions taken during his first administration[22] and would align with his overall stance on U.S.-China relations.[23] Mike Waltz, Trump’s current choice for the National Security Advisor, has already expressed that “we need to start going on the offense and start imposing, I think, higher costs and consequences to private actors and nation-state actors that continue to steal our data.”[24] Moving Forward As technology advances, it is important that policies and protocols of the trade industry evolve in parallel. New developments, including smart port technology and AI-enabled systems, may improve efficiency, however, they may also create greater exposure to the threat of cyber risks that would cause further disruptions.[25] Cybersecurity is crucial for the maritime industry as it may simultaneously face other disturbances, including dangerous weather conditions, pirate attacks, geopolitical-related events and other threats to the movement of goods.[26] These concerns do not only apply to the maritime sector, but to all industries and to businesses of all sizes because not only could there be an impact to your business operations as a byproduct of attacks on the maritime industry, but your company may be directly targeted. The best way to protect your company is to be prepared. Most of the methods to mitigate the risk and/or impact of cyberattacks listed above for the maritime sector, such as developing and implementing a company-specific cybersecurity policy, can be applied to your company and having cybersecurity insurance can also help protect against financial loss. In addition to the reports linked above, various U.S. government agencies provide many resources and services including:
[1]Maritime Cyber Attacks Increase By 900% In Three Years Hellenic Shipping News (21 July 2020) [2]Cyber threats to watch out for in the Marine Transportation System United States Coast Guard [3]U.S.-International Freight Trade by Transportation Mode Bureau of Transportation Statistics [4]Biden to sign executive order on US port cybersecurity targeting Chinese-manufactured shipping cranes CNBC (21 February 2024) [5]Introduction: Cooperation on maritime cybersecurity Atlantic Council (4 October 2024) [6]Ibid. [7]2023 Cyber Trends and Insights in the Marine Environment report United States Coast Guard, pages 13 and 38-39 [8]Biden to sign executive order on US port cybersecurity targeting Chinese-manufactured shipping cranes CNBC (21 February 2024) [9]Port Facility Cybersecurity Risks Cybersecurity & Infrastructure Security Agency [10]Why Ports Are at Risk of Cyberattacks Dark Reading (9 September 2022) [11]2023 Cyber Trends and Insights in the Marine Environment report United States Coast Guard, pages 15 and 42-51 [12] U.S. Maritime Trade and Port Cybersecurity Department of Homeland Security, page 5 [13]Introduction: Cooperation on maritime cybersecurity Atlantic Council (4 October 2024) [14] Ibid., page 4 [15]Microsoft, CrowdStrike IT outage hits global supply chain, with air freight facing days or weeks to recover CNBC (19 July 2024) [16]Massive malware attack: Who's been hit CNN (28 June 2017) [17]Australian ports resume some operations after major cyberattack CNN (13 November 2023) [18]2023 Cyber Trends and Insights in the Marine Environment report United States Coast Guard, pages 13 [19]Biden to sign executive order on US port cybersecurity targeting Chinese-manufactured shipping cranes CNBC (21 February 2024) [20]Biden admin, U.S. ports prep for cyberattacks as nationwide infrastructure is targeted CNBC (17 April 2024) [21]Biden to sign executive order on US port cybersecurity targeting Chinese-manufactured shipping cranes CNBC (21 February 2024) [22]Trump administration rolls out plan to secure maritime sector against cyber threats The Hill (5 January 2021) [23]What Trump Has Promised on China in a Second Term PBS (27 November 2024) [24]Why Trump Security Pick Wants to Make Cyber Attackers 'Pay' Cyber Magazine (16 December 2024) [25]2023 Cyber Trends and Insights in the Marine Environment report United States Coast Guard, pages 29-30 [26]Introduction: Cooperation on maritime cybersecurity Atlantic Council (4 October 2024) Comments are closed.
|
|
|
|
|
