A few days ago, the Port of San Diego was hit by a ransomware cyber attack that affected its IT systems and administrative functions. The incident didn’t interfere with regular seaport operations and public safety, but caused disruptions in business services.
The attackers requested payment in Bitcoin: port officials haven’t disclosed the amount of that demand. While the FBI and Department of Homeland Security are investigating the incident, the maritime community is looking into ways to better protect their infrastructure and prevent new cyber attacks before they happen.
Even though major American, Asian, and European ports have started investing in cyber security a few years ago, are they really prepared to deal with hackers?
A Ransomware Outbreak or an Incidental Concurrence?
When it comes to the maritime industry, there are too many aspects and operations that ports have to control to keep the infrastructure secure and business running. If ports don’t have time or resources to set the proper cybersecurity program in place, they remain vulnerable to cyber breaches that can cost them millions and weeks or months of interrupted operations.
About a week ago, the Port of Barcelona, Spain suffered another cyber attack that affected its servers and systems, forcing the authorities to launch a special plan to prevent and remediate these incidents. Although the attack didn’t interrupt cargo operations and the delivery and reception of goods, the organization didn’t disclose the extent of the damage to the port.
The SMM Maritime Industry Report (MIR) states that 80% of the leaders in the shipping industry consider cybersecurity as an “important” or “very important” issue. Facing new threats, maritime organizations are heavily investing in the latest defense technologies against cybercrime.
Last year’s cyber attack on shipping conglomerate Maersk Group revealed the downside of digitalization: while the technology helps operate ships efficiently, transmit ship data in real time, and perform remote diagnostics, the growing number of the IT systems makes the infrastructure more vulnerable than ever. Hackers attacked Maersk with a ransomware, encrypted the data, and offered to decrypt it once a certain amount is paid as the ransom. The damage from the incident to the company operations was estimated at around 200-300 million dollars.
The current technological revolution in the maritime industry, driven by automation and digitalization, demands a proactive approach to cyber security from port authorities and shipping companies. Even though prevention requires the allocation of resources, it’s always much easier and cheaper to prevent the attack that to deal with the aftermath of the incident.
Protecting Ports and Sensitive Data
To enhance cyber security, maritime organizations need to build a comprehensive security program that will keep them protected from threats and breaches.
The first step here is to conduct a vulnerability assessment of the IT infrastructure that can reveal the gaps in the company’s security. If the organization works with a third-party vendor or a consultant, here is what might be included in the initial audit:
- Assessment of Your Information Security Policy
- Organization of Information Security
- Asset Management
- Access Control
- Operations Security
- Physical & Environmental Security
- Security of Your Business Software Applications
Once the cybersecurity assessment is performed, the team should have a list of aspects and areas they need to improve immediately to protect business and operations.
At this point, penetration testing would be the next logical step. It’s a simulation of a real cyber attack on targeted assets using special software and techniques that modern hackers use.
Penetration testing is a great way to identify vulnerabilities in the software used by the organization or in IT systems in general. The process will help reveal how the security defenses work and what needs to be changed. The testing is usually performed by ethical hackers or IT consultants.
Once the security audit and penetration testing are done, it’s essential to take actions to update or develop the custom cyber security program that will fit the maritime organization needs and protect its IT infrastructure.
Since most data breaches occur due to the lack of staff education on security and data protection, it’s critical to train all stakeholders and employees on how to prevent potential threats and ensure the adequate protection of the company’s assets. Steps should also be taken to replace legacy systems that are putting the entire infrastructure at risk.
The technological environment of the maritime industry and the connectivity of multiple systems and devices make modern ports more vulnerable to cyber threats and require the implementation of effective cybersecurity measures and programs. By finding vulnerabilities and solving them before the attack happened, ports and shipping companies can be one step ahead of cybercriminals.