#DidYouKnow – The increasing threat of cyber attacks on ports
Living in an increasingly digitised world has decreased distances between countries. The world doesn’t seem to be vast anymore – countries in the northern hemisphere can get tropical fruits from the southern hemisphere (and vice versa) at a few days’ notice. Communication between different countries has become instantaneous. The increasing innovations have made our planet seem a lot smaller.
The port sector has also been riding this innovation wave. In the final years of the twentieth century, and in the first decades of the twenty first century, ports have been going through a digital transformation to keep up with any new challenges, optimising their operations and creating new strategies (including automation, RFID tagging, etc). All of this has been centred on the ability to interconnect information technologies and operation technologies, cloud computing, the internet of things, big data, among others.
All this modernisation has come at a price – and digital innovation has given rise to cyber threats and cyber-attacks. This has not left any industries unaffected. Ports, as vital infrastructure points to nation-states – have become frequent targets to both national, international and clandestine attacks. During their own digitalisation efforts, ports need to ensure that cybersecurity stays at the forefront, whilst being considered a facilitator of automation and future developments. The transition into the digital sphere has thus morphed into cybersecurity challenges that ports need to address before realising the complete potential of innovative technologies. This is why we decided to deal with cybersecurity in ports for this month’s #DidYouKnow article.
What kinds of cyber threats exist for ports?
Making sure that ports are safe from cyber threats is critical towards ensuring safe and secure operations of ships both at sea and onshore. This is not a new issue – the International Maritime Organization (IMO) has already adopted various resolutions that aim to minimize (if not eliminate) cyber risks in the maritime industry. For example, under the IMO’s resolution MSC.428(98), port administrations need to ensure that the systems that are in place in their communities appropriately address any risks or security concerns for vessels that may exist in cyberspace. This is because port operations are vital in international and national maritime trade. It is within their boundaries that vessels arrive, load, and unload their cargoes, top up fuel, and carry out other vital information towards the proper functioning of the global supply chain.
In the modern digital world, port cybersecurity must be seen as a top priority for any transport operation
There are many types of cyber risks that can affect ports and their operations. These can be grouped the following 7 categories (which are by no means finite as the digital sphere is a constantly evolving creature).
- Eavesdropping, interception, hijacking -This group of risks includes, but is not limited to, incidents such as the interception of emissions, sensitive information, network reconnaissance, network traffic manipulation, etc.
- Nefarious activity & abuse – This group of risks includes, but is not limited to, incidents such as the denial of service, malware, brute force, identity theft, phishing, targeted attacks, abuse and theft of data, manipulation of information, etc.
- Disaster – These risks can emerge as a result of environmental disasters, natural disasters, etc.
- Unintentional damage – These can include the use of unreliable sources, erroneous administration of IT/OT systems, information leakage, among others.
- Failures and Malfunctions – Any information system always has the potential to fail or malfunction. This group of risks includes failures to systems, devices, navigation and communication systems, main supply systems, failure or disruption of service providers, etc.
- Outages – As information and digital systems depend on the energy grids, these risks include any possible main supply outages, network outages, absence of personnel, loss of support, etc.
- Physical attacks – perhaps the group most associated with the general term of “cyberattacks”. This category includes fraud, sabotage, vandalism, theft, unauthorised access, terrorism, hacktivism, piracy, coercion, extortion, or corruption
What are the legal frameworks?
Providing worldwide cybersecurity guidance for ports is the International Maritime Organization. Various resolutions have already been passed by the organisation to try to create standards for ports and shipping lines to follow to ensure maximum cyber security and cyber regulatory frameworks that minimise the risks for all parties, including ISO/IEC 27001 and the Guidelines on Cyber Security on Board Ships.
SOLAS – or the International Convention for the Safety of Life at Sea – is a treaty that has established the minimum safety standards for shipping. It covers requirements for equipment, construction, and the general operation of vessels. It has been adopted by over 150 nation-states. In terms of cyber security, its Chapter IX — Management for the Safe Operation of Ships — requires every shipping line and any person or company that is responsible for a vessel to comply with the International Safety Management Code (ISM). This code has been adapted to include sections on cybersecurity concerns.
ENISA is the European Union Agency for Cybersecurity. In 2019 its position was strengthened with the EU Cybersecurity Act, which also defined a general framework for Information, Communication and Technology products, processes, and services. All EU member states need to comply with the ENISA requirements, though there are some that have also adopted their own national initiatives to further shield themselves from cyber risks. This includes the French CIIP law, the German “IT-Grundschutz” and the UL Cyber Security Code of Practices, among others.
This #DidYouKnow article is by no means an extensive deep-dive into the world of cyber security – as it is a very broad and complex topic that only specialised cyber professionals could explain. It does offer, nevertheless, a glimpse into the complexity of issues that arose with the digitalisation of our modern world.
Ports are not immune to the cyber risks, no matter how digitised and seemingly prepared they are. Most of such attacks involve people and fragmented system landscapes, and therefore every port community is potentially at risk. The digital divide shouldn’t be ignored – and the fact that the maritime world is central to keeping global supply chains moving and thus is crucial to information exchanges associated with them further highlights the shared nature of cybersecurity risks. Therefore, for the maritime world to function effectively, the management of cyber risks must be carried out properly and shared with all stakeholders, ranging from port authorities, shipping operators, port facilities and terminals, maritime agencies, customs agents and maritime law enforcement agencies. The cyberworld does not have physical borders, and therefore the mitigation of any threats there is trickier.
Cybersecurity in port operations is no easy (nor isolated) feat. It is essential for all partners involved in transport operations to be aware of the risks involved and to learn to take the necessary steps to prevent or stop any potential threats that may develop. This includes following good practices that certain port operators may establish to reach a baseline of cybersecurity. In 2020, the port industry has faced a fourfold increase in cyber attacks against OT systems (a fourfold increase from 2017). Cyber-attacks are unfortunately becoming common. Therefore it is important to note that, at the end of the day, port operations and cybersecurity in the twenty first century are two sides of the same coin.
Intrigued? The Escola Europea is organising a summer school in port operations – with a focus on vessels and goods that are processed through the Port of Barcelona in the month of July. In the course we go over all the aspects of port operations, including the new cyber threats and their mitigation procedures. Check out the programme on our website.