In today's uncertain geopolitical environment, potential cyber-attacks are of high concern to individuals and businesses alike. Most worrisome of these are attacks on critical infrastructure and industrial assets.
Critical infrastructure, especially power, transportation, communication, financial and other systems, play a vital role in modern society, so critical infrastructure has always been one of the main targets of cyber attacks. Cyber attackers may attempt to compromise these systems, steal sensitive data, or conduct other malicious activities.
Today, cyber attacks on critical infrastructure have evolved into a global problem, and countries are facing various cyber security threats. Among them , it is worth noting that the shipping industry, which belongs to the branch of transportation, has a more lagging network protection mechanism than that on the shore, which has led to a sharp increase in the frequency of network attacks in recent years.
According to the United Nations Conference on Trade and Development (UNCTAD), more than 80% of international trade goods are transported by sea, and this proportion is even higher in developing countries. The industry as a whole relies on a complex series of "just-in-time" supply chains, and the disruption of just one link could have huge repercussions.
The "attack" on the port network triggered a series of chain reactions
A port is a very important node in the entire shipping supply chain. Once attacked, it may have a serious chain reaction on trade and supply chains.
First of all, cyber attacks may lead to the paralysis of the port's transportation system. The system will not be able to accurately track and manage the flow of goods, resulting in confusion in the flow of goods, interruption of operations, and obstruction of information sharing.
In addition to the transportation system, a hacker attack may also damage the security system of the port, which will make it impossible for the port staff to carry out normal inspection and monitoring of ships and cargo. Not only will this increase the risk of malicious items or terrorist activity, it may also threaten the safety of people in transit.
Secondly, the port contains a lot of important information, such as sensitive data such as ship operation information, cargo list, contract and payment information, etc., which may be stolen, tampered with or destroyed by hacker organizations. This can lead to significant financial loss, legal issues and trust issues.
Therefore, to ensure smooth, safe and reliable flow of goods, maintaining cybersecurity at ports is of paramount importance.
Ports are a piece of "fat" in the eyes of global hackers
In recent years, frequent port security incidents have brought huge threats and challenges to global shipping and supply chains. Issues such as hacking, data leakage, and system crashes are no longer theoretical risks, but have become serious realities.
In this era when the Internet and logistics are closely connected, ports have become an important target for hackers. Their outdated legacy technology and weak network security measures have made attacks more and more serious. They were even called "one of the most insecure key infrastructures" by foreign security experts. Some typical cases of port network attacks are listed below .
Port of Los Angeles suffers at least 40 million cyberattacks a month
As one of the busiest ports in the Western Hemisphere, the Port of Los Angeles experiences approximately 40 million cyberattacks per month, according to Gene Seroka, executive director of the Port of Los Angeles. The reason why the port is often targeted by hackers is that HNA transports 250 billion US dollars (about 1.69 trillion yuan) of cargo every year. Malicious attackers steal all kinds of confidential data involved in the cargo and extort money to make huge profits.
It is reported that the threat to the port comes from Russia and parts of Europe. Since the port plays a vital role in the key infrastructure, supply chain and economy of the United States, there is also internal intelligence showing that the purpose of attacking the port is to damage the US economy. The main methods of attack include but are not limited to ransomware, malware, spear phishing, and credential harvesting attacks.
For ports, ransomware attacks can lead to the encryption or paralysis of the core business systems of the port, and may even cause some key data to be destroyed or obtained by attackers, including ship flights, cargo information, customer data and other important information. As a result, the port cannot carry out key operations such as normal cargo handling, container management, and ship scheduling, which may have a serious impact on the port's operational efficiency and cargo flow, while the loss or leakage of confidential data may have long-term effects on the port's operations and reputation.
Cyber attack on Japan's Nagoya port may affect automobile and other manufacturing industries
Located in Ise Bay, Nagoya Port in Japan is the largest and busiest trading port in Japan, accounting for about 10% of the country's total trade volume. The port is also Japan's largest car exporter, with most of Toyota Motor Corp's vehicles exported here.
According to the Japan Times, in July this year, the ransomware LockBit 3.0 launched an attack on the port of Nagoya, Japan, causing the port’s container dispatching system NUTS to suspend operations for one day, interrupting the loading and unloading of containers, and trucks stranded on site.
NUTS is the Port of Nagoya Unified Terminal System, which is a central system that controls all container terminals in the infrastructure. But after investigating the cause of the accident, Nagoya Port authorities held a meeting with the Nagoya Port Operations Association Wharf Committee, which operates the system, and the Aichi Prefectural Police Headquarters, and found that the problem was caused by a ransomware attack.
The security incident will have a huge economic impact on the port. Experts predict that the attack may also affect the transportation of goods across the country.
But this is not the first time Japanese ports have fallen victim to cyberattacks. As early as September 2022, the pro-Russian group Killnet had launched a large-scale DDoS attack, which caused the website of the port to be shut down.
Confidential documents stolen from Portuguese port of Lisbon
In January this year, local officials of Lisbon Port, one of the world's super ports and the largest port in Portugal, confirmed that due to a cyber attack, the port website was still unable to be accessed normally after a week. Around the same time, the LockBit gang added the Port of Lisbon to its ransomware list, claiming to have launched a ransomware attack.
News reports said the Lisbon Port Authority (APL) confirmed that the attack did not compromise the operations of its critical infrastructure. After the attack, the Port Authority has reported the incident to the National Cyber Security Center and the Judicial Police.
Port officials said in an interview, “The various security protocols and response measures planned for such incidents have been quickly launched. The Lisbon Port Authority has maintained close cooperation with various competent authorities for a long time to jointly ensure the security of the system and related data.”
The LockBit ransomware gang claims to have stolen data such as financial reports, audits, budgets, contracts, cargo information, ship logs, crew details, customer PII (personally identifiable information), port documents, and correspondence. The gang also released samples of the stolen data, but the legality of the disclosed data could not be verified and substantiated.
Dutch ports paralyzed for hours by DDoS attack
In June, a pro-Russia hacking group attacked the website of the Dutch port, knocking it down for several hours, RTL News reported. The group behind the attack, NoName057(16), suggested that the attack was a response to the Netherlands' intention to buy Swiss tanks for Ukraine.
Tom Hegel, an American researcher at the network security company SentinelOne, said: The hacker group targets all organizations that oppose Russia. Port authorities in Groningen, Amsterdam, Rotterdam and Den Helder confirmed DDoS attacks. The websites of the Rotterdam, Amsterdam and Den Helder port authorities were inaccessible for several hours last Tuesday due to the attack.
Malicious actors launching DDoS attacks typically overload port networks with flooding requests, causing devices to fail to respond to requests from legitimate users, resulting in service disruption. Port operations, in turn, rely on highly complex systems, relying on computer systems for tasks such as vessel scheduling, equipment management and cargo tracking. In the event of a DDoS attack, these critical business processes would be disrupted, causing delays in vessel calls, cargo shipments and other related operations.
Ports are an important link in international trade and logistics. Once port services are interrupted, the supply chain will be seriously affected. Failure to load, unload and transport goods in a timely manner may lead to order delays, inventory buildup and delivery delays, and in severe cases, negatively impact business activities and the economy.
Port network attack methods are "full of tricks"
In addition to ransomware attacks and DDoS attacks, spear phishing targeting ports is also one of the common methods.
Hackers create emails containing suspicious links to gain unauthorized access. After gaining access to information systems, hackers install keyloggers to capture logins/passwords and identify individual workers to build an accurate map of port status.
In addition, attackers use classic scanning techniques to verify the most vulnerable network ports, discover the status of services, define the best policies for accessing databases, and determine which users monitor services. At the highest level, attackers use IP fragmentation to confuse firewalls and thereby bypass packet filters.
Another common attack method is supply chain attack. Hackers can focus supply chains to cause damage through the most vulnerable parts of the end-to-end network. International shipping from origin to final destination relies on key processes and stakeholders for container tracking, assurance and international authorization. Attackers can exploit vulnerabilities in the supply chain to modify critical information, thereby changing the destination of the container.
With the continuous advancement of technology, the attack methods of cyber attackers have also become "various". As a key logistics and trade hub, ports have become "fat meat" in the eyes of criminals. They use whatever means they can and are constantly looking for weaknesses and loopholes that can penetrate port networks.
Why the "port" is always targeted by hackers
The shipping industry is undoubtedly the driving force of the global economy. Through a vast network of ships, ports, logistics and administrative infrastructure, about 90% of the world's goods are transported by ship every year. Like most industries, the maritime industry has become increasingly automated, connected and remotely monitored. This also makes maritime trade a prime target for cyber attackers.
In recent years, there have been many serious cyber-attacks in the shipping industry, ranging from system damage to ports in chaos for a long time. The movement speed of infrastructure has stagnated, a large backlog of goods, several freighters and oil tankers are waiting to unload, and trucks have been lined up for miles at the port entrance... These serious consequences further illustrate the possible domino effect of hackers’ cyber attacks on port computer systems.
For cyber attackers, the motivations for choosing ports can be broadly summarized into the following three categories. From purely economic motives to international espionage, including outright criminal activity, ports are sought after by domestic and nation-state attackers:
• Financial benefits. Ransomware attacks thrive in underprotected environments such as ports, where ransom payments are often a fraction of the potential damage from shutdowns and outages.
• Criminal targets. Because ports control cargo moving in and out of a country, hackers with control of a port's computer systems could gain access to valuable cargo or tamper with records to facilitate criminal proceeds.
• Threat intelligence. Information on the movement of goods and passengers is valuable to hostile nations wishing to better understand a nation's activities and plans. In the event of war, interruptions in the flow of supplies can hamper military planning, potentially exacerbating the scale of the conflict.
One of the toughest challenges with cybersecurity at sea in particular is that there is little standardization of systems, many ship control systems were not even designed with cybersecurity in mind, and over time many other networking technologies were added, leaving the door wide open for cybersecurity in ports.
In addition, compared with other critical infrastructures, the operating environment of the shipping system is also more challenging than that of typical industrial equipment. Some industry analysts have pointed out that most ships rely on VSAT/FBB satellite communication for connection, which has the characteristics of low bandwidth and high latency. Although it can transmit communication information such as emails and navigation data, it cannot realize real-time repair and update of vulnerability patches, which obviously gives hackers the opportunity to exploit loopholes.
There’s also the issue of legacy OT networks that control many of the world’s port operations with a lag in updates, making them ill-equipped to deal with coordinated cyber attacks by well-funded attackers. Attackers can easily gain remote access by exploiting exposed services such as websites, email logins, or VPN gateways.
This, combined with a lack of skills for port and maritime employees to deal with common cyber threats, makes them highly vulnerable to social engineering attacks such as phishing emails. It is for this reason that the issue of port cyber vulnerability becomes more and more complex.
The problem of port security has become a "persistent" problem in countries all over the world
In recent years, with the rapid development of information technology and the digital transformation of port operations, port network security has become an important issue worldwide. In response to the increasing cyber threats and security risks, various countries have formulated regulations and policies for port cyber security.
These regulations aim to ensure the network system security and defense capabilities of port facilities to prevent potential cyber attacks and protect the port's operational stability and information security.
Regulations and policies in different countries cover multiple aspects, such as network infrastructure protection, information sharing, risk assessment and security training, etc. to adapt to evolving network threats and technological challenges.
UK publishes Guidelines on Cyber Security for Ports
Back in 2016, the U.K. Department of Transport issued a guideline on cybersecurity at ports, which was jointly developed by the British Academy of Engineering and Technology and the Department of Transport.
On January 27, 2020, in order to further protect the network security of British ports, the British Ministry of Transport updated and released a revised version of the new business guidance on the basis of the original version.
The guidance warns that failure to address cybersecurity risks could result in serious personal injury or death, disruption or damage to port systems, loss of use of buildings, impact on business operations and potentially serious consequences such as reputational damage, loss of revenue, financial fines or litigation.
The 71-page guide offers actionable advice on everything from cybersecurity assessment and planning for critical assets, how to deal with security breaches, and the right governance structures, roles, responsibilities, and processes.
Maritime Secretary Nusrat Ghani said: "This updated port cybersecurity guidance is designed to ensure that UK ports are not only the best in the world, but also the safest.
The United States promulgated the "National Maritime Cyber Security Plan"
In January 2021, the U.S. government issued a plan for threat mitigation and security protection for key maritime industries, mentioning a list of tasks that should be prioritized.
The planning document, titled the National Maritime Cybersecurity Plan, highlights multiple priorities for closing gaps in cybersecurity and addressing vulnerabilities in the maritime industry over the next five years.
The maritime industry includes thousands of major waterways, shipyards, ports and bridges, and contributes approximately $5.4 trillion to the U.S. gross domestic product (GDP). At a high level, the plan sets priorities and goals around global standards for defining maritime threats, enhancing threat intelligence and information sharing, and increasing the maritime industry's cybersecurity workforce.
Other priorities identified in the plan include developing risk modeling to inform maritime cybersecurity standards and best practices; enhancing cybersecurity requirements for port service contracts and leases; and improving information-sharing capabilities between the U.S. government and private industry. The plan states that “enhancing maritime network security requires access to credible and actionable intelligence” and states that relevant mechanisms will be created to share unclassified information and acceptable confidential information with maritime industry stakeholders, and enhance access to actionable information to protect the security of maritime IT and OT networks.
Additionally, the plan calls for the creation of a global "Port OT Risk Framework" based on input from partners, to be rolled out globally. The plan also mentions the hiring of cybersecurity specialists and a strong team to manage and secure ports and ship systems.
International Association of Ports and Ports publishes Guidelines on Cybersecurity for Ports and Port Facilities
In September 2021, the International Association of Ports and Ports released its cybersecurity guidance to help ports address the real financial, commercial and operational impact of cyberattacks. The report aims to help ports and port facilities to provide an objective assessment of their readiness to prevent, deter and recover from cyber-attacks, and to raise awareness among port authority C-level management of the need to address cybersecurity concerns and provide a pragmatic and practical approach to cyber threat actors.
Effective management of cyber risk is critical to the proper functioning of a diverse maritime community in which stakeholders from port authorities, ship operators, port facilities, maritime agencies, customs and law enforcement are all interconnected.
Cyber threats can jeopardize the operations of an entire port or port facility and are proliferating at an increasing rate. With the development and introduction of new IT and OT technologies, automated systems and integrated processes that rely on key cloud service providers, port leaders must recognize the importance of managing cyber risk and understand that it is a responsibility that starts at the top.
epilogue
Port security has long been one of the most neglected parts of critical infrastructure. Because of its lack of attention, numerous "big troubles" have been caused by port security in recent years. The paralysis of the transportation system, the loss of a large amount of sensitive data, and the huge economic loss... have taught people enough lessons, so they have to start to escalate the issue of port network security.
As an important cargo distribution center, the port terminal is an important window for countries all over the world to display to the outside world. Therefore, it is of great significance to improve the network security of the port terminal by doing a good job in the network construction and security protection of the terminal port.
Port cybersecurity is an increasingly pressing issue that requires a global effort. Only by strengthening the protection of network infrastructure, improving regulations and policies, strengthening information sharing and cooperation, and improving personnel security awareness and skills can we ensure the security and stability of the port network, support the smooth flow of international trade and the sustainable development of ports.
Although it may be economically costly to fully build and upgrade a port’s cybersecurity system, it will certainly be a worthwhile “investment” considering the huge knock-on effects that a successful cyber attack can have on a port.