No margin for errors in port cyber security

In early November 2020, the 20,400 TEU Ever Grade was forced to skip its scheduled call at the UK’s Felixstowe port, instead heading straight to Rotterdam and unloading UK-bound containers there for onward transport via London Thames port. Similarly, the first call of CMA CGM’s new ultra-large container vessel to Southampton was cut short with around a thousand containers staying aboard until a later visit.

The UK’s port infrastructure has never before been under such strain – the double challenges of COVID-19 and Brexit mean that freight volumes are at an all-time high. This has caused significant backlog with importers struggling to obtain their goods and factories pausing manufacturing lines due to a shortage of component parts.

Although this is not the result of any kind of malicious activity, it has sharply highlighted the significant impact that port disruptions can have on the wider economy. With the global shipping industry already under pressure, and the UK facing new challenges in 2021 as the Brexit transition period has ended, addressing the risk to port infrastructure from cyber-attack has never been more critical.

The risk is not just academic – 2020 has seen the IMO, MSC and CMA CGM both attacked, and port infrastructure in the USA targeted by ransomware. In Iran a cyber-attack on the Shahi Rajaee port, allegedly carried out by Israel, cased significant disruption to both land and sea traffic while systems were restored.

Ports can be targeted by different classes of attackers who have different motivations, depending on their objectives, and these can vary both between groups and over time. Attackers will use whatever mechanism gets them to their goals as easily as possible, within the constraints of their capabilities.

The ways in which technology and automation have been rapidly adopted to improve port operations and efficiency can only be a good thing. However, it is important that as it is adopted, the risks that it might introduce are considered in a holistic and realistic way, commensurate with the threats present in the environment you operate in.

It’s important to stay up to date with the latest threats to your business and Nettitude provides independent assurance and threat-led maritime cyber security services to marine and offshore organisations around the globe.

IMS

Go Back


Website by: Xpoteck