No margin for errors in port cyber security
In early November 2020, the 20,400 TEU Ever
Grade was forced to skip its scheduled call at the UK’s Felixstowe port,
instead heading straight to Rotterdam and unloading UK-bound containers there
for onward transport via London Thames port. Similarly, the first call of CMA
CGM’s new ultra-large container vessel to Southampton was cut short with around
a thousand containers staying aboard until a later visit.
The UK’s port infrastructure has never before
been under such strain – the double challenges of COVID-19 and Brexit mean that
freight volumes are at an all-time high. This has caused significant backlog
with importers struggling to obtain their goods and factories pausing
manufacturing lines due to a shortage of component parts.
Although this is not the result of any kind
of malicious activity, it has sharply highlighted the significant impact that
port disruptions can have on the wider economy. With the global shipping
industry already under pressure, and the UK facing new challenges in 2021 as
the Brexit transition period has ended, addressing the risk to port
infrastructure from cyber-attack has never been more critical.
The risk is not just academic – 2020 has seen
the IMO, MSC and CMA CGM both attacked, and port infrastructure in the USA
targeted by ransomware. In Iran a cyber-attack on the Shahi Rajaee port,
allegedly carried out by Israel, cased significant disruption to both land and
sea traffic while systems were restored.
Ports can be targeted by different classes of
attackers who have different motivations, depending on their objectives, and
these can vary both between groups and over time. Attackers will use whatever
mechanism gets them to their goals as easily as possible, within the
constraints of their capabilities.
The ways in which technology and automation
have been rapidly adopted to improve port operations and efficiency can only be
a good thing. However, it is important that as it is adopted, the risks that it
might introduce are considered in a holistic and realistic way, commensurate
with the threats present in the environment you operate in.
It’s important to stay up to date with the
latest threats to your business and Nettitude provides independent assurance
and threat-led maritime cyber security services to marine and offshore
organisations around the globe.