Cyber security is becoming one of the primary issues for ports. In June 2017, A.P. Moller-Maersk fell victim of a global cyber-attack named Petya, which affected all Maersk business units, including container shipping, port and tug boat operations, as well as oil and gas production, drilling services, and oil tankers. The incident costed the company over USD 300mln in damages.
In total, 17 container terminals operated by APM Terminals were hacked, including two in Rotterdam and 15 in other countries.
September 2018 has brought new cases.
First, the Port Authority of Barcelona announced on 20 September that some of its computer servers were affected by a cyber-attack that morning, which might cause delays in cargo handling operations due to possible disruptions in the SICAD, the port’s customs control system. However, on 22 September, the port authority calmed the customers by reassuring that the problem involved only the internal IT systems, without giving out more details.
Ironically, just a few months prior to the incident, PierNext, Barcelona’s digital knowledge hub, published a review headed “Are ports prepared to deal with threats from hackers?”, outlining the main cyber-security challenges. To deal with them, the port of Barcelona has created the Technical Security Office, whose aim is to manage security incidents in both a preventative and reactive way. Who knows, maybe this initiative as well as “clearly defined security policies” helped the port efficiently overcome the recent attack, minimizing its effect.
The following week, on 25 September, the port of San Diego in California reported a serious cyber security incident involving ransomware.The port confirmed the receipt of the ransom note requesting payment in Bitcoin, although did not disclose the demanded amount. By the end of last week, the port issued an update saying that the port authority partners with the Federal Bureau of Investigation (FBI) and the Department of Homeland Security (DHS) on the investigation of the cyber-attack.
Randa Coniglio, Port of San Diego CEO, commented: “This is mainly an administrative issue and normal Port operations are continuing as usual. The Port remains open, public safety operations are ongoing, and ships and boats continue to access the Bay [San Diego Bay] without impacts… the Port has mobilized a team of industry experts and local, regional, state and federal partners to minimize impacts and restore system functionality. The temporary impacts on service to the public are in the areas of park permits, public records requests, and business services.”
Neither of the affected ports disclose any technical details of the incidents, so it is hard to say whether these two attacks are interrelated, made by the same person or group of people, and whether the port sector should expect a new assault soon. But obviously, these cases call for staying alert and adopting a structured approach to cyber security on the part of port authorities and terminal operators.
According to IT security experts, the usual weak points in any corporation are not many and involve a failure in regular IT maintenance of the company’s systems, such as using outdated software, neglecting regular updates and opening malicious files by employees, which they receive by corporate email.