Ports are just as vulnerable to cyber-attacks as any other maritime assets.
To counter the threat, North America’s largest port, the Port of Los Angeles, unveiled an IBM-run Cyber Resilience Center in late January. It allows about 20 ports worldwide to share cyber-threat indicators and possible defensive tactics.
Los Angeles, which handles nearly 11m teu of containerised cargo per year, unveiled in 2014 a cybersecurity operation centre designed to protect it and its internal networks.
“Now more than ever, it’s vital that we secure our supply chain and critical infrastructure from the threat of intrusions, particularly those that could disrupt the flow of goods across our nation,” executive director Gene Seroka says.
“Over the past two years we’ve witnessed upwards of 40m intrusion attempts per month, double what it was before Covid.”
The platform, which “is tested around the clock every day”, also serves as a hub for the port to receive, analyse and share information among terminal operators and shipping lines.
It provides access to IBM’s X-Force Threat Intelligence cyber security programme and will conduct tabletop exercises and annual training.
It is difficult to detect Russian cyber-threats, but the US Federal Bureau of Investigation and the Sicilian government have noticed Russian internet addresses trolling US energy companies, according to Cisco Systems cyber security strategist Andrew Stewart.
“We’re seeing things as they happen and sharing that on the private and public sector sides as quickly as we can,” he tells TW+.
Cisco posts real-time cyber-threats on its Talos Intelligence website for its port clients, which Stewart says include some of the world’s largest ports in the US, Europe and Asia.
What makes cyber-threats so hard to pick up and defend against is the cunning mentality of the actors behind them, whether state-sponsored or independent.
“Russia tends to blur the line between criminal gangs and government, so most cyber security experts say it’s very hard to understand the mindset,” Stewart says.
And it’s changing all the time: “Something that’s on the table today might be off the table tomorrow.”
Hackers have realised they do not have to orchestrate hugely destructive cyber-attacks to significantly disrupt a company or industry.
The attack on the US Colonial oil pipeline system last year, “being able to just disrupt things at the enterprise level in terms of billing or scheduling, could have pretty disruptive results”.
Stewart is unaware of major issues at the moment, but adds: “I probably wouldn’t be at liberty to say if I were.”
The good news is that ports are often easier to protect than a laptop computer that is used to roam freely around the internet.
“In many respects, those port interactions are more static, so you can actually lock them down.”