The cyber attack on APM Terminals in June 2017 certainly has left a mark in the industry. What has happened since then? What are operators doing to make their terminals safe?
Back then, ransomware »NotPetya« had infected the IT systems of 17 of APMT’s terminals worldwide, encrypting files and knocking out[ds_preview] terminal operations and communication. The financial damage was estimated to be in the range of 200 to 300mill. $. »It’s a wake up call for critical infrastructure sectors to pay more attention to cyber security,« a spokesperson for terminal giant DP World tells HANSA.
The APMT incident was followed by an attack on shipping line COSCO’s office systems in America in July last year and in September of 2018, the port of San Diego was hit – »mainly an administrative issue and normal Port operations are continuing as usual,« the port stated back then. »The threat environment is becoming increasingly dangerous with security events (leading to incidents) and malicious software a major issue. Attacks in the supply chain sector raise issues of confidentiality, integrity and availability of terminals,« the DP World representative says. The company sees the effectiveness to identify and resolve security incidents as »key considerations to mitigate reputational risks and ensure regulatory compliance«.
DP World looks at a range of solutions such as identifying and resolving advanced threats in an accelerated manner, improving the balance between security technologies and processes. Securing applications from potential attacks; mature security posture in a predictable manner while ensuring effective compliance and optimising the return on security investments (ROSI).
»We focus on three aspects: information technology (IT), along with business and support units, for implementing new tools; information security (IS) for devising a defence strategy and program; and internal audit (IA) for providing an independent and objective view of the program to executive management,« the company tells HANSA and claims it has not fell victim yet: »While there are cyber-attacks happening every day across the world in every sector of business, we have not seen any successful security breaches within our own network. We have implemented a robust cyber security framework to prepare, detect, respond and defend against them.«
As it can be assumed for the APMT incident, attackers are not targeting the maritime industry directly, yet. In 2017, a range of companies was hit along with APMT and Maersk Line, French railway company SNCF was hit as well as pharmaceutical company Merck among many others. DP World comments: »Attackers always look for the weakest link within an organization to get into its network. We have not seen any targeted attack on terminals specifically. Attackers use phishing techniques or exploitation of any known vulnerability to get into organization network and impact the terminal operations.« The company also admits that »no one is completely immune to cyber-attacks«.
The US Coast Guard has just recently issued a security bulletin warning of new phishing email and malware attacks that are aimed at the shipping industry. Besides reports of malware designed to disrupt ships’ IT systems, the USCG warns of hackers using email addresses that pose as official addresses of Port State Control authorities. »Cyber adversaries are attempting to gain sensitive information including the content of an official Notice of Arrival (NOA) using email addresses that pose as an official Port State Control (PSC) authority,« the USCG statement said.
Let’s (not) talk about it
Information exchange is critical to effectively counteract cyber crime, before and after it happens. DP World states it takes part in many conferences where emerging threats and new risks are discussed and reviews new initiatives taken by peers: »We have joined a number of technical forums on cyber threat intelligence.«
Terminals and ports do not operate separately from other supply chain partners. Thus, a collaborative approach seems to be the way to go, even more so, as operations and systems become increasingly interconnected. One example would be the Port of Los Angeles’ cross-sector Cyber Resilience Center, where shipping lines, terminal operators, railroad companies, labour and representatives from the trucking industry collaborate in order to address cyber security threats.
»In partnership with our maritime industry stakeholders, we have the opportunity to enhance the ability of the port ecosystem to see cyber threats on the horizon and improve information sharing to help manage respective, and collective, cyber risk,« said Gene Seroka, Executive Director of the Port of Los Angeles said in April, when the CRC was inaugurated.
»Ports are a key part of a complex system that must address cyber risks,” said Tom Gazsi, Deputy Executive Director and Chief of Public Safety and Emergency Management. “Over the past few years, we have seen how cyber incidents have impacted some ports across the world, threatening the operations of the entire maritime supply chain. That’s why we’re taking a collaborative approach to strengthen our cyber security posture.«
In mid-May, the Maritime and Port Authority of Singapore (MPA), has opened a new 24/7 Maritime Cybersecurity Operations Centre (MSOC) that will be operated by ST Engineering. The objective of MSOC is to strengthen Singapore’s maritime cyber security posture through early detection, monitoring, analysis and response to potential cyber-attacks on maritime CIIs.
The MSOC will conduct 24/7 monitoring and correlate data activities across all maritime Critical Information Infrastructure (CII). It will have the capability to detect and monitor cyber-attacks by analysing activities in the IT environment. It is also designed to detect anomalies and threats and respond to the cyber security incidents using available technology solutions. This will allow MPA to work closely with chartered insurance institutes (CII) to ensure the protection of maritime CIIs and investigate any cyber security threat or incident. MPA will also build key data linkages between MSOC and Port Operations Control Centre in order to respond to cyber incidents in a more holistic and timely manner.
Beyond setting up MSOC, MPA has also put in place other initiatives to strengthen the cybersecurity readiness of the maritime sector. To better equip maritime professionals with the relevant cybersecurity skills, MPA has collaborated with Singapore Shipping Association and Singapore Polytechnic to develop a new »Maritime Cybersecurity (Intermediate) Training Course« for maritime personnel to enhance their knowledge in managing cyber threats and challenges. This one-day course will be built upon the existing basic course where participants will learn more about cyber risk management and counter-measures from a practitioner’s perspective. This new course will be rolled out in first half of next year.
MPA has also collaborated with the Singapore Maritime Institute and other local institutes to embark on a Maritime Cybersecurity Research programme that will focus on the protection of shipboard systems to mitigate cyber threats.
While some players chose talking about cyber risks and incidents, another strategy against cyber risks seems to be not talking about the issue at all – at least not to the press. HANSA also reached out to Singapore terminal operator PSA International who was not able to answer any questions regarding cyber security »due to the sensitivity of the topic«. APMT was not available for comment as well, emphasizing the need to protect themselves by not sharing any information on what processes and products they have implemented since the 2017 incident.
