With the increased digitisation and computerisation of the world’s ports comes not only more efficient and smooth port operations – but it also opens up ports to small and large cyberattacks, some even with the potential to interrupting operations entirely.
By Kristian Bisc[ds_preview]hoff, Analyst at Risk Intelligence.
Increased attack surface
With everything from container management, invoicing, to coastal surveillance being run on networked computers, these elements have long been under threat from malevolent cyber actors. But now, as more and more operational systems (OT), like cranes, gates, tanks, pipelines etc. are becoming networked, the attack surface has expanded considerably. It is no longer an unthinkable scenario, where hackers target OT systems directly to achieve their intended goals, whether it is ransoming the systems or simply causing wide-scale disruption. Similarly, the networked nature of the ports now also means, that a cyber attack may cause port security to shut down large parts of their network to protect systems and users until the severity of the attack is determined and the threat isolated. This means that while the cyber attacks themselves may be relatively small, the overall impact on operations in the port may be significant.
Threat actors
Ransomware attacks are one of the most trending types of cyberattacks, but the attack profile against ports is somewhat uncertain. Traditional ransomware hackers, while potentially sophisticated in their approach, usually only have the simple goal of enriching themselves. While they may target business-critical systems, they rarely put their skills to specific causes, want publicity or large-scale disruption, and often shy away from harming regular people. Because of this, some ransomware hackers may judge that the longer-term impact of a port attack could be large enough on wider society to keep them from attacking ports.
Another threat actor relevant to ports are the state powers with cyber capabilities. Ports are central targets for disrupting adversary economies and supply chains, and in the event of a conflict – reinforcements, and supply lines. Still, it should be considered that when discussing states and threat actors, that ports are critical infrastructure, and a disruptive attack against a port could be observed as sabotage and an act of war. This is likely to limit such state-sponsored/-led attacks to existing conflicts or attacks as part of first strikes. The complexity required to carry out attacks is also likely to limit the scope of major attacks against ports.
Still, attacks against ports, smaller in scale or perhaps conducted as part of reconnaissance and the planting of APTs cannot be ruled out – with potential intrusions becoming critical as systems are shut down to contain it. This is also why cybersecurity remains a highly important part of the business continuity and security of ports and will be in the future.
For more information on this, download the Risk Intelligence whitepaper on port cybersecurity or watch Kristian Bischoff’s webinar on the subject. Go to: https://riskintelligence.eu/port-cybersecurity-resources
