The current global backlog of container ships waiting to be unloaded showcases the criticality of large ports to world commerce and national economies. This logjam will eventually be broken and things will go back to a relative normal. But what if a port becomes a conduit to a far more serious threat?
The safety and security of port operations is critical to both a nation’s economy and its sovereignty. Consider the impacts of the immense August 2020 explosion at the Port of Beirut, Lebanon. Tragically, more than 200 people were killed; the blast created massive toxic waste, destabilized the country’s shipping infrastructure, and damaged the cautious rebuilding of confidence in Lebanon as a secure port of operations for international trade and commerce.
Pipelines transporting essential resources are also inextricably tied to ports, as imports and exports on which economies depend move by ship. In just one recent incident, the May 2021 Colonial Pipeline ransomware attack shut down fuel distribution for most of the Eastern United States. The result was gas shortages and price spikes that lasted for months.
Given these recent glaring examples, it’s easy to see that government- and privately-owned port authorities, transportation agencies, regulators, and a multitude of private-sector industries that transit ports all have a vested interest in ensuring port safety. That compels a holistic approach to protecting port infrastructure, including its information technology. And that means protections against cyber threats.
Floating Attack Vectors?
It is common for a foreign-flagged vessel that enters a port of call to both physically and logically connect into the port’s infrastructure for the duration of its stay. That single-point connectivity provides commercial-grade power, telephony and digital communications, and even cable TV to entertain the ship’s crew. Through that connection, the vessel is tying directly into an unfiltered power source, becoming part of the national grid. If there is no regulation to ensure that the port’s power environment is isolated, potential hostile actors then have full and free access to the grid through which to execute attacks – either on the host country, or on other countries’ vessels connected into the same port infrastructure. Think of it like an open internet café for ships.
Taking Preventive Steps
There is nascent but growing recognition of the importance of cyber protections for port operations. One leading example is the United Arab Emirates Critical Infrastructure and Coastal Protection Authority (CICPA). Its mission is ensuring that importing, distributing, and exporting natural resources that drive the UAE’s economy are handled through safe, free, and open operations.
That kind of effort is critical for every country with port operations to pursue. This idea is not new; it is comparable to the layers of protections against other types of attacks that ports have long adopted. Cargo is regularly inspected for contraband and human trafficking. Patrol boats monitor small vessels like fishing boats transiting port waters to prevent more attacks like the 2000 bombing of the USS Cole in Yemen’s Port of Aden. Yet there is no similar infrastructure assessing a vessel’s potential to execute a digital or electrical attack inside a host country.
Recent events show the urgency of addressing this significant security gap. These best practices will help all responsible parties move toward that goal:
- Accept that safeguarding requires public-private partnership. There must be a well-thought-out plan in which all stakeholders – public and private sector – are equally committed, equally involved, and assume equal ownership in ensuring successful outcomes.
- Apply a proactive, thoughtful and layered cybersecurity approach. No one solution can do everything; the effort will need to involve different types of technologies and processes. Assess where points of vulnerability exist and layer in protections accordingly. Traditional software-based firewalls and detection tools will remain necessary, but can be difficult to patch and maintain, thereby creating vulnerability. So for the most critical exchange points, such as those involving operational technology (OT), also consider the use of hardware-enforced security such as one-way data transmission devices. Then, once protections are in place, continually test their effectiveness, and adjust as needed.
- Consistently invest in training all personnel who operate in ports. Run through various scenarios on what could potentially happen, so workers have appropriate procedures ready to contain a problem or mitigate a threat if necessary. Many ports already do this for containing small environmental safety issues; extend that practice to planning for cyber-attacks.
Ports and pipelines truly are pivotal components of global critical infrastructure. Those responsible for managing these assets, and those whose livelihoods depend on them, must all take up the cause of securing these vital resources, wherever in the world they are. Our economies and our way of life depend on it.