With growing cyberthreats to the public and private sectors,
the transportation industry remains one of the major targets for cyberattacks.
Most of these attacks are designed to gain access to sensitive data that
contains financial and personal information.
One of the most common targets in the transportation sector
is the maritime industry, which contributes to a quarter of the United States’
gross domestic product (GDP) as reported by the White House National Maritime
Cybersecurity Plan. A successful cyberattack can cause disruption to daily
operations, leading to significant economic impact worldwide. Cyberthreats are
not only restricted to vessels and shipping companies; maritime ports and
terminals have also been victims of cyberattacks.
Security Vulnerabilities
Vulnerabilities have been identified in industrial control
systems (ICS) and operational technology (OT), such as GPS, alarm systems,
satellite communications, automatic identification systems (AIS) and vessel
integrated navigation systems (VINS).
According to maritime reports, vessels are used to transport
90% of global products, and GPS is a critical part of transportation at sea.
GPS is used to identify the location of a ship using network satellites. It has
been found to be vulnerable to jamming, a method to interfere with radio
communication and prevent personnel from locating vessels, which can result in
collisions.
Organizations should develop strategies, such as
configuration of systems that can send alerts when anomalies are detected and
constant monitoring of GPS data and cyberawareness processes that can help
operators identify threats. ICS and OT systems should be assessed for security
vulnerabilities and adequate measures should be taken to identify and
immediately address threats.
Port Security
One lesson from 2020 is that a pandemic like COVID-19 can
create more opportunities for hackers to target companies. The pandemic has a
significant economic impact on organizations, and having to deal with a
ransomware attack exacerbates challenges. Ports are not immune to ransomware
attacks. In fact, Washington’s Port of Kennewick confirmed that it fell victim
to an attack in which the attackers placed strong encryption on the port’s
servers and demanded funds to restore access to the servers. Although the port
had previously taken steps to provide a safe and secure infrastructure, hackers
were still able to find ways to access its servers.
Ports are increasingly adapting to digital transformation,
but the use of modern technology increases the attack surface, giving hackers
more opportunities to exploit vulnerabilities.
Countermeasures Against Cyberattacks
Cybercriminals will continue to target the transportation
sector. Methods of attack are becoming more sophisticated and organizations
must adopt robust cybersecurity programs. Companies can protect their data and
prevent disruptions by employing a defense-in-depth approach in which several
layers of security controls are implemented along with the following risk
mitigation techniques:
Vulnerability assessments: Assessing the cybersecurity
posture of the information technology (IT) and OT infrastructure can help
identify risks and vulnerabilities that exist in systems. Asset inventory is a
critical part of the vulnerability assessment.
Proper network segmentation: Network attacks are
unavoidable, and proper network segmentation techniques can help organizations
withstand the impact of such attacks. When a network is segmented, barriers are
placed between systems to prevent them from communicating with each other. If a
segment of the network is accessed without permission, the unauthorized user is
then prevented from leveraging that access to pivot into another segment of the
network. Once a network is segmented, it decreases the attack surface and
contains threats, providing network admins more time to investigate the attack
and prevent it from compromising other systems.
Cybersecurity awareness training: Cybersecurity awareness
should be a mandatory practice across all sectors of the transportation
industry. Employees are the weakest link when it comes to cybersecurity
incidents, and unintentional negligence can have big consequences. Basic
training such as phishing awareness, tabletop exercises and password complexity
can highly reduce risks but that alone is not enough to cover all aspects of
security.
Building a Secure Maritime Infrastructure
Securing systems and networks can be challenging and
requires time, effort and resources. To achieve that goal, it is necessary to
have an actionable plan that identifies and addresses vulnerabilities that
could potentially result in a cyberattack. Carnival Cruise Line recently
announced that it had been a victim of a ransomware attack in which attackers
gained access to its systems and stole personal information of employees and
customers. Although no plan or strategy guarantees complete protection, having
an actionable plan that addresses the vulnerabilities could have prevented the
possibility of the ransomware attack being successful.
When it comes to cyberresilience, it is important to have an
incident response program that defines processes for continuous operation of
vessels in the event of a cyberattack; it is also important for business
continuity, as such attacks also affect employees and customers. Port
authorities and maritime companies must adopt a constant threat monitoring and
detection approach that can prevent disturbance to operation, processes and
procedures.