Locomotives, airplanes, container ships and bulk freighters,
long-haul and short-haul trucks, anything that rolls, flies, or floats. No
matter the vehicle, and no matter how it’s powered, chances are a port plays a
critical role in beginning or ending its journey. From paying more at the gas
pump to finding things from baby formula to cat food, we have witnessed
firsthand what happens when the push and pull of supply and demand starts to
break down. Ports are dedicated to ensuring that supply meets demand both in
terms of finished goods and the raw materials for making them. When they break
down, the ripples spread across the entire economy.
At this moment, on the periphery of the crisis unfolding in
Ukraine, major bulk fuel suppliers in the ports of Antwerp and Hamburg are
experiencing work stoppages because of cyber attacks. Regardless of the motive
or responsible party, what occurred this week is an explicit example of how bad
actors use attacks such as these to take advantage of a dire situation. While
this attack may not have been on our shores, it can directly impact the United
States’ and its allies’ ability to operate in the region, as well as apply
needless stress on an already taxed economy.
The American Association of Port Authorities (AAPA)
highlighted in Congressional testimony the role cyber security plays in
securing our ports. AAPA’s President Chris Connor recently emphasized that the
dual threats of ransomware and COVID-induced supply and staffing stresses have
“revealed what is already a problem…ship and port systems are connected to each
other or the internet. A critical attack on any of these systems could have
devastating economic consequences or even lead to the loss of life.”
This is not an exaggeration. The efficiency of current
global economic systems is due in large part to interconnectedness and advanced
analytics, both of which are powered by cyber infrastructure that is now
thoroughly enmeshed with traditional port infrastructure. Connor further noted
that “the maritime transportation system needs resources to harden their IT
systems to prevent attacks and to respond appropriately when an attack does
occur.”
The bad news is we have a problem, but the good news is we
generally know what we need to address this: more resilient networks combined
with better cyber detection and response capabilities.
The exact scope and scale of implementing this solution will
differ from port to port, but through financial programs such as the Department
of Homeland Security’s Port Security Grant Program and resources from the
Office of Maritime Security at the Department of Transportation, the work can
and must begin now.
Ports have played a crucial role in America’s growth and
role in the world since its founding, but a time has come when these engines of
economic and social power might become vulnerable in a crisis. Not all critical
infrastructure is equally critical, and ports have the potential to be just as
devastating when compromised or degraded as they are constructive when they are
operating at their full potential. Malicious cyber actors are noticing that the
toxic mix of ransomware, epidemics, and geopolitical instability in places like
Ukraine, the South China Sea, or the Persian Gulf can make even simple attacks
extremely effective.
It will not matter if our power grid is resilient if it
can’t get the coal and natural gas to feed it. It will not matter how secure
our smart devices are if they are sitting in shipping containers. It will not
matter how cheap gas is if the pipelines that carry it are not functioning. And
finally, it will not matter how much money is earmarked for addressing cyber
security at ports if it is not spent wisely, and more importantly, before a
crisis arrives, and judging by events in Europe, it may already be upon us.