Shipping and the supply chain may be the next to face the threat of cyber attacks

by Carol Miller, MHI VP of Marketing and Communications

U.S. maritime ports handle more than $1.3 trillion in cargo annually. The operations of these ports are supported by information and communication systems, which are susceptible to cyber-related threats. Failures in these systems could degrade or interrupt operations at ports, including the flow of commerce, according to a recent report from the U.S. Government Accountability Office (GAO) titled MARITIME CRITICAL INFRASTRUCTURE PROTECTION – DHS Needs to Better Address Port Cybersecurity.

In response, the International Maritime Bureau (IMB) is calling for vigilance in the maritime sector as it emerges that shipping and the supply chain is the ‘next playground for hackers.’

According to the IMB, the threat of cyber-attacks on the sector have intensified in the past few months, with cyber security experts and the media alike warning of the dangers posed by criminals targeting carriers, ports, terminals and other transport operators.

For example, hackers often make use of social networks to target truck drivers and operational personnel who travel extensively to ascertain routing and overnight parking patterns. The criminals were looking to extract information such as release codes for containers from terminal facilities or passwords to discover delivery instructions.

According to the GAO report, actions taken by the Department of Homeland Security (DHS) and two component agencies, the US Coast Guard and Federal Emergency Management Agency, as well as other federal agencies, to address cybersecurity in the maritime port environment have been limited.

Wil Rockall a director in KPMG’s cyber security team highlights that the cybersecurity of maritime control systems are controlled by engineers and not chief information security officers (CISOs) or chief information officers (CIOs). Lacking security controls, these systems are vulnerable to hackers.

“Most ports and terminals are managed by industrial control systems which have, until very recently, been left out of the CIO’s scope, says Rockall. “As a consequence, the improvements that many companies have made to their corporate cyber security to address the change in the threat landscape over the past 3-5 years have not been replicated in these environments.”

Click here to view the GAO report.