Page 32: of Maritime Reporter Magazine (September 2018)

PORT & SHIP SECURITY

MR9 Feature SECURITY Tish Keefe rics, ? rewalls, authentication, encryp- the port community. “If something hap- ports in the last two years: 3074 tion, passwords, anti-virus and anti- pened today and you go into a court and • The best-known incident was malware programs. That’s a staggering you haven’t trained your mariners in the the “notPetya” malware outbreak in Oc- amount of technology, and every bit it basics of cyber hygiene, it will be hard tober 2017, which struck A.P. Moller- 1963 words in body constitutes a potential threat and must be to plead ignorance: ‘Oh we did not know Maersk’s IT department, and through

Ports Pushed to Up Cyber Security assessed and secured. we were hacked,’ It won’t ? y,” warns that, it’s APM terminals at ports world-

Resilience planning, Info Sharing Take Adding to already existing risk within Shoultz, adding “The folks who manage wide, including at Los Angeles, Long

Spotlight a company or the port as a whole, are all legal and insurance need to worry about Beach and NY/Newark. The shut down the external links to internal systems, this, not just tech guys.” there and at other ports, and the ensuing

Cut (( Ask Nicole )) the advent of autonomous vessels, the In September 2016, then U.S. Coast cleanup of backlog, cost Maersk around

MarineCFO CTO Dean Shoultz internet of things, the ubiquity of smart Guard (USCG) Rear Adm. Paul Thom- $300 million. phones and other mobile electronics, and as, assistant commandant for prevention • Last month’s cyber attack tar- cut AdobeStock_135187239 even the trend toward creating a single policy, summed up the conundrum fac- geting COSCO US, the American arm © kras99/AdobeStock portal through which members of a ing the nation’s ports while speaking at of Shanghai- based Cosco Shipping port’s supply chain can access multiple a forum on cyber resilience. “The reason Holdings, took out email and disrupted cut AdobeStock_88348922 systems that our marine transportation system telephone communications at its cus- © Bits and Splits/AdobeStock It’s enough to make you ask is whether is ef? cient and productive is because it tomer service center at the Port of Long the ports can, really, ever be made cy- is highly automated, and it’s becoming Beach, and also impacted the company cut AdobeStock_153083387 ber secure. “We ask ourselves that ev- more and more so. Cyber is how we are in Canada, Panama, and South America. © vectorfusionart/AdobeStock ery day,” quipped Todd Epperson, port operating today, and more and more we COSCO connected with clients through security specialist for the USCG/Sec- need to ? gure out how to manage that conventional communications and social

By Patricia Keefe tor Upper Mississippi River. He noted risk,” said Thomas. media and never shut down. Armed with that securing inland river ports involves Every business sector is using tech- a contingency plan, the company iso- “Oh what a tangled web we weave, tackling facilities that stretch 70, 80, 90 nology to drive ef? ciencies, productiv- lated the affected network, tested other when ? rst we practice to deceive.” That miles, and encompass 100s of business- ity and pro? t, but few are as vital to the regions for signs of the infection and old chestnut gets turned on its head when es, many small operators – a world away national economy and the ? ow of goods transferred and conducted operations via it comes to port cyber security. It’s more from their coastal cousins. and materials as is the country’s system remote access, to ensure continuous ser- like “Oh what a tangled web we’ve wo- of ports. vice in the Americas.

ven, so much harder to stop data stolen.” One Pinpoint One of the nation’s most critical in- • Also last month, shipbroker

Ports today have the physical aspect of A weak spot at any point in the supply frastructures, the maritime port system Clarksons revealed it discovered a cyber security pretty well nailed shut - gates, chain digital network could be all a bad employs more than 23 million people, breach in November 2017, which had locks, fencing, alarms, cameras, drones, guy needs to in? ltrate the port systems. encompasses more than 25,000 miles opened up 5 months earlier, gaining an etc. As Chris Mason, Rajant Corp.’s di- “All it takes is one person who has not and includes 360 coastal and inland ports unauthorized person access to certain rector of sales for EMEA, notes, “Every been trained to not click on a link, and that account for an estimated 90% of US company computer systems in the U.K., port I’ve ever been to has signs of physi- that’s it, [a bad guy] is now in,” says trade, 26% of the world consumer mar- where they copied data, and demanded cal security – it’s the classic physically MarineCFO CTO Dean Shoultz. Once ket, and at least $1.3 trillion in cargo. a ransom for its safe return. Using com- secure environment.” in, malicious software can be launched puter forensics, it was discovered the

It’s much, much more complicated behind the ? rewall and the cyber intrud- Country First break-in was perpetrated through an iso- on the cyber side of the coin. Ports to- er is free to ri? e through ? les looking for If the port communities aren’t worried lated user account, which was disabled. day are comprised of many varied busi- ? nancial data, competitive information for their businesses (and they should be), Eventually, Clarksons recovered a copy nesses operating via an immense tangle or the email of key company executives. consider that from both an economic of the stolen data. It is now contacting of open and proprietary networked and Shoultz recounted the case of “one and a terrorism standpoint, those ? gures potentially affected individuals. automated systems supporting all sorts of the larger operators on the market,” make the U.S. system of ports, individu- of data storage; back of? ce scheduling, where an intruder sent out a wave of ally and together, prime targets. A cyber invoicing, cargo manifests, compliance emails that appeared to come from one attack that successfully brings a terminal A Look Behind the Curtin reports, client data; logistics and supply of the company’s bigger customers, or port to its knees, and stops the ? ow But the real story lies in what hasn’t chain software; cargo movements, video, claiming it needed to see an invoice. of goods and materials, even brie? y, can happened. Port of Los Angeles executive and connections to and between different Just one person clicked on it, allowing have a devastating effect on the national director Gene Seroka, told a congres- terminals and transportation modes - on an intruder to hijacked the CEO’s email economy. And because no port is an is- sional committee at an October 2017 land and at sea. There’s voice and data address and send a message to the pur- land, the ripple effect across other ports hearing in the wake of the Maersk inci- communications over wireless, wired, chasing agent, requesting that she wire a as vessels get backed up waiting to dis- dent, that its cyber security center stops radio, satellite networks etc., compet- large sum of money to a vendor for some charge and pick up cargo, can be equally “20 million” cyber-intrusion attempts ing in some cases with interference from service. Fortunately, the agent thought painful. monthly. That’s an average of seven to vendor, client, crew and area frequency the request strange, and checked on it. There have been several cyber inci- eight attacks a second. Similarly, the signals. And there is security – biomet- Ignorance is no longer an option for dents of note impacting U.S. and other Port of Long Beach was beating back 30 32 Maritime Reporter & Engineering News • SEPTEMBER 2018

MR #9 (26-33).indd 32 MR #9 (26-33).indd 32 9/5/2018 11:37:57 AM9/5/2018 11:37:57 AM