Protecting American Ports

By Jay Smilyk, VP of Americas, NanoLock Security

Recent incidents underscore the reality of cyber risks facing the maritime industry. An attack in January 2023 successfully deployed ransomware against a major ship software supplier, affecting around 1,000 vessels. Det norske Veritas (DNV), a Norwegian maritime giant, stated that it was targeted with ransomware, forcing them to shut their IT servers down due to their connection to their ShipManager system. This incident came only two months after Alejandro Mayorkas, the U.S. Secretary of Homeland Security, stressed to Congress that the most significant threat to U.S. ports are cyberattacks.

More recently, DP World Australia was subjected to a cyberattack, which resulted in the closure of their operations for three days. To put this in perspective, DP World Australia is responsible for managing about 40% of the nation’s goods. These incidents highlight the alarming vulnerabilities underlying maritime operations.

Interconnected IT and OT environments manage cargo flows, engineering functions and even navigation, making ports prime targets for attack. This can be done by compromising devices such as programmable logic controllers (PLCs), an industrial-grade computing device engineered to manage tasks such as assembly lines, robotic operations, and other functions that demand high reliability and straightforward programming. To truly minimize these risks, organizations must strengthen device-level protection across all generations of equipment.

According to experts from the cyber risk advisory firm ABS Group, the convergence of IT and OT is already well underway across ports and vessels alike. This introduces risks spanning from ransomware to phishing campaigns that could propagate through remote access pathways.

More specifically, architectural diagrams revealed safety-critical OT systems linking to other networks, such as crew welfare systems, increasing the potential scale of incidents. Although port and ship operators could manually overcome some propulsion and/or navigation issues caused by targeted attacks, the concern lies with adverse impacts to critical safety functions. These attacks may go unnoticed, endangering operations, reliability, and human safety.

Such risks highlight gaps that legacy OT devices, including PLCs, frequently suffer from weak passwords, which are known to be shared amongst multiple technicians, and a lack of multifactor authentication (MFA) or modern access policies. Upgrading or isolating old legacy PLCs proves difficult as well, hampering operational manageability if attempted. Current PLC vendors offer protections that prove to be limited, allowing attackers potential paths to manipulate critical port or shipboard processes should device credentials become compromised.

The best way to protect critical maritime infrastructure is by implementing a tailored OT cybersecurity solution at the device level. By protecting individual PLCs, organizations can safeguards their port and/or maritime environments. Organizations should also pursue implementing solutions that employ MFA. This helps block unauthorized parameter or logic changes even following a breach of passwords or users. In addition, audit trails grant visibility down to specific actions on protected controllers to accelerate incident response while integrated backup facilitates recovery of configurations.

Implementing zero trust protection directly on maritime OT assets is a critical component of OT cybersecurity, complementing strategies focused on network protection to effectively defend critical infrastructure. By directly securing PLCs and other devices, port authorities and vessel operators restrict the potential scale and depth of cyber incidents. With threats rapidly evolving, isolated safeguards at the device level provide robust frontline defenses for sustaining port operations, protecting workers and keeping global commerce flowing.

 

Jay Smilyk has more than two decades of experience in technology. He has held executive positions, serving as CRO of Tripleblind and Sepio Systems. Before that, he was the Eastern Regional Director of Sales for Vectra Networks. Jay previously served as VP of Sales at Safend, where he built a team of security professionals to bring endpoint data protection solutions to the US market.