Robust Cybersecurity Solutions for Maritime Transportation

With growing cyberthreats to the public and private sectors, the transportation industry remains one of the major targets for cyberattacks. Most of these attacks are designed to gain access to sensitive data that contains financial and personal information.

One of the most common targets in the transportation sector is the maritime industry, which contributes to a quarter of the United States’ gross domestic product (GDP) as reported by the White House National Maritime Cybersecurity Plan. A successful cyberattack can cause disruption to daily operations, leading to significant economic impact worldwide. Cyberthreats are not only restricted to vessels and shipping companies; maritime ports and terminals have also been victims of cyberattacks.

Security Vulnerabilities

Vulnerabilities have been identified in industrial control systems (ICS) and operational technology (OT), such as GPS, alarm systems, satellite communications, automatic identification systems (AIS) and vessel integrated navigation systems (VINS).

According to maritime reports, vessels are used to transport 90% of global products, and GPS is a critical part of transportation at sea. GPS is used to identify the location of a ship using network satellites. It has been found to be vulnerable to jamming, a method to interfere with radio communication and prevent personnel from locating vessels, which can result in collisions.

Organizations should develop strategies, such as configuration of systems that can send alerts when anomalies are detected and constant monitoring of GPS data and cyberawareness processes that can help operators identify threats. ICS and OT systems should be assessed for security vulnerabilities and adequate measures should be taken to identify and immediately address threats.

Port Security

One lesson from 2020 is that a pandemic like COVID-19 can create more opportunities for hackers to target companies. The pandemic has a significant economic impact on organizations, and having to deal with a ransomware attack exacerbates challenges. Ports are not immune to ransomware attacks. In fact, Washington’s Port of Kennewick confirmed that it fell victim to an attack in which the attackers placed strong encryption on the port’s servers and demanded funds to restore access to the servers. Although the port had previously taken steps to provide a safe and secure infrastructure, hackers were still able to find ways to access its servers.

Ports are increasingly adapting to digital transformation, but the use of modern technology increases the attack surface, giving hackers more opportunities to exploit vulnerabilities.

Countermeasures Against Cyberattacks

Cybercriminals will continue to target the transportation sector. Methods of attack are becoming more sophisticated and organizations must adopt robust cybersecurity programs. Companies can protect their data and prevent disruptions by employing a defense-in-depth approach in which several layers of security controls are implemented along with the following risk mitigation techniques:

Vulnerability assessments: Assessing the cybersecurity posture of the information technology (IT) and OT infrastructure can help identify risks and vulnerabilities that exist in systems. Asset inventory is a critical part of the vulnerability assessment.

Proper network segmentation: Network attacks are unavoidable, and proper network segmentation techniques can help organizations withstand the impact of such attacks. When a network is segmented, barriers are placed between systems to prevent them from communicating with each other. If a segment of the network is accessed without permission, the unauthorized user is then prevented from leveraging that access to pivot into another segment of the network. Once a network is segmented, it decreases the attack surface and contains threats, providing network admins more time to investigate the attack and prevent it from compromising other systems.

Cybersecurity awareness training: Cybersecurity awareness should be a mandatory practice across all sectors of the transportation industry. Employees are the weakest link when it comes to cybersecurity incidents, and unintentional negligence can have big consequences. Basic training such as phishing awareness, tabletop exercises and password complexity can highly reduce risks but that alone is not enough to cover all aspects of security.

Building a Secure Maritime Infrastructure

Securing systems and networks can be challenging and requires time, effort and resources. To achieve that goal, it is necessary to have an actionable plan that identifies and addresses vulnerabilities that could potentially result in a cyberattack. Carnival Cruise Line recently announced that it had been a victim of a ransomware attack in which attackers gained access to its systems and stole personal information of employees and customers. Although no plan or strategy guarantees complete protection, having an actionable plan that addresses the vulnerabilities could have prevented the possibility of the ransomware attack being successful.

When it comes to cyberresilience, it is important to have an incident response program that defines processes for continuous operation of vessels in the event of a cyberattack; it is also important for business continuity, as such attacks also affect employees and customers. Port authorities and maritime companies must adopt a constant threat monitoring and detection approach that can prevent disturbance to operation, processes and procedures.

Jeffrey Macre, CEH, CISSP, PMP, MBA, is a cybersecurity sector lead at 1898 & Co., part of Burns & McDonnell.