The U.S. Department of Homeland Security/Office of Cyber and Infrastructure Analysis (DHS/OCIA) produces Critical Infrastructure Security and Resilience Notes in response to changes in the infrastructure protection community’s risk environment from terrorist attacks, natural hazards, and other events. This note examines the potential for malicious actors to use cyber capabilities to disrupt operations at U.S. commercial seaports and the impact major disruptions would have on other critical infrastructure sectors. The networks examined include those used at seaports and aboard vessels. Although this note will mention the previous actions of malicious actors, it will not analyze their current intent and capabilities regarding seaports. In addition, this product will not examine exclusive U.S. Department of Defense and the Defense Industrial Base Sector port facilities. This note supports DHS leadership; federal, state, and local agencies; and private sector partners.
Unless cyber vulnerabilities are addressed, they will pose a significant risk to port facilities and aboard vessels within the Maritime Subsector. These potential vulnerabilities include limited cybersecurity training and preparedness, errors in software, inadequately protected commercial off-the-shelf technologies and legacy systems, network connectivity and interdependencies, software similarities, foreign dependencies, global positioning system jamming-spoofing, and insider threats.
A cyber attack on networks at a port or aboard a ship could result in lost cargo, port disruptions, and physical and environmental damage depending on the systems affected. The impact to operations at a port, which could last for days or weeks, depends on the damage done to port networks and facilities.
The impacts to critical infrastructure sectors depend on how a cyber attack affects a port, the level and length of disruption that occurs at the port, and the capability to divert shipments to other ports. Although all sectors rely to some degree on the goods that transit U.S. ports, those most likely to be affected by a port disruption are the Critical Manufacturing, Commercial Facilities, Food and Agriculture, Energy, Chemical, and Transportation Systems. If more than one port is disrupted concurrently by a cyber attack, a greater impact to other sectors of critical infrastructure is likely to occur.
Several mitigation measures can increase the security and resiliency of ports: setting up maritime cybersecurity standards, sharing information across the sector, conducting routine vulnerability assessments, using best practices, mitigating insider threats, and developing contingency plans for cyber attacks.
If unaddressed, cyber vulnerabilities could pose a significant risk in port facilities and aboard vessels within the Maritime Subsector. These potential vulnerabilities include limited cybersecurity training and preparedness, errors in software, inadequately protected commercial off-the-shelf technologies and legacy systems, network connectivity and interdependencies, software similarities, foreign dependencies, GPS jamming or spoofing, and insider threats.
LIMITED CYBERSECURITY TRAINING AND PREPAREDNESS
A lack of emphasis on cybersecurity training and preparedness at ports and aboard ships increases cyber vulnerabilities because reduced awareness by personnel increases the potential for malicious activities and limits best practices. Personnel, not properly trained, may unintentionally allow a malicious actor network access through malware delivered through an email, Website, or other means. In addition, affected businesses will likely be less capable of effectively responding to and recovering from malicious cyber activity than a business that maintains a cyber incident response plan.
INADEQUATELY PROTECTED COMMERCIAL OFF-THE-SHELF
TECHNOLOGIES AND LEGACY SYSTEMS
Modern ICSs often use commercial off-the-shelf technologies that are network-based and connected to other systems. In addition, standard operating systems, such as Windows and Linux in ICSs, use has increased. These devices and systems require software updates and replacement when device manufacturers or information security researchers discover technical vulnerabilities, or ICSs become increasingly vulnerable.
Many SCADA systems on ships and in ports are much older than other information systems and were designed before cybersecurity was a common consideration. Despite this, these systems are more likely to be integrated with newer networks for remote access, increasing their exposure to malicious actors. Although reliance on archaic technology can (in a minor way) assist the security of a system because malware or other exploits are not written to compromise older technology, malicious actors who have advanced cyber capabilities could recognize these vulnerabilities and target such older technology.