Assessing cyber risks in ports

Further digitalisation in ports is increasing their vulnerability to hackers and cyber attacks. As more technology is linked to the internet, the frequency of these threats and chances of a successful breach increases.

Cyber security needs to be improved in ports before internet of things (IoT) is introduced into port infrastructure. With more automation in ports, some of these networks are overlooked by IT teams and could be vulnerable to hackers, said University of Plymouth, Faculty of Science and Engineering lecturer in cyber security Kimberly Tam.

She was speaking during Riviera Maritime Media’s ‘Where port security meets cyber security’ webinar. This was held at the beginning of Riviera’s Maritime Cyber Security Webinar Week, in association with Maritime Transportation System - Information Sharing and Analysis Center (ISAC), on 4 August.

Dr Tam, who is also academic lead of the university’s Cyber-Ship Lab, said even having back-up systems may not be secure enough.

“Our world is changing. There is more technology and possibilities to create new crimes, which is increasing cyber attack risks,” she said. There have been “leaps in autonomy and information sharing” that is creating vulnerabilities.

“We have seen cyber attacks on infrastructure, energy networks, ports and on port cranes,” Dr Tam continued. “As there is more remote monitoring with sensors, there are new devices that can be hacked.”

Supervisory Control and Data Acquisition (SCADA) networks are particularly vulnerable to hackers due to their weak defence. “SCADA networks get overlooked by IT specialists,” said Dr Tam.

More worrying for port operators is their inability to detect if there has been an intrusion into their IT, SCADA or IoT networks. Dr Tam said would-be hackers could be snooping inside servers undetected. “Hackers would need a lot of reconnaissance of maritime and port servers,” she explained. “We are unable to see who is inside these networks.”

Port operators may not know the intentions of potential hackers or ransomware until it is too late. Hackers could be inside servers to steal information, feed misinformation about manifests, or to input ransomware. “It is not just smash and grab,” said Dr Tam.

With more IoT application in ports, vulnerability of operational technology (OT) to cyber threats is increasing, reducing the air gap between this technology and the connected network. Dr Tam warned these trends lower the security within OT to cyber threats.

If port operators introduce redundancy into IT and OT this could improve security and recovery after an intrusion. “But if this redundancy is too similar, they will have the same vulnerabilities,” said Dr Tam.

University of Plymouth is researching appropriate risk assessment for cyber and cyber-physical systems in maritime and in ports. It is looking at IT and OT systems, with the “aim of giving people information critical for cyber safety and cyber resilience in this sector”, said Dr Tam.

“We are looking at specific case studies for cyber security at ports and we are talking to many in the cruise, container and oil sectors.” The university is considering the plausibility of attacks, calculating realistic risks and the cost of a port cyber attack.

University gains US$3.9M funding for bridge system assessment platform

University of Plymouth’s maritime cyber threat research group’s Cyber-Ship Lab project has made significant progress since it secured £3M (US$3.9M) combined Research England and industry funding in January.

It is creating a unique platform to reproduce any ship’s bridge systems – in service or under development – to assess their cyber risk.

This project has 20 partners on board. More are expected to follow as the research group has gained 150 additional expressions of interest from shipbuilders, maritime IT and operational technology manufacturers, classification societies and insurers.

Named partners include BMT UK, BT Ventures, Eaton, Hensoldt UK (formerly Kelvin Hughes), Altran Group’s Information Risk Management and Lloyd’s Register’s Nettitude.

This project is in the design and build phase. This involves acquiring an extensive and comprehensive collection of in-service or under-development ships’ bridge equipment such as voyage data recorders, radars, automatic identification systems, ECDIS, firewalls, switches, and uninterruptable power supplies.

Various partners have committed to, or are in discussions about, providing their experts’ time or real-world datasets to populate the Cyber-Ship Lab platform.

The group has secured an additional £160,000 (US$207,843) MarRI-UK funding for its Maritime Cyber Risk Assessment framework (MaCRA) work. This has progressed to the market validation stage of the UK Government’s Department for Digital, Culture, Media & Sport’s cyber security academic start up accelerator funding competition, Cyber-ASAP.

Meanwhile, as part of its Cyber-MAR project involvement, the research group is progressing complementary cyber-range work with specialised European container port authorities, enabling them to assess cyber risk and build threat resilience.