Ports Protect Assets Through Cybersecurity Plans
Jones Walker LLP recently presented the results of the firm’s 2022 Ports and Terminals Cybersecurity Survey. The results reflect responses of 125 senior executives from blue- and brown-water ports and terminals across the United States. While the national law firm’s previous surveys focused on the greater maritime industry and the midstream oil and gas sector, this third survey examined ports and terminals directly. The results confirmed cybersecurity is a growing concern for owners and operators of ports and maritime terminals, the firm said.
Key findings included that despite 90 percent of port and terminal respondents reporting preparedness, 74 percent indicated their systems or data had been the target of an attempted or successful breach within the past year.
Companies reported a fear of ransomware that appeared to be outpacing actual ransomware events. Although 45 percent of survey respondents named ransomware as their biggest perceived threat, only 20 percent of respondents whose organizations had been victimized by a cyber attack cited ransomware as the primary method of attack. Instead, survey participants directed blame at solo hackers and organized criminal groups as the top threat actors, with nation-state affiliated groups as a close third.
Jones Walker LLP recommended that ports regularly test and update their response plans to be prepared for any kind of cyber attack. The firm noted that although 73 percent of respondents to their survey reported having a written incident response plan, only 21 percent said it had been updated within the past year. Half said their facility conducted tabletop response exercises either irregularly or not at all. Additionally, Jones Walker LLP pointed out the importance of frequent cybersecurity training.
Port Security Efforts
Ports reported taking a comprehensive view of cybersecurity threats to craft their response plans.
“The Ports of Indiana has an information technology manager and security manager on staff who monitor and implement best practices,” said Jennifer Hanson, public relations manager for the Ports of Indiana. “Our ports and customers are our top priorities, and security protocols have always been in place.”
Captain Paul C. LaMarre III, director of the Port of Monroe, spoke about evolving trends.
“As national cybersecurity trends continue to evolve, protective measures at the Port of Monroe aim to be in lockstep with the U.S. Coast Guard requirements and those of the Department of Homeland Security,” he said. “As our facilities transition towards becoming a full service container terminal that employs highly sensitive scanning equipment, it will be critical to ensure the utmost safety and redundancy in our systems.”
While ports were understandably reticent to reveal too many details of how their systems work to prevent cyber-attacks, some general best practices guided their efforts. For the Port of Monroe, LaMarre said those included having a firewall separating the port’s internal network from the internet, computers with active firewall software, email delivery that includes spam filtering, not sharing network passwords with guests or posting them in common areas, and training employees not to open email attachments or click on links that may lead to phishing sites.
The port continues to update firewall protections and update passwords, he said. Additionally, in the event of a breach, business critical data is backed up offsite to protect against any malicious attacks.
Advice from CISA
Whether it is for work, education or entertainment, an estimated 4 billion people now access information online, creating a rich target for potential exploitation, according to the Cybersecurity and Infrastructure Security Agency (CSA).
“Hackers and cybercriminal groups have engaged in a nearly round-the-clock effort to find vulnerabilities in our networks, and as technology continues to improve, their methods will only become more sophisticated,” said Alex Joves, region 5 director for the Cybersecurity and Infrastructure Security Agency (CISA).
CISA has determined that compromises to business email systems and ransomware attacks are the most common cyberthreat to the nation’s critical infrastructure, when looked at as a whole.
“Ransomware remains the fastest growing cybercrime,” Joves said. “In 2021, CISA and several of its international partners observed an increase in sophisticated ransomware attacks against critical infrastructure organizations.”
As part of the response to those observations, CISA created its Shields Up campaign in late 2021 to encourage companies to step up cybersecurity efforts and protect their most critical assets.
“Through Shields Up, we’ve been providing up-to-date technical products and security guidance, as well as steps that organizations, businesses and individuals can take to heighten their security posture and ensure they are prepared for a disruptive cyber incident,” Joves said.
Information about the campaign is available on the CISA website at CISA.gov. The site also includes free services and products to help maintain cybersecurity. Additionally, companies may also sign up for CISA’s alerts and advisories.
Joves provided some specific guidance for ports looking to improve their cybersecurity.
Using strong passwords with eight or more characters that includes at least one uppercase letter, one lowercase letter and a number is one of the easiest and oftentimes overlooked ways to improve cybersecurity, he said. To help maintain awareness of cyberthreats to critical infrastructure, companies may also sign up for CISA’s alerts and advisories.
He also suggested adding an extra layer of protection by implementing multi-factor authentication on accounts, which he said make it significantly less likely an account will be hacked.
Additionally, CISA suggested updating operating systems and software with the latest security patches and raising awareness about the risks of suspicious links and attachments by implementing user training and phishing exercises. According to CISA, more than 90 percent of successful cyberattacks start with a phishing email.
It is important to implement strong “cyber hygiene practices” across all environments, to include port industrial control system assets, especially those with the potential to create unsafe operations, such as liquid cargo handling systems, automated container handling equipment and fire suppression systems, Joves said.
In the event of an attack, companies need a basic cyber incident response plan and associated communications plan that includes response and notification procedures for a ransomware incident, CISA advises.
“The most significant action a port operator can take would be to contact their local CISA cybersecurity adviser, or CSA,” Joves said. “Our CSAs can offer cybersecurity assistance to critical infrastructure owners and operators and introduce organizations to various cybersecurity programs, products and services we provide. CSAs can also provide cyber preparedness services, assessments, planning and exercise assistance and incident coordination during cyber incidents.”
The U.S. Coast Guard also has Marine Transportation System cybersecurity specialists who can provide similar support, along with assistance regarding compliance with maritime regulations. Often regional organizations, such as Area Maritime Security Committees, offer opportunities for port stakeholders to share information and coordination on threats.
“While we can’t speculate on future cybersecurity risks port operators may face, CISA encourages all businesses, organizations and governmental agencies be proactive by ensuring they practice good cyber hygiene principles, maintain and exercise a basic cyber incident response plan and make sure their employees receive cybersecurity training,” Joves said.
Port Milwaukee and The DeLong Co., Inc. have celebrated the grand opening of the $40-million Agricultural Maritime Export Facility on Jones Island. Representatives from the Port, DeLong and the city of... Read More