The Port of Seattle has far more to worry about these days than just the dispute over Shell’s Arctic drilling fleet. A new report finds that the entire maritime industry is woefully unprepared for a cyber attack.
A recent study by CyberKeel found that 37 percent of companies running Windows web servers haven’t kept up with installing the latest Microsoft security patches. The Copenhagen-based cyber security firm’s CEO and co-founder Lars Jensen, said that leaves them vulnerable to hacks.
He said there are three types of people targeting the world’s ports and shipping companies.
“One being criminals that are after your money. The problem with them is they are extremely resourceful. Then you’ve got ‘hacktivists’ that are just out there to basically destroy you whichever way they can,” he said.
Perhaps most troubling are hackers that are backed by governments intent on crippling their rivals.
Jensen said his findings are industry-wide and he can’t say how secure our local ports are, the ports of Seattle and Tacoma have not responded to our inquiries.
While ports and companies rarely disclose if they’ve been hacked, Jensen points to a number of examples, such as sophisticated drug dealers that took over systems in Antwerp, allowing them to manipulate cargo manifests and smuggle drugs undetected.
That’s just the tip of the iceberg. Hackers penetrating a system could easily delete information about all of the containers in a port at any given time, causing confusion that could take weeks to sort out.
“Imagine losing the information as to which containers you have where, who they belong to, where they are, where they’re going,” he said. “That would basically shut down the entire port and wreak havoc, not just with the port but with the every supply chain reliant on that port and that would be a major blow to that economy.”
He said that could compare to the 2002 labor dispute that shut down West Coast ports for 10 days, costing an estimated $1-to-2 billion dollars a day.
But that’s not the only threat. Hackers can easily take over GPS systems that control everything from ships to cranes.
There has been proof of concepts that you could actually remote navigate a vessel without the captain on board being able to determine that is going on. But what you also have to realize is that as terminals are getting more and more automated, you are reliant on a number of industrial control systems.
Securing those systems is an increasing challenge as everyone involved in moving 90 percent of the world’s goods become more interconnected, but don’t do enough to safeguard those common systems.
“When we ask ‘okay, so you are hooking up with all of these entities either directly or you hook up through various industry portals…what questions do you ask of each other in terms of cyber security?’ And the answer almost always is ‘none,'” Jensen said.
Espionage, hijacking, cyber terrorism. It sounds like a Hollywood movie. But Jensen said the threat is very real. He hopes the report is a wake-up call to an industry that handles 90 percent of the world’s goods. After all, it wouldn’t take much to launch a successful cyber attack that could leave our store shelves bare and companies crippled.
“You are never going to be 100 percent safe. No such thing exists. So what you should look at is how much safer can you be with what tools. Then choose the tools accordingly,” he said.