DHS: U.S. seaports, ships vulnerable to cyber attack

(Cyberwar.news) A new analysis from the Department of Homeland Security’s Office of Cyber and Infrastructure Analysis found that seaports in the United States are increasingly vulnerable to hacking and cyber attack.

The analysis [PDF], which also found that ships at sea are also at risk of hacking, said that unless the vulnerabilities are addressed, “they will pose a significant risk to port facilities and aboard vessels within the Maritime Subsector.”

Potential vulnerabilities include “limited cybersecurity training and preparedness, errors in software, inadequately protected commercial off-the-shelf technologies and legacy systems, network connectivity and interdependencies, software similarities, foreign dependencies, global positioning system jamming-spoofing, and insider threats,” the analysis said.

The analysis also said that a cyberattack on port IT networks or aboard ship could result in a major loss of cargo, disruption of port operations and physical and environmental damage, depending on the targeted systems. Cyberattacks could damage port operations for weeks or months, thereby dramatically affecting trade and commerce, the analysis said.

“The impacts to critical infrastructure sectors depend on how a cyber attack affects a port, the level and length of disruption that occurs at the port, and the capability to divert shipments to other ports,” it said. “Although all sectors rely to some degree on the goods that transit U.S. ports, those most likely to be affected by a port disruption are the Critical Manufacturing, Commercial Facilities, Food and Agriculture, Energy, Chemical, and Transportation Systems.

“If more than one port is disrupted concurrently by a cyber attack, a greater impact to other sectors of critical infrastructure is likely to occur,” the analysis continued.

DHS said that a number of mitigation measures can be implemented to boost cybersecurity and resiliency at ports, including the establishment of maritime cybersecurity standards, information sharing across the sector, routine vulnerability testing and assessments, focusing more on potential insider threats and developing contingency plans for cyber attacks.

The analysis said that in the U.S. and its territories there are approximately 3,200 cargo and passenger handling facilities located within 360 ports. Of those, some 150 are considered deep water seaports operated by 126 public seaport agencies. Ports are located along the Atlantic, Pacific and Gulf coasts, as well as the Great Lakes, Alaska, Hawaii and U.S. possessions.

In 2013, oceangoing vessels made 74,188 calls at ports in the United States. Of these calls, 28,679 were tanker ships, 17,540 were container ships, 12,648 were bulk ships, 5,292 were roll-on roll-off (Ro-Ro) ships, 8,241 were general ships, and 1,788 were gas ships, the analysis said.

See also:

CONSEQUENCES TO SEAPORT OPERATIONS FROM MALICIOUS CYBER ACTIVITY [PDF]

Cyberwar.news is part of the USA Features Media network.