By Leischen Stelter
Editor, In Public Safety
Ports contribute approximately $3.15 trillion in business activity to the U.S. economy and handle more than 2 billion tons of domestic, import and export cargo annually, according to the American Association of Port Authorities (AAPA). So it is no surprise that physical protection and cybersecurity of ports is a high priority.
Since the Sept. 11 attacks, the government has spent more than $2.5 billion improving the physical security components of ports including: hardening perimeters with fencing, improving surveillance systems, authenticating personnel via the Transportation Workers Identification Credential (TWIC) program, adding sophisticated cargo screening technology, implementing land and sea patrols, and much more.
The U.S. Coast Guard is focusing on hardening ports against cyberattacks. On Jan. 15, the USCG held a maritime cybersecurity standards public meeting to discuss cyber threats to our nation’s ports.
“The Coast Guard has a long, proud history of protecting our coasts, our maritime interests and American waters from all manners of hazards and threats. Cybersecurity is one of those threats, and we need to figure out the best way to address those threats,” stated Captain Andrew Tucci of the USCG Office of Port & Facility Compliance during the meeting.
Determining how to protect the nation’s ports against cyberattacks will continue when officials and academics gather March 2-3 at the Maritime Cyber Security Learning Seminar and Symposium at CCICADA at Rutgers University to discuss cybersecurity risks, threats and counter measures.
The Threat of Cyberattacks on Ports
Ports are especially vulnerable to cyberattacks because their operation—and the operation of ships entering and exiting ports—depends heavily on technology, explained Ernie Hughes, who teaches the Port and Terminal Operations course in the Transportation and Logistics Management master’s program at American Military University.
“Throughout the supply chain, nearly all the transportation devices are just big computers and, increasingly, trains, trucks, ships and airplanes are all automated,” said Hughes, who has held technology-based positions in companies including Boeing, Tenneco and Getty Oil. “Today a ship largely drives itself using a complex computer system and humans merely monitor things.”
Such reliance on technology makes ships and ports extremely vulnerable. Imagine what could happen if a hacker gained control of a cargo ship’s navigation system?
Hardening old Systems to new Threats
The dependence on computer systems and technology means that today’s ports must harden their networks against cyber threats and face issues updating older technology systems.
“Many of our transportation systems—including those operating ports and ships—were built when the threats were different,” said Hughes. Many of these systems were not designed with the sophistication required to keep hackers and other intruders out because they were built at a time when network security was not a requirement.
Even if the government or private business invests money to protect such systems, it can take a long time for such changes to be developed and implemented, adding to the challenge of keeping pace with ever-evolving cyber threats.
It can also be challenging to convince port operators and ship owners that such network enhancements are worth the cost. “Security is a non-functional requirement. It’s not something businesses do unless they need to and doing so is based upon the perception of risk,” said Hughes. Because an attack has not (publicly) occurred, many operators may not believe upgrading their systems against a cyberattack is worth the high investment.
However, as cyberattacks on private businesses and government agencies continue to make national news, the need to protect the nation’s hub of commerce and its economic driver will only become more apparent and urgent.