Tomorrow marks a very sad day in our nation’s history . . .
9/11. I will never forget what I was
doing that day, or how I even heard about the first attack coming in. I will just leave it at that. May our Lord and Savior continue to bless all
of the victims of that horrible day, and let any healings continue.
Since then, security has always been a hot button topic for
American citizens and our own government.
But back then, it was all about physical security, Cyber was still
barely even thought of.
Airports and airlines went on a huge lockdown like never
seen before, and still even continue to do this day, to varying degrees or
another. But to be honest, every point of entry and exit into the United States
is at risk.
This not only includes the roadway point at the borders in
Canada and Mexico, but even our maritime ports as well. While increased traffic means that there is
more international trade going on, it also poses not only the physical but even
Cybersecurity risks as well.
Just consider some of the stats:
*Maritime trade increased by over 22% since COVID-19 hit;
*The stopping period for the large cargo ships has now
become almost 32 hours versus the 28 hours it once was back in 2020.
It is this longer dwell time that is starting to raise concern
here in the Cyber community. But
Cybersecurity around these ports is a very complex issue because there are so
many factors surrounding it. Consider
the following:
*Physical security is still a risk – for examples, stowaways
are still a huge problem, especially from those ships coming in from China and
regions there;
*Many ships come from other countries – thus they are using
outdated technologies that cannot be updated with the more recent software
patches and upgrades;
*Many maritime ports both here in the United States and
abroad are still using outdated Critical Infrastructure equipment. Because there is so much interdependency here
that you simply cannot rip out old systems and put new ones in. It’s almost like other pieces of Critical
Infrastructure that we have on land.
*It takes a lot to get a cargo ship from its point of
origination to its point of point of destination. There are many parties involved, and all of
them have to be held accountable and aware for what is going on. The captain of the ship is just one part of a
huge cog.
But unfortunately, there is really nothing that can be done
to fix all of these vulnerabilities in a short period of time. All of the parties involved in maritime
affairs have to agree with what has to get done. Some examples of Cyber threats include the
following:
*Out of life Operating Systems, like Windows 7 or Windows 8;
*Software packages that have not been updated in a long
period of time;
*No antivirus protection that is being used;
*Open ports on the ship’s computer network;
*The lack of 2FA or MFA protocols;
*Staff that is not trained in what Cyber Hygiene is all
about.
What is even more startling is that Cyberthreats to maritime
have increased well over 400% on a global basis. According to Cyber experts that specialize in
this area, a contributing factor to this huge increase is due to the Industrial
Internet of Things, also known as the “IIoT”.
This is where all of the objects that we interact with both
in the virtual and physical worlds are all interconnected together. While this can be advantageous, it poses
grave threats as well, because these connections are often not secure
themselves.
So if point is hit, this will lead to an overall cascading
effect, very much in the same fashion that a supply chain attack would (such as
the Solar Winds one). Making things
worse, before a ship can dock here in the United States, the captain of the
maritime vessel must fill out an extensive amount of paperwork before they are
allowed to dock.
Very often, this can be well over 40 pages long, thus adding
more aggravation when trying to get cargo off on time.
These must be sent to the maritime point of destination and
approved before the cargo ship is allowed to even dock. So in this regard, email or file transfer
protocol has to be used, but then even there are risks, such as hijacking of
the FTP Server, or making the documents part of a large-scale Phishing attack.
These both could be easy to do, especially if there is a
mismatch between the cargo ship’s technology and the maritime port. As a result, there will be many backdoors for which the Cyberattacker can
easily penetrate into.
My Thoughts On This:
As it was examined earlier in this blog, there are simply
too many entities and moving parts which are far too outdated in which a fast
solution can be found. If anything, it
can take just as long or even longer than the airline industry to come to grips
with what is happening in maritime security.
Security at the airports is far better now since 9/11, but it took how
long? 10 years? 15 years?
To solve the issue of maritime Cybersecurity means that we
have to take a step back, and look at the entire picture from a holistic
sense. In this regard, perhaps probably
the best way to get started is from the cargo ship itself.
Before they are allowed to dock, the captain of the ship should run through a
checklist of what has or what hasn’t been done from a Cyber point of view, and
transmitted to the officials at the point of destination.
Then from there, based upon the results of the checklist,
the port authority should then decide whether to allow the ship to dock or back
to its homeport. But of course, this
checklist can be forged as well. In
order to stop this from happening, the United States Federal Government needs
to hire the total number of Border Control Agents. And, just as much as they check for dangerous
cargo, they should also be able to conduct risk assessment on the ship’s IT and
Network infrastructure as well.
No comments:
Post a Comment