Could the next homeland attack be against US seaport cyber security?
- Published: Friday, 06 May 2016 07:55
Dr. Jim Kennedy highlights the importance of the port and maritime sector to business-as-usual for the US economy; and asks whether an ISIS information security attack could target the US maritime, vessel and port computing network infrastructure.
The US maritime transportation system is vital to both the US and the global economy. According to the US House Transportation Committee the United States relies on ocean transportation for 95 percent of all cargo that moves into and out of the country. There are approximately 361 US seaports which handle over $700 billion and approximately two billion tons of domestic and international freight each year, vessels from foreign countries make over 50,000 US port calls annually.
The US simply could not carry out a major portion of its economic mission without its seaports. The transportation sector is of vital importance to the US economy. A truth which is underscored by the fact that more than $1 out of every $10 produced in the US gross domestic product is related to a transportation activity. Almost all of the country’s external trade and great majority of its internal trades are transacted and consummated using the many ocean, lake, and river ports. In fact, the shipping industry is considered part of the nation’s critical infrastructure.
Beyond the very complex system of ships, container ports, and ground shipping needed to operate the seaport industry, information technology is a major component in the shipping industry’s success and helps it to sustain its high volume operations and physical security.
Every container shipped, every ton of materials moved from one point to another, can only be accomplished by a series of sophisticated computer transactions, database interactions and electronic forms that are intercommunicated over a complex maze of public and private electronic networks across the US and the globe.
In addition to aiding the success of America’s economic endeavors these systems also provide the means for the Department of Homeland Security and the US Coast Guard to track and inspect cargoes to ensure that materials potentially hazardous to safety and wellbeing are not entering into the US without their knowledge. America’s safety and security rely upon the information that these systems provide.
The data security and availability of the information, the systems, and the networks that support the maritime industry is absolutely essential to the maintenance of the US and the world economies and the ultimate safety and security of the citizens and ports through which they move. So with so much riding on the confidentiality, integrity and availability of the information needed to transact seaport business to move items from one point to another it needs to be as secure as the electrical generation and distribution systems, the telecommunications infrastructure, the financial organizations, and the healthcare systems.
But, as we see every day, the systems used by these critical infrastructure industries are not always as secure or available as they need to be. From a recent INTERPOL 2014 cyber report:
- 2011 - Pirates suspected of exploiting cyber weakness for use in targeting vulnerable shipments through ports.
- 2012 - Foreign military compromises multiple systems on board commercial ships contracted by US TRANSCOM which provides materials for military replenishment.
- Over 120 ships including major Asian Coast Guard vessels experience malicious jamming of GPS signals.
- 2013 - Drug smugglers hacked cargo tracking systems in major EU ports to avoid detection.
- 2014 - A major US port facility suffered a system disruption which shut down port operations for several hours.
So as you can see how vulnerable our vessel and port systems are. Let's look at the information technology utilized in the maritime and seaport industry:
More about maritime Information technology
The information technology utilized by the maritime and seaport industry is very much like those used by any other business. It consists of networks (intranet, local area networks, and WiFi) that are interconnected by public and private communications links (the Internet or other telecommunications circuits). The computing platforms and their associated programs are connected to the private networks to other networks or the Internet and provide access to applications that enable the shipper to interact with financial institutions, Government Customs, freight forwarders, port operators, vessel agents, and other inter-modal transportation providers who are all needed to move items from one point to another.
Many transactions are accomplished utilizing electronic data interchange (EDI). Wikipedia defines EDI as: inter-company, application-to-application, communication of data in standard format for business transactions. EDI is a set of standards for structuring information that is to be electronically exchanged between and within businesses, organizations, government entities and other groups. The standards describe structures that emulate documents, for example purchase orders to automate purchasing. The term EDI is also used to refer to the implementation and operation of systems and processes for creating, transmitting, and receiving EDI documents. In fact, many seaport transactions take place without any human intervention at all. Once the process is started many of the port operations depend upon the systems to ensure that all of the forms needed are created, processed, and exchanged via EDI. As long as no errors are encountered information is transferred automatically.
The systems provide services such as booking a carrier; providing shipping instructions; tracking and tracing of containers and materials being shipped; and schedules of ships, shipping companies and ports serviced. The scheduling database is one such important system which keeps track of the dates and time of sailings and docking of vessels in port.
Critical data in the wrong hands could provide important information that would result in a catastrophic event occurring. One such document, containing important information, is the ‘Bill of Lading.’ This document provides a description of the materials being shipped along with who is shipping it, on what ship and in what container number, and who it is being shipped to.
If these systems or networks were to be hacked, the hacker(s) would be privy to the kinds of materials being shipped and the dates and the destination locations of shipments; which would provide valuable intelligence about pending or planned military or law enforcement operations or activities, or worse, access by terrorists to shipments of weapons, ammunition, or hazardous or radioactive materials.
Without the information technology used today the ability of ports to process and efficiently move the extremely large volumes of materials that they do would be impossible, making the availability and the security of the systems and networks critical. The information contained within the systems and moved across the networks is also essential and needs to be relied upon for its availability, accuracy and timeliness.
So what are the threats to these seaport and maritime systems?
While each shipping portal, seaport operation, and vessel operator is unique, any of them in their normal operations are likely to encounter a wide variety of threats responsible for nearly all successful and attempted intrusions against their organization’s IT infrastructures. These threats include insiders, industrial or state sponsored espionage, organized crime and hackers.
Based on all of the hard work of IT and information security teams we are beginning to see real progress on protecting the operations against external threats. However, the bad news is that we are being faced with a new challenge – that of protecting the critical information assets from insider threats. Insider attacks account for as much as 80 percent of all computer and Internet related crimes. 70 percent of attacks causing at least $20,000 of damage are the direct result of malicious insiders.
In fact, the US Secret Service National Threat Center has indicated that: “The greatest information security threat facing your organization is in your office right now. It has the ability to bypass the physical and logical controls you have put into place to protect the perimeter of your network and has already obtained credentials to access a significant portion of your infrastructure.”
It is also important to note that an insider could very well be directly or indirectly involved with a terrorist organization such as ISIS.
Industrial or state sponsored espionage
Much has been discussed over the last several years regarding the threat of industrial espionage conducted by both competitors and state-sponsored intelligence organizations. Industrial espionage continues to be a threat but to a lesser degree of the others we will discuss.
Conceptions of national security have adapted over recent years, especially after 9/11, to include the attack and defense of the information technology systems and networks of critical infrastructures such as maritime shipping. In congressional testimony, the director of the CIA acknowledged that over 100 nations are currently developing some type of information warfare program.
The US is probably the most vulnerable to attack as it is the country most reliant on information technology. While this threat is real, the likelihood of a state-sponsored full-scale attack is low because any significant attack on the US will most assuredly have severe political and economic consequences for the attacking nation. Additionally, a stated US policy allowing for a proportional conventional military response to information warfare attacks serves as a deterrent for those nations looking to utilize information warfare to harm the US or its critical infrastructures.
Here again, states that sponsor espionage often are the same states that support terrorists such as ISIS.
There have been no strong indicators that traditional terrorist groups, such as ISIS, will divert from conventional tactics (such as those recently accomplished in European cities) to launch cyber terrorism attacks, but the threat of cyber terrorism should remain a high-profile concern.
A very real terrorist threat is the possibility that information obtained from penetrating (hacking) maritime ‘materials and transportation’ systems could be used in the planning and carrying out of conventional attacks, leaving the door open to such attacks in future.
One should understand that many ISIS fighters have been trained in IT and network engineering and cyber security at many of the top US and European Universities. Therefore, they have the training and capability to carry out such attacks.
Threats from hackers
On a regular basis most organizations are likely to face threats from
some type of hacker. Scanning and probing of networks occurs on a daily basis against specifically targeted organizations and random network attached systems.
Organizations should be actively monitoring for probing and attacks.
Hackers can use various means such as known lacks security practices, published software or operating systems bugs and the launching of viruses and worms to breach IT systems and networks in maritime operation. It is interesting to note that many of the system hacks reported in the news are attacks on vulnerabilities which were known for over three to five years.
Note that there are hackers for hire that are paid by organizations such as ISIS to breach targets important to them.
Types of attacks
Any of the above types of cyber attackers can employ a wide variety of tools to breach a seaport or maritime IT systems. They could exploit software bugs which leave IT systems vulnerable to attacks, especially if patches are not kept up-to-date. They could utilize one of the many scripts available to view packets over the network and then crack passwords to gain access to sensitive information and systems. Or worse, using the information viewed to perpetrate a theft or physical attack to damage the goods. They could launch denial of service attacks which would keep real users of the critical systems from utilizing those systems when needed thereby causing a loss of revenue to the port and vessel owners. These denial of service attacks could also blind the physical security services personnel if the same network used for business transactions were used to provide video surveillance of the port’s premises which is often the case. Attackers could also launch viruses or worms that could corrupt or destroy valuable data or disable systems until the infected systems were identified and the malicious software was removed. Any of these types of attacks could bring the shipping industry to a grinding halt if not properly protected against thereby shutting down the flow of needed materials to feed the economic engines of the US.
The ubiquitous use and high importance of information technology to handle the transportation of goods and materials via our seaports has added a new dimension to our homeland security and data security threat landscape.
These threats can vary from hackers or organized crime, aiming to make financial gain from breaching the IT systems, to cyber threats that could threaten national security. The issue that needs to be impressed upon the reader is one of due diligence. Those charged with protecting critical business and governmental IT infrastructure need to make sure that organizational leaders have the necessary information to make informed choices for the protection of critical and sensitive information and systems utilized by the maritime industry.
Dr. Jim Kennedy, MCTE, MRP, CEH, CHS-IV, SSIC is the chief consulting officer of Business Continuity/Security Services for Recovery-Solutions. Dr. Kennedy has over 35 years' experience in the information security, business continuity and disaster recovery fields. He is the co-author of three books, ‘Security in a Web 2.0+ World, A Standards Based Approach’, ‘Blackbook of Corporate Security’ and ‘Disaster Recovery Planning: An Introduction’ and author of an e-book, ‘Business Continuity & Disaster Recovery – Conquering the Catastrophic’. Contact Recovery-Solutions@xcellnt.com