Cyber risks of increased automation

Cyber risk: With the increase in automation, ports can expect a marked uptick in the number of cyber attacks Photo: Yuri Samoilov Cyber risk: With the increase in automation, ports can expect a marked uptick in the number of cyber attacks Photo: Yuri Samoilov
Industry Database

With increasing automation of systems and equipment, expect a marked uptick in the number of cyber attacks on ports, a security specialist has warned.

Speaking at Navis World, Darich Runyan, senior director, information security at Virginia Port Authority, said the increasing public awareness of automation uptake in terminals leaves the sector vulnerable to hackers.

“We are underprepared for what’s out there in terms of cyber threats. As we see more press about terminals going online and being automated we are going to see more uptake of cyber attacks,” he said. “The more we automate, the more dependent we are on data therefore the integrity of the data is paramount.”

The internet has lowered the entry barrier for hackers and since 2010 there has been a significant increase in attacks on automation. The majority of these attacks come from external sources.

One weak point is external vendors that plug into operational systems, yet don’t support encryption or even passwords. “When an engineer comes in and plugs into a crane that can be a breach of your network,” said Mr Runyan.

If a terminal has been compromised it may not even know until months after the breach, he continued. “When an attacker comes in there is a lot of planning and scoping. Then comes reconnaissance and scanning. The third step is exploitation. This all takes time – hackers can start a year or so before they actually attack and it can take months to detect.”

Mr Runyan advises that ports implement a number of strategies, including adhering to the principal of least privilege – never let anyone know more than they need to do their job; whitelisting of applications; proper configuration management – knowing what’s on every machine; and implementing identity management.

He recommended that ports deploy the CIS diagnostic critical controls for corporate networks: “Just implementing 50% of these will reduce over 90% of attacks.” He also advised that ports undertake exercises to test resilience and implement a user awareness campaign. “The users are the weakest link".”

He added that cyber security must be initiated from the top down: “Sites that are successfully deploying have CISOs that report directly to the CEO.”


Very first installations by new SFT Spanish office

Our new office in Spain is not even a year old and we already celebrate two successfully completed i... Read more

CM Labs Expands Lineup of Port Training Solutions with ITV Simulator Training Pack

Montreal, QC, June 20, 2018 — At TOC Europe 2018 (Stand D40), CM Labs Simulations, the world leader ... Read more

Training programs further develop steel production facility

ShibataFenderTeam has a new welding supervisor for the steel fabrication at our production facility ... Read more

ShibataFenderTeam continues involvement in Surinam

Since 2012 ShibataFenderTeam fenders support the smooth berthing operations from VABI in Surinam. Read more

Enhanced Hazcheck Restrictions Portal Launched, 1 May 2018

Exis Technologies, with the support of leading shipping and freight insurers, TT Club and UK P&I Clu... Read more

Successful participation and presentation at exhibition in Beira, Mozambique

The exhibition series ‘Intermodal Africa’ organized by Transport Events is always a good possibility... Read more

View all