Biden takes measures to protect US ports

A number of factors have been pushing up shipping costs, including traffic backing up at the Panama Canal due to low water levels – Copyright GETTY IMAGES NORTH AMERICA/AFP JUSTIN SULLIVAN

In the U.S., with recent plans for an Executive Order to bolster the security of the nation’s ports, Itay Glick, OT expert and VP of Products at OPSWAT tells Digital Journal why these security measures are necessary.

The Executive Order grants the Department of Homeland Security the authority to address maritime cyberthreats and boost cybersecurity standards to improve the security in port networks.

Glick begins by highlighting the vulnerabilities within the shipping sector: “The maritime industry stands as a cornerstone of global economies and trade, its significance pinned by its role in fuelling international commerce. However, the sector faces vulnerabilities in its infrastructure for several reasons.”

Delving deeper into these vulnerabilities, Glick identifies: “One significant challenge is the convergence of IT and OT, alongside the increasing digitization of industrial control systems and satellite communications. These advancements, including the integration of Industrial Internet of Things (IIoT) for various sensors and systems such as bridge controls, safety mechanisms, propulsion, navigation, and port supply chain management, etc., expose maritime operations to cyber threats.”

In addition, Glick raises: “Many critical networks and infrastructures in the maritime sector still rely on outdated technologies not designed for internet connectivity. Processes like updating systems via USB drives can inadvertently introduce vulnerabilities, posing risks to the integrity and security of maritime operations.”

Ohe central issue of cybersecurity, Glick says: “OT cybersecurity is often overlooked, leaving critical maritime systems susceptible to exploitation and attack. For example, look at the incident from last July when Japan’s port of Nagoya fell victim to the LockBit 3.0 ransomware attack. The incident brought operations to a standstill for several days, impeding the loading and unloading of cargo from ships. This type of threat gains entry into victim networks through various means, including exploitation of Remote Desktop Protocol (RDP), phishing campaigns, abuse of valid accounts, and the exploitation of public-facing applications.”

As to the recommended actions, Glick picks out the key messages: “The advisory suggests that port operators follow globally recognized cybersecurity best practices, including regular backups of critical software programs, stringent physical security measures, and meticulous access control over devices and infrastructure. It also emphasizes the importance of promptly notifying relevant authorities such as the Coast Guard, CISA, and the FBI upon detecting compromised equipment or suspicious activities within marine transportation systems, as well as OT and IT assets.”

There are other measures that shipping firms can adopt. Here Glick pulls out other areas missing from the U.S. government document: “I would recommend additional best practices, including securing data. There are cases where information would come from removable media, the industry should adopt a comprehensive peripheral media protection program to safeguard their systems. Also, the OT network for a maritime port is no different than an OT network for other critical infrastructure verticals. On ships, data diodes have been deployed to securely get data off of ships without compromising critical systems like navigation, weapons and operational control.”

Nonetheless, the new order is a step forwards, says Glick: “While the Coast Guard is in the process of accepting comments on establishing minimum cybersecurity requirements for the maritime industry, the Executive Order signifies an important step towards enhancing the security of one of the nation’s most critical industries and our supply chain.”