US ports are also vulnerable to cyber attacks that could “allow the release of harmful and dangerous chemicals” in urban areas, the alert was raised by a Michigan congressman on Thursday.
The Rep. Candice Miller, R-Mich explained that a cyber attack against a US port could cause serious damage to populated areas thanks to security gaps left unfixed by the Department of Homeland Security.
According to the congressman, the security issues were reported more than a year ago by the Government Accountability Office, but the DHS hasn’t taken the necessary steps to fix them.
“The security gaps were pointed out more than a year ago by the Government Accountability Office, but DHS officials haven’t moved against them even though there have several digital attacks on U.S. port facilities in recent months” states The Daily Caller.
According to the GAO’s Information Security Issues Director Gregory C. Wilshusen, the prevention of cyber security breaches of ports is crucial because these infrastructures are near large metropolitan areas.
U.S. ports handle “more than $1.3 trillion in cargo each year,” Wilshusen said. “A major disruption in the maritime transportation system could have a significant impact on global shipping, international trade, and the global economy, as well as posing risks to public safety.”
The cyber security issued “are particularly concerning, not only from an economic standpoint, but because of the dangerous cargo such as liquefied natural gas and other certain dangerous cargoes that pass through the nation’s seaports,” said Rep. Candice Miller, R-Mich.
“The Coast Guard, and DHS as a whole, have been slow to fully engage on cyber security efforts at the nation’s 360 seaports,” Miller said. “The Coast Guard has not yet conducted cyber risk assessments, though some individual ports have taken the initiative themselves.”
The threat to the US ports is not only theoretical, the congressman revealed that an unnamed foreign state-sponsored hackers are “suspected” of hacking multiple systems a commercial ship contracted by the U.S. Transportation Command.
Hackers and ports are not a new combination as confirmed by Miller, she added that “in Europe, drug smugglers attempted to hack into cargo tracking systems to rearrange containers and hide their drugs.”
In 2013, an investigation of a cyber-attack on the Belgian port of Antwerp allowed law enforcement to discover that drug traffickers recruited hackers to hack IT systems that controlled the movement and location of the containers.
“Police carried out a series of raids in Belgium and Holland earlier this year, seizing computer-hacking equipment as well as large quantities of cocaine and heroin, guns and a suitcase full of cash. Fifteen people are currently awaiting trial in the two countries. Mr Wainwright says the alleged plot demonstrates how the internet is being used as a “freelance marketplace” in which drug trafficking groups recruit hackers to help them carry out cyber-attacks “to order”. “[The case] is an example of how organized crime is becoming more enterprising, especially online,” he says.
The Europol official confirmed that organized crime groups were paying for hackers involved in criminal activities. The profitable collaboration started at least in 2011, Dutch-based trafficking group hid cocaine and heroin among legitimate cargoes, including timber and bananas shipped in containers from South America. The role of hackers based in Belgium was to infiltrate computer networks in at least two companies operating in the port of Antwerp to access secure data giving them the location and security details of containers.
Modern ports are high technological environments composed of complex systems that exchange a large amount of data. Computer systems are used to coordinate the activities, monitor the naval traffic, manage the loading and unloading of the ships.
Such systems “may be vulnerable to cyber threats from various actors with malicious intent,” Wilshusen said.
Physical and logical security must be complementary in the ports such as in any other critical infrastructure,
“Just as we have hardened physical security, we need to do the same in the virtual space for systems critical to the marine transportation system to protect against malicious actors,” Miller said.
“Reported incidents highlight the impact that cyber attacks could have on the maritime environment, and researchers have identified security vulnerabilities in systems aboard cargo vessels, such as global positioning systems for viewing digital nautical charts,” Wilshusen said.
(Security Affairs – US ports , cyber security)