In 2017, there were 50 significant OT hacks reported, increasing to 120 in 2018 and more than 310 last year, said Robert Rizika, Naval Dome’s Boston-based Head of North American Operations, during an online forum last week.
He added this year is looking like it will end with more than 500 major cyber security breaches, with substantially more going unreported.
Following the NotPetya virus that resulted in a US$300 million loss for Maersk in 2017 and the cyber attacks in Barcelona and San Diego ports, as well as the attack against Australian shipbuilder Austal in 2018, this year, a US-based gas pipeline operator and shipping company MSC have been hit by malware.
In addition, a US-based cargo facility’s operating systems were infected with the Ryuk ransomware, and last month the OT systems at Iran’s Shahid Rajee port were hacked, restricting all infrastructure movements, creating a massive back log.
A report published by Lloyd’s of London indicated that, if 15 Asian ports were hacked, financial losses would be more than US$110 billion, a significant amount of which would not be recovered through insurance policies, as OT system hacks are not covered.
Going on to explain which parts of the OT system – the network connecting RTGs, STS cranes, traffic control and vessel berthing systems, cargo handling and safety and security systems, etc., – are under threat, Rizika said all of them.
Unlike the IT infrastructure, there is no “dashboard” for the OT network allowing operators to see the health of all connected systems. Operators rarely know if an attack has taken place, invariably writing up any anomaly as a system error, system failure, or requiring restart. They don’t know how to describe something unfamiliar to them. Systems are being attacked but they are not logged as such and, subsequently, the IT network gets infected,
What is interesting, he added, is that many operators believe they have this protected with traditional cyber security, but the fire walls and software protecting the IT side, do not protect individual systems on the OT network.
An example would be the installation of an antivirus system on ECDIS or, alternatively, a positioning system in a floating rig DP (Dynamic Positioning), or on one of the dock cranes on the pier side of the port.
The antivirus system would very quickly turn out to be non-essential, impairing and inhibiting system performance. Antivirus systems are simply irrelevant in places where the attacker is anonymous and discreet. Operational networks, in contrast to information networks, are measured by their performance level. Their operation cannot be disconnected and stopped. An emergency state in these systems can usually only be identified following a strike and they will be irreparable and irreversible,
Where OT networks are thought to be protected, Rizika said they are often inadequate and based on industrial computerised system, operating in a permanent state of disconnection from the network or, alternatively, connected to port systems and the equipment manufacturer’s offices overseas via RF radio communication (wi-fi) or a cellular network (via SIM).
Hackers can access the cranes, they can access the storage systems, they can penetrate the core operational systems either through cellular connections, wi-fi, and USB sticks. They can penetrate these systems directly.
Naval Dome also predicts that cyber criminals, terrorists and rogue states will at some point begin holding the environment to ransom.
One area we see becoming a major issue is cyber-induced environmental pollution. Think about it: you have all these ships in ports, hackers can easily over-ride systems and valves to initiate leaks and dump hazardous materials, ballast water, fuel oil, etc.,
Advising on the first steps port operators need to take to protect their OT systems, he said a deep understanding of the differences between the two spaces is vital.
There is a disconnect between IT and OT security. There is no real segregation between the networks. People can come in on the OT side and penetrate the IT side. We are actually seeing this now. Successful IT network hacks have their origins in initial penetration of the OT system.