US Ports are still vulnerable to cyber attacks that release dangerous chemicals, cybersecurity in the maritime industry is crucial for Homeland security.

Critical infrastructure across the world are vulnerable to cyber attacks, this is not novelty, but it is interesting to explore how many infrastructure is open to hacking assaults.

US ports are also vulnerable to cyber attacks that could “allow the release of harmful and dangerous chemicals” in urban areas, the alert was raised by a Michigan congressman on Thursday.

The Rep. Candice Miller, R-Mich explained that a cyber attack against a US port could cause serious damage to populated areas thanks to security gaps left unfixed by the Department of Homeland Security.

According to the congressman, the security issues were reported more than a year ago by the Government Accountability Office, but the DHS hasn’t taken the necessary steps to fix them.

“The security gaps were pointed out more than a year ago by the Government Accountability Office, but DHS officials haven’t moved against them even though there have several digital attacks on U.S. port facilities in recent months” states The Daily Caller.

According to the GAO’s Information Security Issues Director Gregory C. Wilshusen, the prevention of cyber security breaches of ports is crucial because these infrastructures are near large metropolitan areas.

U.S. ports handle “more than $1.3 trillion in cargo each year,” Wilshusen said. “A major disruption in the maritime transportation system could have a significant impact on global shipping, international trade, and the global economy, as well as posing risks to public safety.”

The cyber security issued “are particularly concerning, not only from an economic standpoint, but because of the dangerous cargo such as liquefied natural gas and other certain dangerous cargoes that pass through the nation’s seaports,” said Rep. Candice Miller, R-Mich.

The experts warn about possible cyber attacks in the industrial control systems that are used to monitor commercial activities at the US ports.

“If a cyber breach were to occur that tampered with the industrial control systems that monitor these cargoes, it could potentially allow the release of harmful and dangerous chemicals,” Miller explained that during a hearing of the border and maritime security subcommittee of the House Homeland Security Committee. Miller is chairman of the panel.

“The Coast Guard, and DHS as a whole, have been slow to fully engage on cyber security efforts at the nation’s 360 seaports,” Miller said. “The Coast Guard has not yet conducted cyber risk assessments, though some individual ports have taken the initiative themselves.”

The threat to the US ports is not only theoretical, the congressman revealed that an unnamed foreign state-sponsored hackers are “suspected” of hacking multiple systems a commercial ship contracted by the U.S. Transportation Command.

Hackers and ports are not a new combination as confirmed by Miller, she added that “in Europe, drug smugglers attempted to hack into cargo tracking systems to rearrange the containers and hide their drugs.”

In 2013, an investigation of a cyber-attack on the Belgian port of Antwerp allowed law enforcement to discover that drug traffickers recruited hackers to hack IT systems that controlled the movement and location of containers.

“Police carried out a series of raids in Belgium and Holland earlier this year, seizing computer-hacking equipment as well as large quantities of cocaine and heroin, guns and a suitcase full of cash. Fifteen people are currently awaiting trial in the two countries. Mr Wainwright says the alleged plot demonstrates how the internet is being used as a “freelance marketplace” in which drug trafficking groups recruit hackers to help them carry out cyber-attacks “to order”.  “[The case] is an example of how organized crime is becoming more enterprising, especially online,” he says.

u1

The Europol official confirmed that organized crime groups were paying for hackers involved in criminal activities. The profitable collaboration started at least in 2011, Dutch-based trafficking group hid cocaine and heroin among legitimate cargoes, including timber and bananas shipped in containers from South America. The role of hackers based in Belgium was to infiltrate computer networks in at least two companies operating in the port of Antwerp to access secure data giving them the location and security details of containers.

Modern ports are high technological environments composed of complex systems that exchange a large amount of data. Computer systems are used to coordinate the activities, monitor the naval traffic, manage the loading and unloading of the ships.

Such systems “may be vulnerable to cyber threats from various actors with malicious intent,” Wilshusen said.

Physical and logical security must be complementary in the ports such as in any other critical infrastructure,

“Just as we have hardened physical security, we need to do the same in the virtual space for systems critical to the marine transportation system to protect against malicious actors,” Miller said.

“Reported incidents highlight the impact that cyber attacks could have on the maritime environment, and researchers have identified security vulnerabilities in systems aboard cargo vessels, such as global positioning systems for viewing digital nautical charts,” Wilshusen said.

Pierluigi Paganini