HLSS645Wk7

May 4, 2022

Port of Vancouver USA Launches Cyber Security Information Sharing Group for Lower Columbia River According to the United States Coast Guard, there were over 500 major operational cyber-attacks that occurred in

the marine industry in 2020, directly affecting the 25,000 miles of navigable channels in the U.S. Recognizing the

severity of the issue and that cargo activities at U.S. seaports account for 26 percent of the U.S. economy, the

Maritime Transportation System Information Sharing and Analysis Center (MTS-ISAC) was formed to combat the

rising threat from these bad actors.

According to the Pacific Northwest Waterways Association (PNWA), the Columbia Snake River System is

responsible for transporting more than 50 million tons of cargo, annually. To address the cybersecurity issue

among ports located along the Lower Columbia River, the Port of Vancouver USA and the MTS-ISAC have

successfully launched the Lower Columbia River Maritime Information Exchange (LCR-MIX).

The primary mission of the LCR-MIX is to enhance communication and collaboration on cyber threat activity

among regional stakeholders and to provide early situational awareness and best practice adoption to prevent

incidents.

“So often the partners and stakeholders within the Lower Columbia River are using the same vendors, service

providers and often are working with the same business contacts,” said Chris Carter, Information Security Analyst

for the Port of Vancouver USA. “A compromise can have cascading consequences and put the entire supply chain

at risk. By partnering with the MTS-ISAC, LCR-MIX members are actively consuming and producing actionable

cyber threat intelligence, sourced locally and from other MTS stakeholders from around the globe.”

“The MTS-ISAC provides us with actionable intelligence in a timely manner. Their focus on privacy encourages the

open exchange of information and the regional scope of the LCR-MIX means that the information is relevant in

our daily operations,” added Christopher Hunt, IT Director, Port of Grays Harbor.

“We are thrilled to be working with the LCR-MIX. Often, our peers think public information sharing is complicated

but it doesn’t have to be,” said Christy Coffey, VP of Operations for the MTS-ISAC. “Under thoughtful leadership

provided by Port of Vancouver USA, this sixth Information Exchange has rapidly come together and is already

increasing early situational awareness amongst its members and making our entire MTS-ISAC community

stronger. We are grateful for this partnership.”

The MTS-ISAC, a nonprofit formed in February 2020, has seen rapid adoption of its Cybersecurity Information

Sharing Services. The LCR-MIX is the sixth cybersecurity Information Exchange of eight to launch since the

inception of this program in early 2021.

More Maritime Cyber Threats

Another new threat vector within the Maritime Cyber realm is an attack method known as “Typosquatting) which is being used against U.S. ports.

Johnson (2022) wrote:

Typosquatting targets people who, as the name indicates, make a mistake when typing a URL into a web browser. Users may then be directed to

a malicious website that incorporates the common misspelling into its URL yet presents itself as a legitimate website. Once at the fake website,

the user may be fooled into revealing sensitive information. (Johnson, 2022)

The U.S. Coast Guard publicly issued US Coast Guard Cyber Command Maritime Cyber Alert 01-22 on March 25, 2022, to address this. The alert

summary stated:

The U.S. Coast Guard has observed a recent uptick in malicious actors using spoofed business websites to target the Marine Transportation

System (MTS). Multiple MTS partners have discovered well-constructed, fake websites masquerading as their legitimate business websites.

These sites are created presumably to steal information from or install malware on customers’ devices interacting with the sites. These spoofed

websites are not designed to impact the maritime organization directly but resemble watering-hole-style attacks where the intended targets are

individuals and entities visiting the site. The spoofed websites are professional in appearance and quite sophisticated, some of which are

presented as .com domains. This level of detail can make it di�cult to discern an accurate site from a fraudulent one. (USCG, 2022)

Later, in 2022, MarineLink, perhaps the Maritime industry most read publication, reported in an October 5th, 2002 article that based on a study by the

law �rm Jones Walker LLP, which surveyed 125 senior executives of of blue- and brown-water ports and maritime terminals across the United States

found cyber incidents are on the increase (Marinelink, 2022).

“What’s most surprising is that, despite 90% of respondents reporting they’re prepared to withstand cybersecurity threats in 2022, this year’s survey

uncovered a signi�cant increase from 2018 in terms of reported cyber-attacks amongst maritime industry stakeholders — from 43% in 2018 to 74% in

2022,” said Ford Wogan, a partner in Jones Walker’s Maritime Practice Group (MarineLink, 2022).

Fear of ransomware appears to be outpacing actual ransomware events. Although 45% of survey respondents named ransomware the biggest

perceived threat, only 20% of respondents whose organizations had been victimized by a cyber attack cited ransomware as the primary attack

vector. For actual cyber attacks, survey participants blamed solo hackers and organized criminal groups as the top threat actors facing the ports

and terminals sector, with nation-state a�liated groups as a close third. (MarineLink, 2022)

This increase is troubling…..what will 2023 look like?

To summarize this week's lesson, please consider viewing this video  on maritime cyber security: The cyber systems within a port are well known.

Are we collectively doing enough to protect them?

COPYRIGHT 2023 APUS, ALL RIGHTS RESERVED

Introduction: Maritime Cyber Security

In March 2015, the Department of Homeland Security Center of Excellence at Rutgers University joined American Military University to host the �rst-

ever Maritime Cyber Symposium. This event underscored the issue of cyber and the Maritime Transportation System (MTS). It was one of the most

under-served areas of academic endeavor in port security and cyber security studies. This event kicked o� a wave of research, analysis, new courses at

the undergraduate and graduate levels, and a signi�cant focus on a threat vector that had not been received.

USCG Vice Admiral Chuck Michel. (Photo credit: BiddlePR)

Since the MTS operates and is tied together by the "Internet of things," the role that cyber systems connected to port infrastructure cannot be

understated; think about it. Cyber systems facilitate the movement of maritime shipping containers to waiting trucks or rail cars. Computers run the

cranes that make this happen. Onboard ships, from engineering plants to radio systems, have cyber interfaces. Within port valves, containment

systems, and monitoring capabilities are run on the background of cyber systems.

In 2013, University of Texas (UT) Professor Todd Humphreys and a team of graduate students remotely took control of a vessel by spoo�ng its GPS.

Noted a UT Press release, the group "spoofed" an $80 million private yacht using the world's �rst openly acknowledged GPS spoo�ng device.

Spoo�ng is a technique that creates false civil GPS signals to gain control of a vessel's GPS receivers. The experiment aimed to measure the di�culty of

carrying out a spoo�ng attack at sea and determine how easily sensors in the ship's command room could identify the threat" (Zumalt, 2013).

However, the gaps in maritime cyber security are not con�ned just to ships and luxury vessels. In 2014, hackers shut down a �oating oil rig by tilting it;

another rig was so overwhelmed with malware that it took cyber support personnel 19 days to make it seaworthy again. This is just the tip of the

iceberg!

In the modern era, ships depend on electronic charting systems and positioning so�ware programs that help to ensure safe passage from e-navigation

and integrated automatic identi�cation systems (AIS) to supplement marine radar. They are all controlled by cyber systems. Think of the e�ect of a

"denial of service attack."

In 2015, Peter Armstrong wrote in Willis Tower Watson Wire, "Because the present systems were designed for the needs of the 20th century rather

than the threats of the 21st century, maritime companies are vulnerable to attacks. Global maritime logistics is highly integrated, so it is possible to

become a victim without being the target: any assumptions of low-probability risk will always be �awed because of this high level of integration and

the wide reliance on transitory labour that raises the probability of insider threats."

Besides, the ships' critical infrastructure within a port is vulnerable to cyber-attacks. The principal vulnerabilities are Industrial Control Systems (ICS)

and Supervisory Control and Data Acquisition (SCADA) networks. Combined, these systems control industrial processes, from operating a valve to

mixing chemicals. The Heritage Foundation's Riley Walters (2015) noted, "Cyber attacks on port systems can have various negative e�ects."

The economic losses from port delays or closures can vary in severity. One port’s failure negatively a�ects all connecting regional ports. In 2002, the

11-day closure of 29 ports on the West Coast cost an estimated $11 billion. Northeast ports lost an estimated $50 billion—$1 billion in cargo delays

alone—because of Hurricane Sandy in 2012. This is what a port could su�er during a signi�cant cyber attack.... these incidents should not be

considered a strategic surprise.

COPYRIGHT 2023 APUS, ALL RIGHTS RESERVED

Mar 10, 2021

CYBERSECURITY IN THE MARITIME SECTOR & THE NATIONAL MARITIME CYBERSECURITY PLAN Recent incidents – as far back as NotPetya in 2017 The Untold Story of NotPetya, the Most Devastating

Cyberattack in History | WIRED – clearly indicate that cyber incidents/attacks can have devastating impact on

commerce, the businesses involved in that commerce and the maritime community. More recent events, like Solar

Winds and MS Exchange Server, point to increased and more widespread cyber impacts to governments,

business, commerce, and potentially national infrastructure stakeholders. However, the maritime transportation

system has historically not looked at cyber as a critical element in overall security. Rather, cyber has been treated

as a support function – information technology - and not a critical element of security and a key facilitator of

modern maritime business operations. I believe that this is a result of the focus placed upon physical security

regulation – rightfully – after the attacks of September 11, 2001.

The Maritime Transportation Security Act (MTSA) of 2002 Maritime Transportation Security Act of 2002 - Wikipedia

was enacted following the attacks. MTSA is the implementation of a broader international security standard, the

International Ship and Port Facility Security Code (ISPS). Both are focused predominantly on physical security

measures and requirements. Both ISPS and MTSA changed the security culture in the maritime community and

MTSA, specifically, focuses upon preventing transportation security incidents (TSIs) and balancing security and the

free flow of commerce. One of the key elements of MTSA and the attendant CFR 33 101-107 – and overlooked in

our estimation – is the language in that regulation that could and should be used to ensure cybersecurity:

CFR 33 101.105 Infrastructure means facilities, structures, systems, assets, or services so vital to the port and its

economy that their disruption, incapacity, or destruction would have a debilitating impact on defense, security,

the environment, long-term economic prosperity, public health, or safety of the port.

The recent National Maritime Cybersecurity Plan Homeland Security Digital Library (hsdl.org) makes the right

connection between the physical and cyber security elements of our nation’s maritime critical infrastructure and in

Priority Action 4 covering Risks and Standards, “…develop procedures to identify, prioritize, mitigate, and

investigate cybersecurity risks in critical ship and port systems.” Understanding risk, and specifically your risk, is

important as cyber and physical elements of security have the potential to significantly impact your maritime

business. Being a part of the Maritime Transportation System Information Security and Analysis Center (MTS-ISAC)

is a great step to help you begin to understand your risk. The MTS-ISAC promotes and facilitates maritime

cybersecurity information exchange, awareness, training, and collaboration between private and public sector

stakeholders…to effectively improve cyber risk management across the MTS community through effective

information exchange for the improved identification, protection, detection, response, and recovery efforts

related to cyber risks.

References

Armstrong, P. (2015). Smart” ships vulnerable to cyber attacks. Willis Towers Watson Wire. http://blog.willis.com/2015/09/smart-ships-vulnerable-

to-cyber-attacks/

DiRenzo, J., Roberts, F., & Drumhiller, N. (2017). Issues in maritime cyber security. Westphalia. ISBN-13: 978-1633915558

Gronholt-Pedersen, J. (2017, June 27). Maersk says global IT breakdown caused by cyber attack. https://www.reuters.com/article/us-cyber-attack-

maersk/maersk-says-global-it-breakdown-caused-by-cyber-attack-idUSKBN19I1NO

International Maritime Organization. (2021). Cyber Security Guidelines (V.4) https://imo-2021.com/imo2021/f/cyber-security-guidelines-v4

Johnson, B. (2022, Nov 11). Coast Guard Warns of Malicious Typosquatting Directed at Port Facility Websites. Homeland Security Today.

https://www.hstoday.us/featured/coast-guard-warns-of-malicious-typosquatting-directed-at-port-facility-websites/

MarineLink. (2022, Oct 5). Cyber Attacks On the Rise at US Ports and Terminals. MarineLink. https://www.marinelink.com/news/cyber-attacks-rise-

us-ports-terminals-499964

PortStrategy (2020, Sept) DATA BREACH DURING CMA CGM CYBER ATTACK. https://www.portstrategy.com/news101/port-operations/safety-and-

security/data-breach-during-cma-cgm-cyber-attack

Rouser, B. & Danos, A. (2016, March 9). Keeping cargo moving: Maritime cyber security. Security Industrial

Association. https://www.youtube.com/watch?v=2naiQd-U_kM.

Safety at Sea & BIMCO. (2020, Oct 27). Safety at Sea and BIMCO cyber security white paper 2020. https://safetyatsea.net/news/2020/are-you-

cyber-prepared-new-cyber-security-white-paper-out-now/

United States Coast Guard. (2021, August). Cyber Strategic Outlook. https://www.uscg.mil/Portals/0/Images/cyber/2021-Cyber-Strategic-

Outlook.pdf

United States Coast Guard. (2022, March). US Coast Guard Cyber Command Maritime Cyber Alert 01-22.

https://www.dco.uscg.mil/Portals/9/Maritime%20Cyber%20Alert%2001-22%20TLP%20WHITE.pdf

Walters, R. (2015, Feb). The U.S. needs to secure maritime ports by securing network ports. Heritage Foundation Issue Paper.

http://www.heritage.org/research/reports/2015/02/the-us-needs-to-secure-maritime-ports-by-securing-network-port

Zumalt, E. (2013, July). Spoo�ng a superyacht at sea. https://news.utexas.edu/2013/07/30/spoo�ng-a-superyacht-at-sea

APUS does not maintain or control third-party websites and is not responsible for the accuracy or accessibility of their content.

COPYRIGHT 2023 APUS, ALL RIGHTS RESERVED