Enterprise Mobility & the Connected Worker Blog

Can Smart Ports Outwit Threats of Cyberattack?

by Emily Gove 1/9/2023

2023 will bring more cybersecurity threats
Global logistics have had a tumultuous three years, facing threats of disease and supply chain slowdown on a worldwide scale. As travel restrictions and inventory backups attenuate, cybersecurity threats will persist for ports and infrastructure into 2023. Cyberattacks are already occurring: a cyberattack on the port of Lisbon on Christmas day 2022 threatened the release of confidential information if a ransom of $1.5 million was not paid by January 18. While operations were able to continue, the port’s website was down into the new year, and financial and operational resources have been diverted to address the issue. Lisbon, the third largest port in Portugal, is a significant target, and the attack is likely the first of many on ports this year.

2023 will be a year of investment in cybersecurity measures throughout the logistics industry, especially for points of high vulnerability like ocean ports. As nexus points that manage thousands of tons of cargo daily, and connect a network of diverse actors, port shutdowns can halt economic activity in a region and cause damage to both public and private organizations in its network. Cyberattacks on ports can compromise sensitive information and cause millions of dollars in losses for each day that operations are down. The Port of Los Angeles, the largest port in the US by volume, reports identifying 40 million cyberattacks monthly, a number that has doubled since before the pandemic.

New innovations promise to enhance port operations and security
Logistics leaders are harnessing new technologies in the realms of automation, IoT, and connectivity to improve operational capacity and protect ports from cyber threats. Traditionally, ocean ports have relied on fiber optic cabling, paired with 3G and 4G networks and Wi-Fi. Newer technologies like private networks and 5G connectivity, which ports like Livorno (Italy) have adopted, offer improvements to speed, performance, and security. 5G connectivity, by facilitating real-time communication between port staff, can reduce the movements needed during the cargo handling process, leading to operational improvements, lower machine costs, and lower fuel consumption. In the case of remote-controlled 5G cranes, both crane movements and employee operations become more efficient: sensing capabilities prevent collisions with other smart vehicles, and employees are able to operate multiple devices from a distance, rather than being physically tied to a single vehicle. 5G and private wireless networks also have better cybersecurity measures, with higher standards of encryption, user privacy, and authentication.

Ports like China’s Tianjin, which features 5G connectivity, smart vehicles, and an integrated satellite navigation system, can save hundreds of work hours through the combination of smart technology and connectivity. Tianjin is a key link for China’s Belt and Road Initiative (BRI), ranking eighth in the world for its container throughput volume. Tianjin’s successes through technological advancement are a likely harbinger of future 5G implementations throughout the APAC region.

Security challenges may take new forms with technological advancement
Connectivity and automation will bring needed improvements to port operations, with the added benefits of improved worker safety and lower emissions. However, IoT migration may bring vulnerabilities to port networks, and add endpoints that malicious actors will be eager to exploit.

Despite advancements in port technology, outdated systems used by other actors within a port’s network remain a threat to cybersecurity. The maritime industry is known for lagging behind in technology, and ships, exporters, and importers operating on outdated systems will offer entry points for malware, which can then infect port systems. Consider the 2019 malware attack on a US vessel, which took advantage of crewmembers sharing a single login and having limited antivirus software installed on the ship’s computers: had the malware not been identified at sea, it may have shut down operations at the Port of New York, the busiest port in the US. With limited budgets, port and ship operators alike must make difficult decisions between upgrading technology and educating the workforce about cybersecurity – without which many security advancements may be ineffective.

Advanced technology can also make ports a more appealing target for cyberattacks. Navigation systems used by smart ports and vessels are high-profile targets, and can compromise the satellites on which operations rely. The bidirectional nature of IoT also means that malware entering through one endpoint can quickly affect an entire network. Finally, human and social factors remain a threat with new technology, as workers will become more reliant on new devices and systems, and may (knowingly or unknowingly) share key information or allow access to port systems.

Ripple effects of a port cyberattack
Denial-of-Service (DoS) attacks are common cyberattacks that can shut down port systems and networks, preventing cargo from moving through the port. As seen in throughout 2020 supply chain delays, and in the 2021 Suez Canal incident, a disruption to any part of the supply chain will have far-ranging ripple effects. Each day that a port is inoperable, vessel wait times will increase at both the affected port and those next on vessel itineraries. Perishable goods waiting to be unloaded will age and spoil, disrupting coastal and inland food systems and creating shortages, followed by gluts when shippers are able to dray cargo once more. If the supply disruption is broad, market pricing of key goods will begin to spike.

If a port is inoperable, incoming vessels may opt to skip the port and offload cargo elsewhere, further delaying arrivals and initiating myriad documentation issues for shippers. Manifests and customs processes for vessels scheduled to arrive will be either hindered or halted, prohibiting filings and inspections processing when the goods arrive.

With port systems frozen, container monitoring systems will not function, and any refrigerated cargo will suffer the consequences. Communications with docking vessels will fail, creating ever-growing queues waiting to dock. Smart cranes and vehicles, lauded as assets when port networks are functional, will render the port immobile.

It is estimated that the maritime sector is responsible for 90% of global goods transportation, and that the maritime transportation system accounts for 25% of the US GDP. With such high volumes of goods and income at stake, it is essential that ports advance both technology and security protocols simultaneously.

VDC’s 2023 Modern Logistics Report will examine the evolution of smart ports with new mobile solutions and network infrastructure.