If you would want to take down an entire country, what would you do? Would you use physical weapons or utilize cyber resources? What or who would be your first target?
If I were a malicious state actor looking to start or escalate a war beyond the borders of my own country, I wouldn't bother with bombs or missiles. Instead, I wouldbring down the main container ports of the countries that I wanted to attack.
Why? Because the consequences of a port not being operational are massive.
Why do ports and terminals need OT cybersecurity?
Ports are by definition extremely complex organizations with countless systems that need to be interconnected both internally and externally. Every piece of software, every device, and every connection must be secure. Their security means the difference between business as usual and operational downtime – and not just for the port, but for the dozens or hundreds of companies whose logistics depend on the seamless flow of cargo through the port’s terminal.
Well-known cases of lacking OT cybersecurity
One of the hard lessons that we've been reminded of over the last two yearsis that when the ports’ operations stop, everything stops. Our just-in-time logistics are so finely optimized that there is very little tolerance for delays or downtime, even when they are caused by random accidents. Think of the disruption caused by the six-day-longblockage of the Suez Canal bycontainer ship Ever Given in 2021.
Now imagine: What would the situation look like if someone intentionally attacked and stopped port operations?
But cyberattacks on ports and terminals aren’t a new attack route. In the past, these incidents typically targeted operational technology systems, disrupting logistics flows and leading to significant financial losses.
The most well-known cyberattack of this kind is the catastrophic NotPetya malware attack that wiped out the entire IT infrastructure of – among many others – shipping giant Maersk in 2017. What is particularly notable is that, according to security researchers, this was not a ransomware attack specifically against Maersk, but a state-level cyber warfare action originally launched by Russia and targeted at Ukrainian companies. The attack was able to bring down Maersk's entire IT system, starting from a single computer in its network running a compromised piece of software.
The important learnings from this case are:
1. You don't need to be the actual target of a cyberattack to be hurt by it.
2. A single entry point is all a malicious actor needs to start a serious attack that could potentially destroy a company.
There have been other, less widely publicized cases, and there will be more, unfortunately.
Keep in mind that nobody wants to talk publicly about their company being a victim of a cyberattack. So what we as the public end up seeing in the news is only the tip of the iceberg.
Critical infrastructure organizations need both, IT and OT cybersecurity
In terms of IT security, ports and terminals are also extremely vulnerable. Terminal operators need a vast range of connections – not just to the machinery they operate and maintain, but also to their suppliers and partners. Then, the challenge lies in how to approach IT (and OT) cybersecurity holistically, as the operators need to use and access multiple complex systems.
My worry is this: Despite the hundreds of millions of euros in losses caused by the 2017 Maersk incident, we haven't yet seen a real cybersecurity wake-up call for ports and terminals. My hope is that the future wake-up-call case won’t be your company.
Secure your IT and OT systems alike with PrivX OT
We at SSH understand that ports, critical infrastructure, and other OT businesses need more than just physical safety and basic access security. That’s why we developed PrivX OT Edition, a secure access management solution integrated with IT/OT systems, providing secure access to modern and legacy OT targets in hybrid environments.
PrivX can help you manage your on- and off-site OT secure remote access to any ICS/OT target at scale.The solution can also help you go beyond mere VPNs and firewalls, as it supports granular, least-privilege, and just-enough-access (JEA) models that are not available in VPNs/firewalls, which grant too broad access to industrial targets.
Antti Kaunonen (b. 1959) has over 40 years of international experience in global industrial businesses. Throughout his career, he has been heavily involved with automation and intelligent machines, most recently at Cargotec Oyj, from which he retired in 2022 after leading the company's Kalmar business area and its...
We at SSH secure communications between systems, automated applications, and people. We strive to build future-proof and safe communications for businesses and organizations to grow safely in the digital world.