The US Coast Guard (USCG) is currently in the process of developing cyber strategy standards for port vulnerability assessments, which will begin to be implemented in summer 2016.
Cyber security is a hot topic for most industries, not least the maritime domain where at present there is little to no regulation on how to prevent attacks.
Most of the USCG strategy will be voluntary recommendations however when it comes to bulk liquid terminals they will be requirements as these are high risk assets, according to RADM Paul Thomas, assistant commandant for prevention policy at the USCG, speaking at the International Port Security Conference in London.
Full article can be read here
With ports being land-based they are much easier for hackers to attack. More connected than vessels, with the ability to be close to the target physically all raise the risks for the ports/authorities. This has already been proven by attacks carried out by drug traffickers on the Port of Antwerp over a 2 year period, only finally being discovered in 2013 .
This allowed them to control movement of containers within the port, having physically placed devices/hidden computers inside the offices of various shipping companies.
Many shipping companies and vessels still carry and utilize Windows XP/2003 servers for legacy systems and ECDIS, which both are out of support from Microsoft for some time with no new security patches being provided and many publicly known vulnerabilities being available to exploit and access these systems.
The final point is also true that many Cyber threats come from inside an organization due to lack of understanding or training on the Cyber Security topic.
Cyber Security should be placed on the agenda at a board level in all companies, those in charge educated on their risks and providing training from the top down to address these.