Human security

Survey: US ports and terminals see rise in cybersecurity attacks

Jones Walker LLP today released the findings of its Ports and Terminals Cybersecurity Survey 2022examining cybersecurity preparedness at US-based ports and terminals.

The report outlining the results of the investigation is written by four of the firm’s attorneys and the findings will be presented by two of them, Jim Kearns and Andy Lee, at the Inland Rivers, Ports & Terminals (IRPT) conference in Tulsa, Okla.

Economic effects of the COVID-19 pandemic, war in Eastern Europe and other geopolitical events, supply chain disruptions, labor shortages, rising inflation and rapidly escalating energy prices have drawn attention to this key industry.

The 2022 survey results reflect responses from 125 senior executives at blue and brown water ports and terminals across the United States and confirm that cybersecurity is a growing concern for port and port owners and operators. maritime terminals.

This investigation is the national law firm’s third on the topic of cybersecurity for infrastructure-related industries. In 2018, the firm’s first investigation focused on the largest marine industry. The second survey, in 2020, focused on the oil and gas midstreamanother critical infrastructure industry.

Main conclusions of the Jones Walker Ports and Terminals Cybersecurity Survey, to understand:

  • Trust is high in a threat-rich environment. Although 90% of port and terminal respondents said they were ready, 74% of respondents indicated that their systems or data had been the target of an attempted or successful breach in the past year.
  • Have a clear view of potential threats. The fear of ransomware seems to exceed the actual events of ransomware. Although 45% of respondents cited ransomware as the biggest perceived threat, only 20% of respondents whose organizations had suffered a cyberattack cited ransomware as the primary attack vector. For actual cyberattacks, survey participants primarily blamed solo hackers and organized crime groups as the primary threat actors facing the ports and terminals sector, with groups affiliated with nation states coming in third position.
  • Make a plan, test the plan, update the plan. Although 73% of respondents said they had a written incident response plan (IRP), only 21% indicated that their IRP had been updated in the past year. Similarly, 50% of respondents said their facility performed IRP tabletop exercises irregularly or not at all.
  • People and communication are key. When asked about the frequency of cybersecurity training, the annual industry standard was only met by 57% of blue water respondents and only 25% of brown water respondents.

At its core, cybersecurity is a human challenge, and leaders in this sector have a strong commitment to protecting this critical piece of our nation’s maritime transportation infrastructure. Law enforcement and other government agencies, industry associations, and other public and private entities offer tools, many of which are free or low-cost, to guard against, prepare for, and recover from cyberattacks, whatever the source.

The Ports and Terminals Cybersecurity Survey 2022 is available for download from the Jones Walker website.

Here are some analyzes and comments from the authors of Jones Walker:

Andy Leepartner and leader of the Privacy and Data Security team at Jones Walker: “The need for cybersecurity in the country’s ports and marine terminals is more pressing than ever. This industry is critical to the economic health of the country and is a target attractive to threat actors seeking to disrupt critical infrastructure.”

Ford Waganpartner of Jones Walker Marine practice group“What is most surprising is that although 90% of respondents say they are ready to deal with cybersecurity threats in 2022, this year’s survey revealed a significant increase from 2018 in terms of reported cyberattacks among maritime industry players – from 43% in 2018 to 74% in 2022.”

Jim Kearnsspecial counsel at Jones Walker Marine practice group“It is concerning to learn that 27%, or more than a quarter, of all blue water and brown water facilities said they do not yet address cybersecurity in their facility security plans. For ports and terminals to be cyber secure – and not just “cyber-aware” – it is essential that they have up-to-date plans, train their staff and communicate effectively both internally and with others in their sector.

lsa lutherpartner at Jones Walker’s Marine practice group“A lot of resources and attention are focused on ransomware as one of the top cyberthreats. However, we found that only 20% of respondents whose organizations had suffered a cyberattack said that ransomware was the main vector of attack.”