please follow directions or I will dispute
please answer original forum with a minimum of 250 words and respond to both students separately with a minimum of 100 words each
page 1 original forum with references
page 2 student Response with references
page 3 Student response with references
Consider all the threat vectors, and pick the one you believe threatens one (or all) of America’s top twenty ports…i.e. Los Angles, Houston etc. Address why you believe that this threat vector is most probable. Additionally, consider port critical infrastructure such as oil refineries and their vulnerabilities. Pick a specific type of infrastructure and discuss what threat vector that you believe is most significant within the maritime environment.
I believe that a cyber-attack is the threat vector that would cause significant damage to maritime, port and distribution operations and is the type of attack that would be the easiest to carry out and the one with the least amount of risk for the perpetrator. The perpetrator of such an attack can execute the attack from the relative safety of their home, with nothing more than a laptop and the skill to hack into maritime IT systems. The cyber assailant even need not hack a system but only have an unwitting participant execute the attack for them. Such was the case of the A.P. Moller-Maersk cyber-attack.
In June of 2017 an employee of the A. P. Moller – Maersk organization, who was located in the Ukraine, innocuously responded to an email which had far reaching repercussions for the global shipping magnate. Unbeknownst to the Ukrainian employee, the email that he opened contained the “Petya” ransomware which then began to spread throughout the networked computer systems of the Maersk network. The function of the Petya ransomware is to encrypt every computer hard drive that it infects. Once a system is infected, a ransom of $300 to be paid in the digital currency of Bitcoin is then demanded in return for decryption instructions (The Maritime Executive, 2017).
For Maersk, the world’s largest carrier of seaborne freight, which accounts for approximately 15% of worldwide maritime shipping container trade, the cyberattack was disastrous. Shipping container vessels of the Maersk line were rendered idle at sea and 76 port terminals around the globe ceased operations (The Editorial Team, 2018). The attack cost the shipping company an estimated $300 million in lost revenue.
The cyber threat isn’t just contained to port operations but includes the myriad other components of the entire maritime shipping industry. For example, a large generic maritime shipping organization may have 150 offices spread out across the globe, of which, the company may own half and have control over the IT network of those offices. The other half of the offices are operated and facilitated by local agents that control their own network and may not be as vigilant in preventing cyberattacks.
The cyber threat does not end once the containers have been off-loaded and are being transported from the port terminus to their final destination. The shipping and overland transit information for a container passes through anywhere from 10 to 50 different systems, each one being controlled by a different entity. These include custom offices, transport companies to include truck, rail, air, and financial institutions. These organizations do not share a common IT structure or operating conventions or have agreed upon cybersecurity protocols and are therefore vulnerable to compromise (Larsen, 2015).
So to me, a cyber-attack can be aimed at any portion of the maritime shipping operation and is not only contained to the ships or the ports. These attacks can be carried out anonymously and have disastrous results where the fall-out will be felt all the way down to the end consumer.
Larsen, J. (2015). Challenges in maritime cyber-resilience. Technology Innovation Management
Review, 5(4): 35-39. http://doi.org/10.22215/timreview/889
The Editorial Team. (2018). Maersk line: Surviving from a cyberattack. Saftey4Sea. Retrieved from: https://safety4sea.com/cm-maersk-line-surviving-from-a-cyber-attack
The Maritime Executive. (2017). Maersk’s cargo operations hit hard by cyberattack. The Maritime Executive. Retrieved from: https://maritime-executive.com/article/maersks- cargo-operations-hit-hard-by-cyberattack
Cyber-attacks would definitely be my top threat in 2021 for most Critical Infrastructure (CI), but specifically facilities such as oil refineries or other facilities that produce gas. “Similar to other critical infrastructures, the nation’s ports face an evolving array of cyber-based threats” (GAO, 2014). Part of the reason I feel this way is because I don’t feel that most privately run CI is fully prepared to deal with cyber threats. One example I have talked about was the Tampa water facility attack, where hackers gained access to the water and actually tampered with it (Walser, 2021). When most people think about hackers or cyber-attacks, they think of identity theft or credit card fraud, however, cyber-attacks have advanced to dangerous levels recently.
Sutxnet was a first of a kind malware attack on an Iranian nuclear facility, where the malware was able to destroy the centrifuges by causing them to speed up while showing all data as normal (Lindsay, 2013). There have been several other viruses that have some of the same components as Stuxnet, but with slightly different goals (Bencsáth et al., 2012). Guass, Duqu and Flame were all similar types, but did not cause real-world destruction because that was not their goal, however, they demonstrate that more of these malware that are similar to Stuxnet exist and are being developed (Bencsáth et al., 2012).
The attack at the oil refinery in the Middle East, used malware that was able to take control of the facility and experts think it had a goal to cause an explosion at that facility, which it nearly did (Whittaker, 2019). “In the case of the August 2017 attack in which Triton was deployed, the Saudi facility would have been destroyed had it not been for a bug in the code” (Whittaker, 2019). If the U.S. CI facilities such as oil refineries are not fully prepared to deal with cyber threats, how long will it be before an attack like one of these happens here? How long before a piece of malware is uploaded to a vulnerable CI facility that produces fuel, such as propane and causes an explosion?
If the Tampa water facility was using outdated Windows, and weak passwords, what other facilities are vulnerable to cyber threats? In the Tampa case, a hacker manually increased a chemical in the water and that increase was noticed by a worker (Walser, 2021). In Stuxnet at the Iranian nuclear facility, the virus mimicked the correct readings for the centrifuges, this way scientist could not notice anything wrong and it took them a long time to figure out why the centrifuges were being destroyed (Lindsay, 2013). If that same type of malware was uploaded to a water facility, the workers would not been able to see there was any problems with the water, it would look completely normal. How long would it have taken them to figure why people were dying or getting sick?
“GAO concluded that until DHS and other stakeholders take additional steps to address cybersecurity in the maritime environment—particularly by conducting a comprehensive risk assessment that includes cyber threats, vulnerabilities, and potential impacts—their efforts to help secure the maritime environment may be hindered” (GAO, 2014).
Bencsáth, B., Pék, G., Buttyán, L., & Félegyházi, M. (2012). The Cousins of Stuxnet: Duqu, Flame, and Gauss. Future Internet, 4(4), 971–1003. https://doi.org/10.3390/fi4040971
GAO. (2014). Maritime Critical Infrastructure Protection: DHS Needs to Enhance Efforts to Address Port Cybersecurity. https://www.gao.gov/products/gao-16-116t.
Lindsay, J. (2013). Stuxnet and the Limits of Cyber Warfare. Security Studies, 22(3), 365–404. https://doi.org/10.1080/09636412.2013.816122
Walser, A. (2021, February 10). FBI: Water system hack likely caused by remote access program, old software and poor password security. WFTS. https://www.abcactionnews.com/news/local-news/i-team-investigates/fbi-water-system-hack-likely-caused-by-remote-access-program-old-software-and-poor-password-security.
Whittaker, Z. (2019, April 10). The hacker group behind the Triton malware strikes again. TechCrunch. https://techcrunch.com/2019/04/09/triton-malware-strike/?ncid=txtlnkusaolp00000616.