Cyber attack attempts are becoming more common at U.S. ports and terminals, according to findings published this week by law firm Jones Walker LLP.
The firm publicly released the findings of its 2022 Ports and Terminals Cybersecurity Survey, examining cybersecurity preparedness in U.S.-based ports and terminals. The report outlining the results of the survey is authored by four of the firm’s attorneys and the findings was presented by two of them, Jim Kearns and Andy Lee, during the Inland Rivers, Ports & Terminals (IRPT) conference in Tulsa, Oklahoma.
The results of the 2022 survey reflect the responses of 125 senior executives of blue- and brown-water ports and maritime terminals across the United States and confirm that cybersecurity is a growing concern for owners and operators of ports and maritime terminals.
“What’s most surprising is that, despite 90% of respondents reporting they’re prepared to withstand cybersecurity threats in 2022, this year’s survey uncovered a significant increase from 2018 in terms of reported cyber-attacks amongst maritime industry stakeholders — from 43% in 2018 to 74% in 2022,” said Ford Wogan, partner in Jones Walker’s Maritime Practice Group.
Fear of ransomware appears to be outpacing actual ransomware events. Although 45% of survey respondents named ransomware as the biggest perceived threat, only 20% of respondents whose organizations had been victimized by a cyber attack cited ransomware as the primary attack vector. For actual cyber attacks, survey participants primarily directed blame at solo hackers and organized criminal groups as the top threat actors facing the ports and terminals sector, with nation-state affiliated groups as a close third.
Although 73% of respondents reported having a written Incident Response Plan (IRP), only 21% noted that their IRP had been updated within the past year. Similarly, 50% of respondents said that their facility conducted IRP tabletop exercises irregularly or not at all.
hen asked about the frequency of cybersecurity training, the annual industry standard was met by only 57% of the blue-water respondents, and by only 25% of the brown-water respondents.
Jim Kearns, special counsel in Jones Walker’s Maritime Practice Group, “It is concerning to learn that 27%, or more than one-fourth, of all blue-water and brown-water facilities reported that they do not yet address cybersecurity in their facility security plans. For ports and terminals to be cyber secure — not just ‘cyber-aware’ — it’s critical that they have up-to-date plans, train their people, and communicate effectively both internally and with others in their industry.”
This survey is the national law firm’s third on the topic of cybersecurity for infrastructure-related industries. In 2018, the firm’s first survey focused on the greater maritime industry. The second survey, in 2020, focused on the midstream oil and gas sector, another critical infrastructure industry.
The economic effects of the COVID-19 pandemic, the war in Eastern Europe and other geopolitical events, supply chain disruptions, labor shortages, rising inflation, and rapidly escalating energy prices have brought increased focus on this key industry.
Capt. Andy Meyers, U.S. Coast Guard, Chief of the Office of Port and Facility Compliance, “Without question, protecting the marine transportation system from cyber threats is a shared responsibility requiring both government and industry participation.”
Andy Lee, partner and head of Jones Walker’s Privacy & Data Security team, said, “The need for cybersecurity at the nation’s ports and maritime terminals is more pressing than ever. This industry is critical to the country’s economic health and is an enticing target for threat actors seeking to disrupt critical infrastructure.”