As large-scale cyber attacks by China and Russia on American government agencies and corporations have demonstrated, it can be difficult to prevent nation-states from planting malware on sensitive networks—even those with strict access controls. It can also be difficult to know that it has happened. Suspected Russian hackers in the SolarWinds supply-chain attack remained undetected on networks for as long as 9 months before they were discovered.
This kind of vulnerability has significant implications for Navy cybersecurity, including at ports in the Pacific where replenishment ships take on supplies. One of the risks is that an adversary could plant malware on port computer systems and then activate it at a critical moment, crippling resupply operations. This might unfold, for example, if a naval confrontation between the U.S. and an adversary in the U.S. Indo-Pacific Command Area of Responsibility (INDOPACOM AOR) seemed imminent, and the Navy wanted to top off fuel, munitions, and other supplies on combatant ships for maximum mobility and flexibility.
It wouldn’t be necessary for the malware to infect and disable every supply-related computer system in a port—a single attack anywhere along the line could disrupt the entire resupply operation. For example, malware could disable the pumps that transfer fuel to the replenishment ships, or the cranes that load palletized munitions and other supplies. Malware could freeze the inventory-control systems that dictate which supplies go on which ships, or it could cut the power in critical places.
Ports around the world are being increasingly targeted by hackers. Cyber attacks on the maritime industry’s operational technology (OT) systems have grown by at least 900% over the last 3 years, with some port operations being knocked out for days or even weeks, according to the maritime cybersecurity company Naval Dome.
Current cybersecurity measures at Navy-controlled and commercial ports tend to focus on identity and access management, dictating who has access to which systems. While that is critical, it is not enough. Nation-states like China and Russia are increasingly adept at bypassing identity and access controls in sensitive networks—such as with last year’s SolarWinds attack, which came through a routine software update to thousands of customers, including in parts of the Pentagon and other federal agencies. China is accused of an even more massive attack on U.S. government and business organizations this year, in which hackers exploited vulnerabilities in a Microsoft email service to plant hidden malware.
While such attacks have proven hard to prevent, the Navy can take specific steps to strengthen cybersecurity at Navy-controlled and commercial ports in the Pacific and elsewhere. There is no silver bullet, however. Defending ports against sophisticated cyber attacks calls for a multifaceted approach—one that combines traditional methods, such as redundancy and manual backups, with advanced technologies such as artificial intelligence (AI)-enabled threat detection. Such an approach focuses not just on protecting the IT and OT systems in ports from malware intrusion, but on keeping them resilient in the face of a successful breach.