Troubled waters: cyber-attacks on San Diego and Barcelona's ports show risk of IT/OT convergence

clock • 3 min read

Operational technology has been kept separate from IT in the past - but as that changes, systems are being exposed to attacks

Last summer's wave of ransomware attacks compromised port terminals and disrupted global shipping. Since then, cyber security has quickly risen to the top of the agenda for the maritime sector. Earlier this year, another port was hit with ransomware, and then, last week, the ports of Barcelona and San Diego revealed that they had been the victims of further ransomware attacks.

Whilst the 2017 attacks were globally devastating, there was no evidence that they deliberately targeted particular sectors; port terminals were merely caught in the indiscriminate wave of attacks. However, the widespread disruption these attacks caused across industry - from shipping to manufacturing - drew attention to the risk of IT cyber-attacks propagating into the industrial sector's critical control systems.

Operational technology (OT) within industrial environments has previously been kept mostly separate from IT systems, and, consequently, relatively immune from cyber-attack. These recent attacks show that the trend in integrating and unifying IT and OT has exposed these systems to such indiscriminate assaults.

The increasing convergence of IT and OT systems shows no signs of slowing, however. Hyper-connected ‘smart' ports are bringing efficiency and precision while cutting costs; and yet, the intertwining of the physical and digital across ports remains a significant challenge for the cyber security teams tasked with their defence. Without rushing to conclusions, it is perhaps no surprise that the Port of Barcelona is in the midst of a ‘Digital Port project,' launched last year to promote the digitisation of the port environment.

Although specifics have not yet been revealed, the recent attacks in Barcelona and San Diego appear to have been targeted. Perhaps the inadvertent success of last year's ransomware campaign inspired attackers to pursue the maritime sector specifically. Disruptions to operational technology can be highly detrimental to the maritime sector: these systems oversee critical port and ship systems. Any compromise could inflict reputational harm, significant financial losses and physical damage.

That we would see ransomware attacks specifically targeting ports was foreseeable, and many in the industry have been expecting and preparing for such an eventuality over the last 12 months. Now that attackers are actively targeting them, the protection of OT systems has become critical.

Darktrace has deployed AI to a number of companies in the maritime sector to specifically mitigate and defend Operational Technology. These systems are highly customised and bespoke, and therefore unsuitable for the use of off-the-shelf IT solutions. Darktrace's cyber AI is able to automatically tailor to OT environments and learn a unique sense of ‘self', regardless of vendor or technology platform.

The Darktrace AI is actively defending ports across the world - such as Harwich Haven Authority and Belfast Harbour - and protecting them against both targeted and indiscriminate attacks on their OT and IT systems. Defending these environments requires the ability to protect all technology systems, from the oldest PLCs and SCADA systems, to the newest IoT devices. Whether in the cloud, on a vessel or on the mainland, Darktrace is able to passively defend systems and identify cyber-threats in real time, without any impact or disruption.

Andrew Tsonchev is Director of Technology at Darktrace Industrial

You may also like
Accidental exclusion exacerbating cyber's staffing problem

Careers and Skills

Many people who would excel in cybersecurity roles see no obvious way in, with those that do make it getting stuck in entry-level positions

clock 12 May 2023 • 4 min read
Former Head of Police National Cyber Crime Unit joins Cybersecurity Festival


Charlie McMurdie spent 32 years in the Met and built the Police Central e-crime Unit

clock 29 March 2023 • 2 min read
Security challenges: Five midsize IT leaders on where they need help


From ransomware and malware to the Internet of Things, midmarket IT leaders are staring down a number of security threats, often with limited resources at hand.

clock 28 March 2023 • 8 min read
Most read

Intel splits in two, signs deal with Microsoft

22 February 2024 • 7 min read

Cambridge University hit by DDoS attack

20 February 2024 • 1 min read

Gemma: Google unveils open AI models

22 February 2024 • 3 min read

Sign up to our newsletter

The best news, stories, features and photos from the day in one perfectly formed email.

More on Threats and Risks

Operation Cronos: NCA reveals details of LockBit affiliates

Operation Cronos: NCA reveals details of LockBit affiliates

Operation has been crippled - for now

clock 22 February 2024 • 3 min read
Microsoft exposes state-backed hackers using AI tools for espionage

Microsoft exposes state-backed hackers using AI tools for espionage

Hackers linked to Russian military intelligence have been using LLMs to delve into satellite communication protocols relevant to military operations in Ukraine

clock 15 February 2024 • 3 min read
France uncovers massive Russian disinformation campaign

France uncovers massive Russian disinformation campaign

Dubbed 'Portal Kombat'

Vikki Davies
clock 14 February 2024 • 2 min read