Troubled waters: cyber-attacks on San Diego and Barcelona's ports show risk of IT/OT convergence

clock • 3 min read

Operational technology has been kept separate from IT in the past - but as that changes, systems are being exposed to attacks

Last summer's wave of ransomware attacks compromised port terminals and disrupted global shipping. Since then, cyber security has quickly risen to the top of the agenda for the maritime sector. Earlier this year, another port was hit with ransomware, and then, last week, the ports of Barcelona and San Diego revealed that they had been the victims of further ransomware attacks.

Whilst the 2017 attacks were globally devastating, there was no evidence that they deliberately targeted particular sectors; port terminals were merely caught in the indiscriminate wave of attacks. However, the widespread disruption these attacks caused across industry - from shipping to manufacturing - drew attention to the risk of IT cyber-attacks propagating into the industrial sector's critical control systems.

Operational technology (OT) within industrial environments has previously been kept mostly separate from IT systems, and, consequently, relatively immune from cyber-attack. These recent attacks show that the trend in integrating and unifying IT and OT has exposed these systems to such indiscriminate assaults.

The increasing convergence of IT and OT systems shows no signs of slowing, however. Hyper-connected ‘smart' ports are bringing efficiency and precision while cutting costs; and yet, the intertwining of the physical and digital across ports remains a significant challenge for the cyber security teams tasked with their defence. Without rushing to conclusions, it is perhaps no surprise that the Port of Barcelona is in the midst of a ‘Digital Port project,' launched last year to promote the digitisation of the port environment.

Although specifics have not yet been revealed, the recent attacks in Barcelona and San Diego appear to have been targeted. Perhaps the inadvertent success of last year's ransomware campaign inspired attackers to pursue the maritime sector specifically. Disruptions to operational technology can be highly detrimental to the maritime sector: these systems oversee critical port and ship systems. Any compromise could inflict reputational harm, significant financial losses and physical damage.

That we would see ransomware attacks specifically targeting ports was foreseeable, and many in the industry have been expecting and preparing for such an eventuality over the last 12 months. Now that attackers are actively targeting them, the protection of OT systems has become critical.

Darktrace has deployed AI to a number of companies in the maritime sector to specifically mitigate and defend Operational Technology. These systems are highly customised and bespoke, and therefore unsuitable for the use of off-the-shelf IT solutions. Darktrace's cyber AI is able to automatically tailor to OT environments and learn a unique sense of ‘self', regardless of vendor or technology platform.

The Darktrace AI is actively defending ports across the world - such as Harwich Haven Authority and Belfast Harbour - and protecting them against both targeted and indiscriminate attacks on their OT and IT systems. Defending these environments requires the ability to protect all technology systems, from the oldest PLCs and SCADA systems, to the newest IoT devices. Whether in the cloud, on a vessel or on the mainland, Darktrace is able to passively defend systems and identify cyber-threats in real time, without any impact or disruption.

Andrew Tsonchev is Director of Technology at Darktrace Industrial

You may also like
Darktrace agrees $5.3bn takeover by Thoma Bravo

Mergers and Acquisitions

Thoma Bravo to add Cambridge-based company to security software portfolio 20 months after first opening talks

clock 29 April 2024 • 2 min read
Accidental exclusion exacerbating cyber's staffing problem

Careers and Skills

Many people who would excel in cybersecurity roles see no obvious way in, with those that do make it getting stuck in entry-level positions

clock 12 May 2023 • 4 min read
Former Head of Police National Cyber Crime Unit joins Cybersecurity Festival


Charlie McMurdie spent 32 years in the Met and built the Police Central e-crime Unit

clock 29 March 2023 • 2 min read

Sign up to our newsletter

The best news, stories, features and photos from the day in one perfectly formed email.

More on Threats and Risks

Threat group 'systematically compromising Snowflake customer instances'

Threat group 'systematically compromising Snowflake customer instances'

165 organisations notified to date

Kyle Alspach
clock 11 June 2024 • 2 min read
Microsoft warns of potential Azure Service Tags misuse by hackers

Microsoft warns of potential Azure Service Tags misuse by hackers

Ten specific Azure services are currently identified as susceptible

clock 11 June 2024 • 2 min read
Microsoft overhauls Recall, makes it opt-in

Microsoft overhauls Recall, makes it opt-in

The move comes after security concerns from experts

clock 10 June 2024 • 3 min read