Troubled waters: cyber-attacks on San Diego and Barcelona's ports show risk of IT/OT convergence

Last summer's wave of ransomware attacks compromised port terminals and disrupted global shipping. Since then, cyber security has quickly risen to the top of the agenda for the maritime sector. Earlier this year, another port was hit with ransomware, and then, last week, the ports of Barcelona and San Diego revealed that they had been the victims of further ransomware attacks.

Whilst the 2017 attacks were globally devastating, there was no evidence that they deliberately targeted particular sectors; port terminals were merely caught in the indiscriminate wave of attacks. However, the widespread disruption these attacks caused across industry - from shipping to manufacturing - drew attention to the risk of IT cyber-attacks propagating into the industrial sector's critical control systems.

Operational technology (OT) within industrial environments has previously been kept mostly separate from IT systems, and, consequently, relatively immune from cyber-attack. These recent attacks show that the trend in integrating and unifying IT and OT has exposed these systems to such indiscriminate assaults.

The increasing convergence of IT and OT systems shows no signs of slowing, however. Hyper-connected ‘smart' ports are bringing efficiency and precision while cutting costs; and yet, the intertwining of the physical and digital across ports remains a significant challenge for the cyber security teams tasked with their defence. Without rushing to conclusions, it is perhaps no surprise that the Port of Barcelona is in the midst of a ‘Digital Port project,' launched last year to promote the digitisation of the port environment.

Although specifics have not yet been revealed, the recent attacks in Barcelona and San Diego appear to have been targeted. Perhaps the inadvertent success of last year's ransomware campaign inspired attackers to pursue the maritime sector specifically. Disruptions to operational technology can be highly detrimental to the maritime sector: these systems oversee critical port and ship systems. Any compromise could inflict reputational harm, significant financial losses and physical damage.

That we would see ransomware attacks specifically targeting ports was foreseeable, and many in the industry have been expecting and preparing for such an eventuality over the last 12 months. Now that attackers are actively targeting them, the protection of OT systems has become critical.

Darktrace has deployed AI to a number of companies in the maritime sector to specifically mitigate and defend Operational Technology. These systems are highly customised and bespoke, and therefore unsuitable for the use of off-the-shelf IT solutions. Darktrace's cyber AI is able to automatically tailor to OT environments and learn a unique sense of ‘self', regardless of vendor or technology platform.

The Darktrace AI is actively defending ports across the world - such as Harwich Haven Authority and Belfast Harbour - and protecting them against both targeted and indiscriminate attacks on their OT and IT systems. Defending these environments requires the ability to protect all technology systems, from the oldest PLCs and SCADA systems, to the newest IoT devices. Whether in the cloud, on a vessel or on the mainland, Darktrace is able to passively defend systems and identify cyber-threats in real time, without any impact or disruption.

Andrew Tsonchev is Director of Technology at Darktrace Industrial