Chapter 11.4 – Safety, Security, and Cybersecurity

Authors: Dr. Theo Notteboom and Dr. Jean-Paul Rodrigue

Ports have to play a more active role in increasing security, tackling crime (such as the illegal trade in narcotics and counterfeit goods, terrorism, human trafficking, etc.) and cybersecurity. These developments tie in with the primary functioning of ports as international hubs for the flow of goods and information.

< Chapter under construction >

1. A Typology of Crime Affecting Ports

Ports are potential targets for crime because of their strategic role in international trade and logistics. The first group of criminal activities in ports focuses on the trafficking of illicit or counterfeit goods. This includes:

  • Illicit goods. Ports can be used to export or import goods that are judged to be illicit by global or national organizations (customs). This may include stolen goods, such as cars, but also embargoed goods that, under normal circumstances, would be part of regular trade networks. This is particularly the case for commodities, such as oil or grains, that may be embargoed due to a conflict or geopolitical tensions and where ports can act as illicit distribution platforms.
  • Drug trafficking. Seaports are major entry and exit points for illegal drugs, often hidden within shipping containers or other bulk cargo. Drug cartels may bribe or intimidate port officials, customs agents, dock workers, or security personnel to help drugs pass through undetected, or to facilitate the collection of drugs in port areas.
  • Trafficking of counterfeit goods. Ports are common entry points for the smuggling of counterfeit goods, including fake luxury items, pharmaceuticals, electronics, and industrial products. These goods infringe on intellectual property rights, allowing organized crime groups to profit from pirated or cloned products. Counterfeit goods, particularly in sectors like pharmaceuticals, toys, or automotive parts, pose risks to consumer safety and health.
  • Arms trafficking. Seaports can be used as entry points for illegal weapons and ammunition, often concealed within regular shipments. This includes firearms, explosives, and military-grade weaponry. The traffickers might rely on forged or fake shipping documents to obscure the true contents of containers. Smuggled weapons typically end up in the hands of terrorist organizations or organized crime groups. When regional conflicts arise (e.g., Ukraine War), the parties involved often try to get access to as many weapon supplies as possible, leading to trafficking.
  • Illegal wildlife and fish trafficking. Ports could be used for trafficking endangered wildlife and illegal animal products, like ivory or exotic pets. Ports might also be confronted with the illegal fishing industry, where illegally caught fish is brought ashore using forged documentation to disguise its origin.
  • Waste trafficking. Hazardous waste, such as toxic materials, is often illegally exported to countries with looser environmental regulations, with organized crime groups exploiting ports to circumvent laws.

Next to cargo trafficking, ports might be used for human trafficking and smuggling, especially undocumented migrants, often in dangerous conditions. Human traffickers sometimes bribe or coerce dockworkers and other port workers to allow unauthorized individuals onto vessels or cargo areas. Ports might also see the trafficking of individuals for forced labor or sexual exploitation, often involving vulnerable populations and linked to forced labor in fishing and cargo shipping industries.

Ports are also vulnerable to cargo theft. Criminal networks often target high-value cargo such as electronics, luxury goods, pharmaceuticals, cars, and consumer products. Cargo theft often involves inside knowledge, with criminals bribing or collaborating with port workers or truck drivers. In extreme cases, criminals may hijack trucks or other transport modes, leaving ports or even intercept entire containers before they reach their final destination.

Port operations can be affected by sabotage actions that disrupt logistics and cause economic harm. Sabotage can come from military opponents, paramilitary organizations, or terrorist groups. They may also use ports to smuggle weapons, explosives, chemical agents, or other dangerous materials.

At the corporate level, port activities could be deployed in Trade-Based Money Laundering (TBML) schemes, with companies using ports to launder money by manipulating shipping documents, invoices, and the valuation of goods. Criminals might even set up shell companies in or outside port areas to create fake cargo shipments, which can facilitate the movement of illegal funds. Corporations may also underreport the value of goods to evade customs duties and taxes, causing significant revenue losses for governments. By misclassifying cargo or by relying on documents and permit forgery, corporations can exploit lower tax rates or avoid import restrictions.

With the increasing digitalization and security situation in the world, the risk of cyber attacks is also increasing. This can involve cyber attacks on port infrastructure, data theft and manipulation, and phishing and fraud schemes. Actors in the port ecosystem must, therefore, increasingly invest in cybersecurity to protect their systems and data against attacks that can disrupt operations.

2. Tackling Security in Ports

There is a strong culture of security in ports that originates from the protection against cargo theft. However, after the events of September 11, 2001, this culture expanded substantially to include the physical protection of terminal facilities against unauthorized entry and intentional damage, particularly in the United States. In the 2010s, this culture expanded to include cybersecurity concerns. Organized crime has a lot of negative impacts on ports and their surroundings. Criminal activities can lead to disruptions in global supply chains, resulting in significant financial losses for port companies and related industries. Theft and fraud can result in the loss of goods, which entails direct and indirect costs. Frequently occurring criminal activities can undermine the trust of trading partners and investors in the port and the surrounding economic ecosystem, leading to less investment and trade. The presence of organized crime and criminal networks can lead to an increased sense of insecurity within surrounding communities. This can affect the quality of life and the well-being of the local population.

Tackling organized crime is important not only from a social perspective but also from a commercial perspective. Continuous investments in advanced technologies such as CCTV, container-scanning technologies, drones, biometric access control and automated monitoring help crime detection. The smart fencing and wiring of port areas and terminals also help to discourage criminals. Fighting crime also involves advanced data analysis and risk profiling to identify unusual patterns, red flags, or high-risk shipments. Another action field involves training port staff to recognize and report suspicious activities, along with measures to prevent bribery and corruption. In an effort to increase cybersecurity, port communities can rely on cybersecurity protocols to protect against cyberattacks, data theft, and system manipulation. Security measures such as surveillance, training, and assessments can be costly, especially for smaller ports, terminal operators, and shipping companies.

Effectively combating crime requires cooperation between various stakeholders, including port authorities, the police, customs, the Coast Guard, municipalities, international partners, etc. The importance of an integrated approach, in which all parties involved work together, cannot be emphasized enough to guarantee a safe and secure port environment.

A vast regulatory framework has been developed to improve security and fight crime in and around ports. One of the best-known examples is the International Ship and Port Facility Security (ISPS) Code implemented by the International Maritime Organization (IMO) in 2004 as part of the Safety of Life at Sea (SOLAS) Convention. The ISPS Code establishes mandatory requirements for both ships and port facilities to detect and prevent security incidents. The ISPS Code is divided into two main parts: Part A (mandatory requirements) and Part B (recommended guidelines). A Ship Security Plan (SSP) and Port Facility Security Plan (PFSP) are developed based on the security assessments, outlining specific security measures, protocols, and responses. These plans must be regularly tested, reviewed, and updated as security threats evolve.

Ships must carry an International Ship Security Certificate (ISSC), confirming compliance with the ISPS Code requirements. Port facilities undergo periodic inspections by national authorities to ensure compliance. The ISPS Code comes with specific security profiles such as the Ship Security Officer (SSO), who is responsible for implementing the security plan on board the vessel, the Port Facility Security Officer (PFSO), who oversees the security plan for the port facility, and the Company Security Officer (CSO) who coordinates security between ships and port facilities, ensuring consistent implementation of security policies. The ISPS Code imposes enhanced surveillance, including monitoring restricted areas, cargo handling, and passenger embarkation to prevent unauthorized access. Ships and port facilities may use security cameras, motion sensors, and alarm systems to monitor and detect potential threats.

There are also provisions for strict access control measures to prevent unauthorized access to ships, port facilities, and restricted areas. Crew members, port staff, and visitors must carry identification or passes. The ISPS Code mandates detailed record-keeping of security incidents, assessments, and training exercises.

3. Ports and Military Defense

Quite a few regions around the world are confronted with growing security issues due to military conflicts and war rhetoric. This is leading to a revival of attention for and investments in defense and an increased attention to the role of seaports. Many ports are being assigned a more pronounced military role and have become indispensable to national defense. Their infrastructure, location, and operational capacity can make them a foundation of a nation’s or region’s defense strategy, especially in times of conflict or geopolitical tension. The important role of ports in military logistics simultaneously increases the threat of possible forms of undermining the existing infrastructure and superstructure through cyber attacks, physical sabotage and targeted attacks by air, water, or land.

Seaports can play a critical role in military defense. Their strategic value can be seen in several main areas:

  • Quite a few ports around the world are locations for naval bases. These can be found near critical military locations in the international maritime network (e.g., Djibouti near the Red Sea and the Gulf of Aden) or at domestic ports (e.g., San Diego and Norfolk as homeports for the US naval fleet at the US West Coast and US East Coast respectively). Ports in the Persian Gulf and South China Sea have become focal points for naval operations due to their proximity to areas of strategic interest. The presence of a strong naval force at a strategic port can act as a deterrent to adversaries. Simply stationing advanced warships at a port in a geopolitically tense region can send a message of military readiness. Many of these ports also serve as command hubs where defense operations can be coordinated, managed, and monitored using advanced communication and surveillance systems. Some ports may house electronic warfare capabilities that can intercept and jam enemy communications, providing a layer of defense against both cyber and physical threats.
  • Ports equipped with dry docks and maintenance facilities can play a role in constructing, repairing and overhauling military vessels, which is crucial for maintaining an operational fleet.
  • Port terminals across the world are increasingly being called upon to play a logistical role in facilitating (large-scale) military operations and exercises. Ports enable joint training and multinational exercises, showcasing allied strength and enhancing interoperability among friendly forces. Large seaports are capable of handling heavy military equipment (like tanks, helicopters, and missiles) and can facilitate the movement of troops during deployment or redeployment. Ports are vital for logistical support, allowing navies and other military forces to replenish supplies such as fuel, ammunition, food, and medical supplies.
  • Ports might house coastal defense batteries, anti-aircraft systems, and other fortifications that can protect against attacks. In some cases, mines or other defensive measures can be deployed in harbor approaches to deter hostile ships. Some strategic ports are equipped with systems to detect and counteract submarine and missile threats.
  • Ports can also play a role in protecting critical trade routes by acting as hubs in naval and other operations aimed at securing international shipping lanes against threats like piracy and terrorism.

The role of ports in military defense is supported by specific policy actions. For example, in response to the Russian threat, the European Union committed to reinforce the military transport infrastructure needed to move troops and materiel. Ports will play a key role in the creation of defense corridors primarily linking deep-water North Sea ports to Europe’s eastern borders.

4. Cybersecurity and Ports

The diffusion of information technologies for communication, managerial, and operational considerations has been enduring across the maritime industry. The benefits of digitalization are far-reaching, but characteristics inherent to information technologies, such as digital network access and connectivity, have opened the door to a new range of vulnerabilities and risks. The growing level of digitization and reliance on information systems open opportunities for cyber-related disruptions at ports since the maritime industry has its unique vulnerabilities. Cybersecurity has wide ramifications on supply chains and has mobilized market players to increase protective and mitigating measures.

Cybersecurity is the protection of information technology systems (hardware and software) and their infrastructure from unauthorized access, misuse, and damage.

Vulnerabilities of the Maritime Industry to Cybersecurity
Port Community System

Data integrity and privacy challenges and risks have soared with the rise of digitalization, the amount of information processed and stored, and interconnected information networks. The logistics, shipping, and port industry is challenged to safeguard the data being communicated across players since data sharing is at the core of digitalization. Failure to protect data hampers the digital revolution as this represents a risk not only for the end customers but also for the suppliers. There are three main dimensions of data cybersecurity:

  • Confidentiality. Information technologies, including the data they contain, should be accessible only to authorized personnel. There are different layers to confidentiality, ranging from public access (such as a company informational web page) to restricted information (such as financial accounts) only available to key employees in upper management.
  • Integrity. The information stored and distributed through information systems must be protected from any unauthorized modification or deletion. This implies that data version monitoring and backup systems allow the information to be reverted.
  • Availability. The information must be made available to its users at the moment they need to access it. Telecommunication systems, such as Wi-Fi, can be compromised and disrupted, impairing operations. Network redundancy allows for mitigating potential disruptions.

If information confidentiality, integrity, and availability are secured against cyberattacks, a level of cyber resilience can be achieved. Ports and the maritime industry are being increasingly targeted, with cyberattack growth rates in triple digits since 2017. The causes of cybersecurity breaches can be intentional or unintentional, such as an employee error (losing a laptop or a storage device during travel or commuting that can be retrieved by others). The setting of port community systems has greatly improved the transactional environment but has also opened cybersecurity risks about the platform. The consequences are multidimensional, ranging from data theft to operational disruptions that impact carriers and cargo owners. The cyber resilience of a number of ports is perceived to be in question for three main reasons:

  • Labor and skill issues. The port and maritime industries are competing for IT talent with other industries. Since this sector is less known than other high-visibility sectors, such as finance, recruitment is more challenging. Further, as port terminals are converting to digital technologies, the operational and managerial workforce needs to be trained with new sets of skills.
  • Software development. Several information technologies in the port and maritime sector rely on software and technologies that can be considered “legacy” and not designed in circumstances where cybersecurity is an issue. Some terminals use in-house software that is particularly prone to vulnerabilities. Further, software development can be undertaken by third parties, which can be subject to risks such as back-doors.
  • Terminal infrastructure. A port terminal, particularly a container terminal, is composed of a multiplicity of information technologies, automated assets, and telecommunication networks that each represent a potential point of entry for a cyberattack. Terminal infrastructure, including ship-to-shore cranes (STS), gantries, and even trucks, rely on software to operate. Commonly, terminal equipment is manufactured by a foreign entity to the terminal operator, and the software component is also part of the equipment. So, the purchase and installation of terminal equipment can represent a cybersecurity risk. For instance, 80% of the STS in American ports are manufactured by the Chinese conglomerate ZPMC (Zhenhua Heaver Industries), which can be perceived as a cyber-security risk.

In recent years, several market players have been confronted with large-scale cyberattacks. Notable events include:

  • In 2017, a ransomware cyber-attack infected Maersk Line and its sister terminal company, APM Terminals. Because of a hacked software upgrade in its Odessa (Ukraine) offices, a ransomware was able to diffuse across APMT’s global network, shutting down the booking systems of 17 major container terminals. This remains the most damaging cyberattack in the industry.
  • In the same year, the “WannaCry” ransomware attack caused gridlock at FedEx, a major logistics services provider, as the contents of thousands of its networked computers were encrypted.
  • In 2020, the Port of Shahid Rajaee (Iran) was the victim of a cyberattack that resulted in the shutdown of the computer infrastructure controlling cargo, vessels, and vehicle movements in the port. This cyber-attack was part of cyberwarfare between Iran and Israel.
  • In 2021, a cyberattack on the systems of Transnet (the port authority of South Africa), led to serious disruptions at the ports of Durban and Cape Town. The terminal operating system went down, forcing the use of paper-based processes to track ships and cargo clearance. This particularly impacted container activities at the port of Durban, which accounts for 60% of the national volume.
  • In 2023, a ransomware attack at the Port of Lisbon took down its web site and network, resulting in the theft of financial information as well as contracts, bills of lading, and logs for ships calling the port.

The dominant rationale for cyberattacks in the maritime sector is financial extortion, supporting illicit trade, or stealing valuable commercial information. This underlines that the port and shipping industry are capital intensive, and that successful cybersecurity breaches have the potential to be highly lucrative. For instance, the average ransom payment for a successful cyberattack in the industry was estimated to be three million dollars. Still, large ports and shipping conglomerates have substantial cybersecurity capabilities, but there is a multiplicity of smaller shipping lines and ports where such capabilities are much more limited.

Similar to cybersecurity issues in large organizations, mitigation strategies for ports involve monitoring devices, including those associated with terminal equipment, for intrusions and reconfiguration attempts. The numbers are becoming staggering as some networks can experience millions of firewall events per day, which can result in a security event if an exploit has been targeted. Alone, the Port of Los Angeles reported being subject to 60 million cyberattack events per month in 2023, up from 7 million per month in 2014. The most common include:

  • E-mails remain the most common vector of a cyberattack due to their wide use and diffusion within organizations. Such attacks are aimed at installing malware within the compromised network or stealing login credentials by fooling the recipient into a fake login page. Thus, a salient strategy remains a constant and improved monitoring of phishing attempts.
  • Denial of service attacks (DDoS) are common in attempts to disrupt networks to extract a ransom or to undermine operations. Networks can be hardened with real-time firewall rules that block IPs subject to suspicious activity.
  • There are also attempts at typosquatting, which mimics the names of websites and fools users into believing they are using the genuine site and providing, for instance, login credentials and private information. This can be mitigated with firewall rules and rapid take-down notices for typosquatting sites.
  • Brute force attacks are also commonly used to break in using combinations of well-known passwords across multiple accounts. This can be mitigated by well-established complex password policies with periodic changes.

Cybersecurity issues have become central to the resilience of contemporary ports as they represent an entirely new set of risks. This may require changes in the governance structure with clear roles and chain of authority concerning cybersecurity. An outcome has been the creation of the chief cybersecurity officer (CCO) or chief information security officer (CISO), often as an extension of the IT department. This office, commonly reporting directly to the CEO or the Board, is responsible for implementing cyber resilience strategies and oversees the digital transformation of the port and its facilities.

Cyber Resiliency Measures for Information Technologies
Most Common Causes of Cyberattacks
Petya Ransomware Cyber Attack on Maersk

Related Topics

References

  • Bueger, C., T. Edmunds, J. Stockbruegger (2024) Securing the Seas: A Roadmap for Enhancing UN Maritime Security Governance, Geneva, Switzerland: UNIDIR.
  • Senarak, C. (2024) “Port cyberattacks from 2011 to 2023: a literature review and discussion of selected cases” Marit Econ Logist 26, 105-130. https://doi.org/10.1057/s41278-023-00276-8