From Ports to Protocols: Securing Maritime with Palo Alto Networks

The Marine Transportation System (MTS) is a pillar of U.S. trade and the broader economy. Its system of ports, terminals, vessels, waterways and land-side connections underpin $5.4 trillion of economic activity in the United States annually.

In response to increasing cyber threats targeting MTS, the Biden-Harris administration announced an initiative to bolster the cybersecurity of U.S. Ports, including a $20 billion investment. Stakeholders ranging from port operators to shipping companies are on the front lines of these changes.

This blog examines the elements of the new initiative, what it means for MTS professionals and steps they can take to secure their infrastructure.

Understanding the MTS Threat Landscape
The digital world’s interconnectedness has brought unparalleled efficiency to the maritime shipping industry and American supply chains. However, this connectivity also opens the door to significant digital exploitation in ports, with potential risks ranging from cyber espionage to cyber attacks on liquid gas facilities and others in ports to disruptive ransomware attacks.

The Port of Nagoya ransomware attack in Japan illustrates cybersecurity risks at ports and the potential consequences of a cyber attack. According to its website, the port is the largest in Japan for cargo throughput and the main port for automobile exports. In July 2023, the cybersecurity attack halted container loading and unloading at the port for two days.

Such cyber-attacks threaten the security of sensitive information, as well as jeopardize the safety and continuity of economic activities and critical port operations. The Administration’s initiative recognizes the essential role of cybersecurity in safeguarding MTS and defending U.S. ports and vessels from these evolving threats.

The Implications for MTS Cybersecurity
The stated goals of the newly issued executive order and broader initiative are to protect critical infrastructure, supply chains and the economic engine they support. The U.S. Coast Guard, under the Department of Homeland Security (DHS), is tasked with overseeing additional protective measures.

Key actions focus on:

• Ship-to-shore cranes, particularly those originating from the People’s Republic of China.
• The establishment of mandatory cyber incident reporting requirements for any incidents or threats that could endanger any vessel, harbor, port or waterfront facility.
• The U.S. Coast Guard’s proposed rulemaking regarding cybersecurity standards within the maritime domain.

As part of the President’s "Investing in America agenda," the Administration will also make a $20 billion investment into U.S. port infrastructure over the next five years. A key part of this program is directed at returning crane manufacturing to the U.S. for the first time in 30 years. One immediate example of action is PACECO Corp’s plan to onshore U.S. manufacturing of cranes and partner with trusted companies, underscoring the Administration’s intention to drive results from their initiative.

Improving the Cybersecurity of Ship-to-Shore Cranes
Specific attention in the initiative is given to the cybersecurity risks associated with ship-to-shore cranes, especially noting concerns with those manufactured by the People’s Republic of China. Released at the same time, a parallel Maritime Security Directive from the U.S. Coast Guard focuses on owners and operators of these cranes as well as vessel owners/operators, shippers and port operators exposed to risks.

This directive requires stakeholder acknowledgment, identifies opportunities to enhance the management of control systems and network operations and provides guidance to strengthen security measures, such as:

• Applying best practices for access control (identity and access management).
• Utilizing mitigation measures to reduce the risks associated with automated port cranes.
• Validating the integrity and security of on-board crane devices and networks.
• Creating comprehensive response and recovery programs for on-board crane systems and devices.
• Maintaining strict physical and digital security and access control for all devices and infrastructure used to operate and manage the crane.

New Cybersecurity Standards and Reporting Requirements for MTS
To strengthen the framework for maritime cybersecurity further, the U.S. Coast Guard has initiated a Notice of Proposed Rulemaking (NPRM) focused on cybersecurity in MTS.

The NPRM is concerned explicitly with daily unauthorized attempts by individuals, groups and adversary nations to access control systems or networks in O.T. infrastructure across the maritime industry’s connected systems. Such attempts create transport security incidents (TSIs), which the new standards and reporting requirements focus on mitigating through a combination of attack detection, response and recovery requirements.

This proposed rule introduces specific and minimum cybersecurity measures, through required Cybersecurity Plans for IT and OT systems drawing upon international and industry standards. The proposed requirements include:

• Account security measures
• Device security measures
• Data security measures
• Governance and training
• Risk management
• Supply chain management
• Resilience
• Network segmentation
• Reporting
• Physical security

These measures have the potential to significantly improve the management of control systems and network operations within the MTS, promoting continuous monitoring and the rigorous control of equipment and communication pathways.

Palo Alto Networks works with MTS customers and helps organizations enhance their cyber resilience now. For example, Damen Docks, a builder and supporter of ships in The Netherlands, needed a cybersecurity strategy across 35 shipyards to safeguard 7,000 endpoints. Working with ON2IT, a leading cybersecurity service provider, Palo Alto Networks has helped Damen Docks create a simplified Zero Trust architecture.

Palo Alto Networks Can Help MTS Organizations Now
Together, the Executive Order, Maritime Security Directive and NPRM are significant steps that the Administration is taking toward safeguarding America’s economic and national security through enhanced maritime cybersecurity. For anyone engaging with a port, as well as stakeholders in ports and shipping companies, understanding and adapting to these changes is crucial.

The long-term impacts on MTS security, U.S. Trade infrastructure and the broader economic well-being are significant. Palo Alto Networks is committed to helping MTS owners and operators improve cybersecurity and align with this new initiative.

Our Zero Trust OT Security helps organizations impacted by the new initiative take proactive steps to enhance cyber resilience, including:

• Asset Inventory: Develop a comprehensive inventory of all your equipment, documenting its origin and any third-party associations.
• Continuous Monitoring: Keep a close eye on systems and networks, especially outbound traffic, for any signs of unusual activity.
• Logging Enablement: Implement logging across various points of your infrastructure to capture essential data for analysis and incident response.
• Inbound Path Analysis: Scrutinize all inbound paths to your port equipment, ensuring that each inbound communication is individually authorized and monitored.

Our experts will work closely with you to assess your current security posture and provide actionable recommendations aligned with the amended federal regulations. Learn more about how we can help you strengthen your maritime security operations.