Crowdstrike IT Outage Spotlights Ports’ Cybersecurity Readiness 

The vulnerability of global port operations has been spotlighted after the recent IT outage caused by Crowdstrike, a leading cybersecurity firm. Its faulty security update caused Microsoft Windows computers around the world to crash. 

As ports become increasingly digitized, they are also becoming prime targets for cyberattacks, with the potential consequences ranging from operational disruptions, to major economic losses and threats to national/international security.

But as the recent Crowdstrike incident proved, system outages and downtime can also prove extremely harmful to efficient port operation. Less than a year ago, a ransomware attack halted shipping container operations in Japan for two days:

Ports Temporarily Shut Down

“Planes and cargo are not where they are supposed to be and it will take days or even weeks to fully resolve,” Niall van de Wouw, chief air freight officer at supply chain consulting firm Xeneta, said in a statement shared with CNBC. “This is a reminder of how vulnerable our ocean and air supply chains are to IT failure.” 

The Crowdstrike software bug crashed Microsoft operating systems, causing the largest IT outage in history, and temporarily shutting down ports worldwide. 

While air freight was most impacted, major ports – such as the Port of Houston, Port of New York, Port of Los Angeles, and the Port of Rotterdam – reported temporary disruptions, but quickly resumed normal operations.  

Other ports were affected, with The Loadstar noting that the ports of Felixstowe, Tilbury, and Poland’s Baltic Hub (formerly known as DCT Gdansk), all suffered major IT outages. 

The Windward Ocean Freight Visibility solution initially found that no significant shipment delays occurred in the immediate aftermath as a result of the CrowdStrike update, after reviewing shipments entering these ports from July 19. 

We continue to monitor the situation closely. 

Port Operations’ Digital Backbone 

Modern ports rely heavily on sophisticated IT systems to manage the many activities that occur daily, from cargo handling and storage, to customs processing and vessel traffic management. These systems streamline operations, enhance efficiency, and improve safety. 

But their interconnected nature also makes them susceptible to cyber threats. A single breach can cascade through the network, causing widespread disruption.

Potential Threats to Port Systems

1. System outages and downtime: the Crowdstrike outage has highlighted how even the most robust cybersecurity firms can face unexpected challenges. Ports, with their complex IT infrastructure, are not immune to such risks. A prolonged outage can halt operations, delay shipments, and disrupt the global supply chain.
2. Malware and ransomware: ports are attractive targets for cybercriminals deploying malware and ransomware. These malicious programs can infiltrate systems, encrypt critical data, and demand hefty ransoms. The NotPetya ransomware attack severely impacted ports around the world in 2017.
3. Insider threats: Employees and contractors with access to port systems can pose significant risks. Whether through negligence or malicious intent, insiders can facilitate unauthorized access to sensitive data or sabotage systems.

Ships and Cranes Can be Used for Cyber Attacks

Ships docking at ports present another vector for cyber threats. Vessels with compromised IT systems can serve as entry points for malware, which can then spread to the port’s infrastructure. Also, ships docking for extended periods can be used as bases for launching cyberattacks. Attackers can exploit this time to infiltrate port systems, gather intelligence, and execute coordinated attacks.

Dark Reading, one of the most widely read cybersecurity news sites, noted that ships sending documents to port personnel is also a risk: 

“Ports have no choice but to accept the ships’ documents. Refusal to accept these documents means loss of port revenue and blockages in the smooth flow of the supply chain. Document sending must proceed. But file-borne threats pose a significant challenge for ports. Malware is designed to access or damage a computer without the owner’s knowledge. Hackers embed malicious code into seemingly innocent files. When those files are opened, the malware automatically executes and allows the hackers to gain access to valuable data or cause damage to the maritime industry.” 

The economic and military tension between the U.S. and China also relates to port security, with some in the West fearing Chinese technology and software that is used at U.S. ports. 

Cyber Terrorism and National Security

Ports are critical infrastructure, and their disruption can have far-reaching consequences. Cyber terrorists can target ports to cause economic chaos, disrupt trade routes, and create national security threats. Given the strategic importance of ports, a successful cyberattack can cripple a nation’s logistics and supply chain, impacting everything from food supplies to military readiness.

A CNBC article from the spring notes that the Commander of the U.S. Coast Guard Cyber Command told reporters that 80% of the “ship-to-shore” cranes moving trade at U.S. ports are made in China and use Chinese software. He said that has led to concern that the cranes could be “vulnerable to exploitation” and used in Chinese surveillance. 

Five Ways Ports Can Combat Cybersecurity Threats

How can ports combat these threats? 

1. Advanced monitoring and analytics: implementing advanced monitoring systems that use artificial intelligence and machine learning can help detect unusual patterns and potential threats in real-time, allowing for swift action.
2. Robust cybersecurity measures: ports would be wise to invest in state-of-the-art cybersecurity solutions, including firewalls, intrusion detection systems, and antivirus software. Regular updates and patches are crucial to protect against emerging threats.
3. Incident response plans: ports should have well-defined incident response plans to quickly address and mitigate the impact of outages, like the recent Crowdstrike incident, and cyberattacks. Regular drills and simulations can ensure readiness.
4. Employee training: human error remains a significant vulnerability. Comprehensive training programs can equip staff with the knowledge to recognize and respond to potential cyber threats.
5. Collaboration and information sharing: ports should collaborate with other stakeholders, including shipping companies, cybersecurity firms, and government agencies. Sharing information about threats and vulnerabilities can enhance collective defense mechanisms.

Following cyberattacks or outages, freight forwarders, importers, and exporters require advanced AI technology for exception management, quickly notifying them about disrupted shipments.

The Stakes are High…

The recent Crowdstrike outage is a reminder of the vulnerabilities in our digitized world. For ports, the stakes are particularly high, given their role in global trade and national security. 

By recognizing the potential threats and investing in comprehensive cybersecurity strategies, ports can safeguard their operations against constantly changing cyber threats. A proactive approach to cybersecurity will be essential in maintaining the resilience and integrity of global ports.