SECTION II:  CYBER TERRORISM AND SECURITY IMPLICATION FOR CRITICAL INFRASTRUCTURE PROTECTION

        and removed a shipping container before it had been controlled by the port authorities. The case,
        of course, was not isolated, but when the investigative authorities managed to identify the crime,
        the investigative action contributed to seizing a record eight tonnes of cocaine with a street retail
        price of EUR 500 million which had been hidden in a container full of bananas from Ecuador.

        This attack was carried out using the method of social engineering and a malicious program
        sent via email. While in this particular case the intrusion was detected and certain countermea-
        sures were applied by the port authorities, they were unable to contain another intrusion where
        specific hardware (mini-computers hidden inside distribution power cords and external com-
        puter data storage) and recording components mounted on a computer keyboard were used.

        4.2 Infection of Software Leads to a Complete Shutdown of Port Operations

        At the end of June 2017, the Petya virus, which spread through the internet, affected computers
        in more than 65 countries. The Ukrainian computer virus quickly disrupted various computer
        systems and did not spare even the largest companies such as the Danish shipwright Maersk,
        which was crippled by the virus for a few days. Maersk’s downturn of several days caused
        damages of approximately $300 million. Although Petya was not a blackmail virus, it caused
        enormous damage as it was intended to erase data and disable the operation of various systems.

        4.3 Infection of System Software Causes Interference with Port Operations

        System software designed to carry out port operations can be destroyed by a malware infec-
        tion from the web which hacks into the most secured parts of computer memory, including its
        hardware, in the most cunning of ways. By taking full control of the system, it is possible to
        intercept all communications of its users over wired (Ethernet) and wireless networks (WiFi,
        UMTS, GPRS, Bluetooth etc.), and even carry out legally binding actions in their names, such
        as transfers of funds or entering into credit agreements through e-banking services or, last but
        not least, impeding port activities and even causing a work accident in the port.


        5  Cyber Security Challenges


        Based on various studies, it can be concluded that, in addition to physical damage insurance,
        the main challenges when trying to ensure the cyber security of ports are the following:
        -  Poor awareness and skills with regard to maritime information and cyber security,
        -  Lack of financial and other resources (e.g. cybersecurity experts) to ensure information
           security,
        -  The technical complexity of the port ecosystem,
        -  Finding the right balance between business efficiency and cyber security,
        -  The existence of outdated and vulnerable information systems,
        -  A lack of a regulatory framework for cybersecurity implementation,
        -  The interconnection of information technology (IT) and operational technology (OT),
        -  Security risks in the supply chain (lack of certificates, remote access of the supplier to
           the port, etc.),
        -  The heterogeneity of networks/systems,
        -  The involvement of all stakeholders in the provision of port cybersecurity,
        -  Cybersecurity does not keep pace with technological advances or developments and the
           emergence of new challenges related to the digital transformation of ports, etc.

       168