Port of Houston Cyber-Attack--A Reminder of Risks Close to Home!
CNN reported on September 23, 2021 that the Port of Houston was subjected to a cyber-attack in August 2021 that, left unaddressed, would have provided unrestricted remote access to the Port’s information technology (“IT”) network. This attack was confirmed by the Port itself and by U.S. Cybersecurity and Infrastructure Security Agency (“CISA”) Director Jen Easterly during testimony to Congress on September 23rd. Easterly noted a nation-state actor was likely responsible, but attribution could not yet be confirmed. The attack appears to be related to a vulnerability exploit described by CISA in a September 16, 2021 Alert through the National Cyber Awareness System. CISA described the exploit as posing “a serious risk to critical infrastructure companies,” among others. Fortunately, the attack appears to have had a minimal impact on the IT network and does not appear to have affected any operational technology (“OT”). Federal regulators, the Surface Transportation Board, and the Coast Guard, are monitoring these developments and further Security Directives are expected.
The operating systems of pipelines in the Houston Ship Channel could have been disrupted and more frequent, more severe attacks are possible in the future, not only at the Port of Houston, but at maritime ports throughout the world. Case in point, on October 11, 2021 the Microsoft Threat Intelligence Center reported that it has observed extensive password spraying attacks through Office 365 accounts against ports of entry in the Persian Gulf and global maritime transportation companies. Microsoft has assessed these attacks to be in support of the interests of, and likely supported by, a nation state actor.
The shared interests and vulnerabilities of the maritime and pipeline industries are a given, and the Atlantic Council think tank released a report on October 4, 2021 that advocates for increased cooperation on maritime security, based in part on a 400% increase in cyberattacks against the maritime transit system in 2020 alone. Emerging evidence of the rapidly increasing threat comes on the heels of the seminal bipartisan U.S. Cyberspace Solarium Commission March 2020 Report, co-chaired by Senator Angus King (I-Maine) and Congressman Michael Gallagher (R-Wisconsin), which issued a set of recommendations aimed at reducing risks in the weakest links of U.S. cybersecurity. Arguably, the Transportation Security Administration’s (“TSA”) delay in transitioning from voluntary guidelines to mandatory cybersecurity directives for the pipeline industry until August 2021 implies that TSA anticipated the oil and gas pipeline sector, along with the maritime sector, have plenty of room for improvement and would need that time to modernize their systems.
The International Pipeline Resilience Organization (“IPRO”) works to strengthen the cybersecurity resilience of all pipelines to ensure no single pipeline is left more vulnerable (and therefore becomes a more attractive target) because its cybersecurity posture lags behind that of the industry as a whole. IPRO, a non-profit run by its membership, can provide on-the-ground assessments of individual pipeline systems and is developing industry standards and controls to ensure pipeline systems meet national standards and implement recommended state-of-the art controls for their industrial control systems.
If you work for a pipeline and are interested in seeing how involvement in IPRO can benefit your organization, please reach out to our Leadership team.
