Port of Houston Thwarts Cyber Attack

Posted September 30, 2021

How about some good news for a change? There was a cyber attack on the Port of Houston. No, that’s not the good news. The good news is the port was able to thwart the attack. Last week, the port put out a statement:

The Port of Houston Authority (Port Houston) successfully defended itself against a cybersecurity attack in August. Port Houston followed its Facilities Security Plan in doing so, as guided under the Maritime Transportation Security Act (MTSA), and no operational data or systems were impacted as a result.

Cyber Attacks Pervasive in International Shipping

In recent years, cyber attacks have been a major problem for the international shipping industry. The International Maritime Organization (IMO) was hit by cyber attack last year, interrupting service. That came hot on the heals of CMA CGM falling victim to a major cyber attack. When CMA CGM was attacked, it was just the latest in a series of attacks. CMA CGM’s attack made it so all four of the world’s largest ocean carriers had fallen victim to the crime.

Attacks on major carriers can mean much more than disruption to their voyage schedules or danger to the security of their customers’ sensitive information. When Maersk was hit by a major cyber attack in 2017, it caused the company to have to close down terminals it operated at the Ports of New York, New Jersey, and Los Angeles while Maersk was working to get its systems back under control.

There’s no need to tell shippers how bad interruption at the ports can be when we’ve spent the last year dealing with severe and costly congestion at U.S. ports, and the Ports of Los Angeles and Long Beach in particular. That’s why it’s such great news that the Port of Houston was successfully able to defend against this recent cyber attack.

Cyber Attack Defenses Improving?

With businesses becoming more and more dependent on technology, cyber attack has become more and more common, and probably more sophisticated too. Of course, that means defenses against it should also be getting better and better.

This story may be a good sign that the international shipping industry is getting better against cyber attacks. I regularly monitor international shipping news stories, and it’s been about a year since there was a major story about a cyber attack disrupting the industry (unless you count the Colonial Pipeline cyber attack that happened in April of this year and had a tangential effect, negatively impacting oil/gas prices and even availability in some parts of the U.S.). After serious cyber attack stories had been so prevalent, that the first story about a cyber attack hitting international shipping in about a year is a story about a cyber attack being defeated suggests, though doesn’t prove, gains are happening in cyber defense.

Attacks and defenses on the technology front can be studied and learned from. When something like the Port of Houston successfully stops a cyber attack, strategies can certainly be applied to sectors beyond transportation. In an American Shipper article about the Port of Houston thwarting this cyber attack, Noi Mahoney reports:

Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency, told a Senate committee on Thursday that hackers had targeted the Texas port.
“We worked with the U.S. Coast Guard on a vulnerability at the Port of Houston and found out about this hack [involving a password-management program],” Easterly said during the “National Cybersecurity Strategy: Protection of Federal and Critical Infrastructure Systems” Senate committee hearing.
“We work with our FBI partners and our Coast Guard partners to better understand that vulnerability and then to be able to get that information out to see whether in fact we saw the same vulnerability across the federal cyber ecosystem and in our critical infrastructure partners.”

Shippers should also be looking at their operations for cyber attack weaknesses and ways to protect themselves against cyber criminals.

Port of Houston’s Chief Information Security Officer Recognized

Worth sharing from Mahoney’s article is that the Port of Houston – particularly, its chief information security officer, Chris Wolski – received recognition for the cybersecurity work that resulted in thwarting this attack:

The U.S. Coast Guard attended a Port of Houston commission meeting Tuesday and presented an award of merit to Chris Wolski, Port Houston’s chief information security officer, for “his actions and continued diligence, expertise and contributions concerning protecting Port Houston and the Houston Ship Channel overall on matters related to cybersecurity,” according to officials.

Congratulations, Mr. Wolski! The honor seems well deserved.

cyber attack, cybersecurity, Port of Houston

Jared Vineyard

For more than ten years, Jared has researched and written about the international shipping industry for the freight forwarder Universal Cargo. His work has been republished on the web and in print, including the maritime news magazine Inside Marine. When first joining Universal Cargo, Jared trained in the freight forwarding process and helped customers with their imports and exports, giving him his initial international shipping sea legs.