Aiming to pre-empt a cyberattack that could cripple shipping traffic to Hawaii, the major players in the port of Honolulu joined in a first-of-its-kind exercise Wednesday to examine weaknesses in their computer networks.
The Coast Guard-sponsored event saw maritime industry computer professionals working to fend off a virtual large-scale coordinated cyberattack at the University of Hawaii at Manoa.
"It would cost billions if we don’t provide cybersecurity to our ports," said Charles Barclay, co-chairman of Hawaii’s Area Maritime Security Committee. "The state is so dependent on the port of Honolulu — it’s absolutely critical that our port stays operational."
|
SIMULATED ATTACK
A two-day maritime cybersecurity exercise, hosted by the U.S. Coast Guard, the University of Hawaii and Hawaii’s Area Maritime Security Committee, will utilize the university’s Cyber Range, a group of servers and routers that combine in a virtual network allowing for testing and training against cyberattacks.
PARTICIPANTS
Attendees include the major players in the port of Honolulu, including representatives from shippers such as Matson, Horizon and Young Bros.
|
With more than 14 million tons of cargo passing through Honolulu each year, the port is America’s 39th largest by cargo volume, according to data from the American Association of Port Authorities. Some 98 percent of Hawaii’s goods pass through Hawaii ports, most of which go through Honolulu Harbor.
More than 120 people were scheduled to attend the two-day exercise, including representatives from shippers such as Matson, Horizon and Young Bros. The event is utilizing the university’s Cyber Range, a collection of high-tech computer equipment that is combined in a virtual network allowing for testing and training against cyberattacks.
Red Team attackers and Blue Team defenders set up in UH’s Campus Center Ballroom on Wednesday and will continue the virtual battle Thursday, followed by a half-day tabletop discussion and assessment for top industry executives.
Officials said the event — a year and a half in the making — is the first time a U.S. port had come under such intense scrutiny involving a simulated cyberattack.
"We prepare for hurricanes. We prepare for tsunamis. We prepare for other events that can impact our port," said Capt. Shannon Gilreath, Honolulu Sector commander. "This is a chance to prepare for a cyberattack and practice how we are going to respond before it actually happens."
Other U.S. ports have held similar tabletop exercises, Gilreath said, but this is the first time one has come under virtual cyberattack as part of the event.
Traveling from Washington, D.C., to observe were representatives from the Department of Homeland Security, the Transportation Security Administration, Federal Bureau of Investigation and the Department of Defense.
A group of industry information technology pros huddled around a table of computers Wednesday, fending off attacks that included defacing Web pages and changing databases. The attackers were also stealing personnel data, including 200 fictional names and their Social Security numbers.
The virtual system also contained information on 140 people previously terminated from a virtual company but who have open accounts.
On Thursday, officials will assess what happened during the cyberattack and discuss system vulnerabilities.
Barclay, a former state Harbors Division official and Kewalo Basin Harbor manager, said the exercise is vital to safeguard Hawaii’s major port and its economy against a growing worldwide problem.
It’s been estimated that the shipping industry is 10 to 20 years behind other sectors in the area of cybersecurity, Barclay said, and cyber-mischief could be plaguing Hawaii companies without them even knowing it.
At the port of Antwerp, Belgium, for example, organized crime redirected shipping containers for the trafficking of cocaine and heroin for 2 1⁄2 years, wiping out computerized shipment records without anyone discovering it, Barclay said.
Last year off the east coast of Africa, cyber "hacktavists" tilted and destabilized an offshore oil rig, he said, and another rig was shut down through malware.
In late 2013 in Honolulu, a boat parts and supply company lost an entire 40-foot container after it was mysteriously shipped elsewhere. Barclay said authorities never figured out why it was misdirected.
Maritime officials said the ports are particularly vulnerable because they use computers and the Web to track ships, containers, automated cranes and business issues.
"And if the port of Honolulu shuts down, there’s the domino effect to Maui, the Big Island and to Kauai," said Scott Carr, Coast Guard public affairs officer.
John Felker of Hewlett-Packard, a former deputy commander of the Coast Guard Cyber Command, called the exercise "a great first step" toward increased cybersecurity.
Hawaii’s economy is at stake if shipping were to be disrupted for any length of time, Felker said, adding that a 2012 strike at the ports of Los Angeles and Long Beach crippled the nation’s largest port complex, affecting more than $1 billion of cargo a day.
Carr said the Coast Guard is responsible for making the port of Honolulu safe and secure.
"Helping (our industry partners) understand how to protect their own networks benefits them, but at the same time it benefits the federal government and the American citizen, who relies on the goods that come out of the port," he said.
