An In-Depth Security Assessment of Maritime Container Terminal Software Systems

TL;DR

This paper presents a detailed security assessment of maritime container terminal software, identifying vulnerabilities through collaboration between academia and industry, highlighting risks in critical maritime shipping systems.

Contribution

It provides an in-depth vulnerability analysis of maritime shipping software, a step beyond risk assessments, revealing specific security issues in port control systems.

Findings

Identified multiple security vulnerabilities in maritime software

Highlighted the potential for cyber-attacks disrupting shipping operations

Demonstrated the need for detailed vulnerability assessments in maritime systems

Abstract

Attacks on software systems occur world-wide on a daily basis targeting individuals, corporations, and governments alike. The systems that facilitate maritime shipping are at risk of serious disruptions, and these disruptions can stem from vulnerabilities in the software and processes used in these systems. These vulnerabilities leave such systems open to cyber-attack. Assessments of the security of maritime shipping systems have focused on identifying risks but have not taken the critical (and expensive) next step of actually identifying vulnerabilities present in these systems. While such risk assessments are important, they have not provided the detailed identification of security issues in the systems that control these ports and their terminals. In response, we formed a key collaboration between an experienced academic cybersecurity team and a well-known commercial software provider that manages maritime shipping. We performed an analysis of the information flow involved in the maritime shipping process, and then executed an in-depth vulnerability assessment of the software that manages freight systems. In this paper, we show the flow of information involved in the freight shipping process and explain how we performed the in-depth assessment, summarizing our findings. Like every large software system, maritime shipping systems have vulnerabilities.