With fifty percent of U.S. imports travelling by sea, ensuring that ships have a secure place to dock poses a challenge to American law enforcement. With such a heavy economic importance placed on U.S. ports, they have become a target for those wishing to inflict harm on the United States.
From a global economic perspective, the importance of ports cannot be overstated. Approximately 90 percent of international trade is based on maritime shipping. And domestically, business that utilized waterways contributed $4.6 trillion to the U.S. economy in 2014. The sheer volume of goods that pass through ports everyday means that any damage done to ports would have a profound impact throughout the entire economy. Henry Willis, director of the Homeland Security and Defense Center at the RAND Corporation, told The Cipher Brief, “the economic importance and visibility of ports make port infrastructure and operations attractive terrorism targets.” As a result there is a strong incentive to keep ports physically secure, both in the United States and elsewhere.
While physical threats have been the traditional focus of port security efforts, the emerging cyber-threat has also become an important factor in keeping ports operational. Maritime shipping has become extremely dependent upon industrial control systems, GPS navigation, and other computer systems in order to function effectively. As a result, ports have become increasingly vulnerable to cyber threats. However, the threat is not limited to the kind of data theft that characterizes most network breaches. For example, Jayson Ahern, a principle at the Chertoff Group, told The Cipher Brief that “Somali pirates have used open source information found online to target valuable cargoes” and that “a seven-hour GPS signal disruption that shut down operations of a major U.S. port in 2014.” Essentially, ports represent a nexus point where cyber-issues have real and immediate impacts on physical security, for both people and cargo. Additionally, the costs imposed by disruptions at major ports can be enormous, which compounds the costs already incurred by the hack itself.
Fortunately, governments are aware of the physical and cyber threats to ports, and have taken steps to mitigate them. The Safe Port Act of 2006 was meant to keep maritime transportation infrastructure safe, and to a large extent, it has succeeded. Additional initiatives, such as the Container Security Initiative, the Port Security Grant Program, and the Customs-Trade Partnership Against Terrorism have served to further increase the physical security of ports in the U.S. On the cyber-side, the majority of the responsibility appears to have fallen upon the Coast Guard. The Coast Guard’s Grand Cyber Strategy is the blueprint that is guiding efforts to make ports as secure from cyber-attacks as they are from conventional, kinetic attacks.
While ports are certainly safer with these programs than they would be without them, the risk of a significant attack upon a major port remains. Efforts are ongoing to secure ports and ensure that maritime trade can continue unabated. However, the symbolic and economic value of ports will remain, and as such, they will always be targets.
Luke Penn-Hall is the Cyber and Technology Producer with The Cipher Brief.