Sept. 25, 2018: Port of San Diego Cybersecurity Attack



The global maritime industry is under attack from different threat vectors with varying interests. From state agents, hacktivists, and foreign entities, no company is safe. Over the years, reports citing cyber invasions have come from Hong Kong-based shipping brokers Anglo-Eastern, Maersk in Copenhagen, and ports in Barcelona and mainland USA.

Attacks on ports, in particular, are growing in number as evidenced in 2018, when there were three attacks within a two month period on the Ports of Barcelona, San Diego, and Long Beach. In fact, the attacks on the Port of Barcelona in Spain and the US west coast San Diego Port were barely a week apart. Despite the similarities in the Port of Barcelona attack and the Port of San Diego cybersecurity attack it has never been established if the threat came from the same source.

Increasing cybersecurity attacks on the Maritime industry

A closer look into this worrying trend shows that ports are becoming frequent targets in part because of their widespread adoption of new technologies.

Established in 1962, the Port of San Diego has not shied away from the integration of IT systems which has made it an opportune target. The city’s Chief Information Security Officer confirmed that each day there are at least 1 million automated attacks on the city’s computer networks.

Prior to the September 25th, 2018 attack, foreign agents had attempted to disrupt systems during the city’s Major League Baseball All-Star Game in 2016. Fortunately, the attempt failed but it highlighted the need for stronger security systems.

Nature of the Port of San Diego cybersecurity attack

In September 2018, threat vectors were able to penetrate computer systems at the Port of San Diego in what was later described as a ransomware attack.

The details of the intrusion were not made public. Consequently, we do not have information as to whether or not any databases were copied or files encrypted.

What we do know about the incident comes from a statement released by Port of San Diego CEO Randa Coniglio, “It is important to note that this is mainly an administrative issue and normal Port operations are continuing as usual. The port remains open, public safety operations are ongoing, and ships and boats continue to access the Bay without impacts from the cybersecurity incident. While some of the port’s information technology systems were compromised by the attack, port staff also proactively shut down other systems out of an abundance of caution.

The hackers demanded bitcoin as ransom. The amount was never disclosed to the public and neither was information pertaining to the Port making any payments.

In addition, the Port’s engaged the services of the Federal Bureau of Investigation (FBI) and the Department of Homeland Security (DHS) as this was seen as an inland security issue.

What can Maritime companies and ports do to stay safe?

As maritime companies continue to grow and integrate more technology into their operations there is a need for safer and more secure cybersecurity solutions. Cybeta provides next-generation pre-emptive cyber threat protection for the Maritime industry. Our innovative solutions can be used in conjunction with your existing security strategy to provide comprehensive protection geared at detecting, preventing, and mitigating risks.

Cybeta – helping Maritime firms stay safe and secure

How does Cybeta help you? By offering time-tested solutions that help patch up vulnerabilities and puts you on the defensive, you can face the future confidently. Our insurance cover, for example, is foundational because it recognizes that threats are real and hence provides you with the necessary cover in the event of such misfortunes. Contact us for tailored solutions for your business.