Experts question risks of offshoring automated terminal operations
Zoe Reynolds, correspondent
A new trend to control automated ports remotely is predicted to rise. The Australian parliament and cyber-security experts question the risks of offshoring automated terminal operations
Everything was at a standstill at Webb Dock container terminal, Melbourne, on 5 June 2019. The white robotic cranes that glide gracefully back and forth between the trucks and mountains of containers stood motionless. Giant ship-to-shore cranes that pluck the boxes on and off vessels – lifeless. Australia’s first fully automatic container terminal was temporarily paralysed.
“Victoria International Container Terminal [VICT] experienced an outage this morning, which affected both land-side and vessel operations. The reason for the outage was due to a system communication error between the job scheduling system and VICT’s cranes,” the company announced to its clients in a notice circulated by the Freight and Trade Alliance that day.
Whether it was a glitch in the computer network or something more sinister disrupting the Cloud connection that spans 6,339 km between Manila and Melbourne that winter’s morning, the company spokesperson declined to comment. The incident, however, highlights the potential security issues and technical glitches that could occur at remotely controlled ports.
VICT, a wholly owned subsidiary of International Container Terminal Services, Inc (ICTSI) of the Philippines, is pushing the boundaries of remote-control port operations. Its workers eyeing computer screens in the offices of the ICTSI subsidiary, Australian Pacific Business Services (APBS) Inc in Manila, who programme container movements like virtual lego pieces on the Melbourne wharves.
Just up the road from the docks at Five E-Com Center, Harbour Drive, Pasay, the “Manila team” as they are known by VICT management, cover equipment control operations from the automatic security gate to the Melbourne fleet of automatic stacking cranes using the latest digital terminal operating systems and video feeds via the Cloud (satellite and internet). The workers in Manila communicate with the Australian dock workers and truck drivers day and night.
ICTSI, which operates 32 terminals in 19 countries, launched its shared services subsidiary APBS in December 2015. This information was posted on the company website, until recently, and covered by the Manila press. The company described the business as an outsourcing operation for its subsidiaries and affiliates in the Asia-Pacific region and other clients. It won the contract as Melbourne’s third operator in 2014. With the rise of automated ports, artificial intelligence and remotely controlled ‘tele-robotics’ able to pilot machines from afar, other port operators will likely follow suit.
It is ICTSI’s Manila team who the Australian truck driver talks with after they position the truck’s backside under a beam of light and steps back into the booth to let the robot crane do the lift or drop. Melbourne Equipment Control (EC) roles done in Manila now also cover yard planning, clerical work, the help desk, vessel planning, and “overflow landslide EC work” for the yard cranes, according to workers at the terminal.
So how far can remote control of container terminals go and what are the risks? Could a company’s global container terminal operations around the world be operated from one central control tower remotely? Could China monitor and control its 40–50 terminals dotted along its new maritime Silk Road spanning the Middle East, Europe, South America, Africa, Asia, and Australia from a central operations tower in Beijing or Hong Kong?
A leading terminal operating system company is advertising its software, allowing stevedores “to run their operations, from a single terminal to multiple terminals across multiple geographic locations, all within a single instance”. A terminal in Norway has begun offshoring equipment control jobs to Turkey, according to the International Transport Workers’ Federation.
In Melbourne, workers still operate the remote-control ship-to-shore cranes from inside the terminal, despite earlier signs it too would be moved offshore.
Satellite and internet connections suffer time lags, making the offshoring of time-critical operations fraught, according to Fredrik Johanson, general manager of marketing and sales, ABB Crane Systems. “But with the introduction of artificial intelligence, that too will change and there will be no limit to how remote remote-controlled operations can be,” he envisaged, speaking in 2015.
While advances in technology have occurred since Johanson made those comments, offshoring port operations has rung alarm bells among cyber-security experts. Questions have also been raised in the Australian parliament.
Speaking to the Senate estimates committee on 21 October, senator Kimberley Kitching questioned Home Affairs deputy secretary, security and resilience, Paul Grigson, on whether the security gates, automatic stacking cranes, and terminal operating systems were being offshored to Manila. She also asked whether Philippine workers had to undergo any of the security checks like Australian workers do. Grigson said he did not know and took all questions on notice.
Kitching also raised the question of security gate breaches at VICT. “If you’re a truck driver you show up at the port of Melbourne and your entire interaction would be [with] someone who is in Manila, the Philippines, correct? I guess the question is, without physical verification, what is to stop multiple drivers from using the same card? Theoretically could someone in Manila remotely open a security gate without a security card?” she asked. Kitching further queried whether someone who had not had to go through any level of security screening might be let into a major Australian port, or if Home Affairs had done an audit of the port of Melbourne.
“We do the audits, but I don’t know if we have done that asset,” Grigson replied, undertaking to find out. Three Australian cyber-security experts contacted by SAS have called for greater government oversight and port audits. Lani Refiti, partner, Cyber Risk Advisory Practice, Deloitte Australia, has advised some of the world’s largest mining operations and port providers on automation and cyber security.
Cyber risks are heightened at ports as they become more automated and operations are offshored because the threat of supply chain risk and third-party risk increases, Refiti said. The port of Melbourne is covered by the Critical Infrastructure Act, which requires registered ownership and operational information, he added. “There needs to be assurance/validation performed and continuous cyber-security governance. Ports should look to adhere to some industry best practice framework,” said Refiti. This is important when considering that offshoring is now well advanced globally, according to Refiti. “I think that is where the world is headed,” he said. “It can be more efficient and cost-effective. It’s just the risk profile is higher.”
Refiti recommends governments get an external party to test the security controls, examine the company’s contractual obligations with third parties, and find out exactly what is happening and where risks might lie. Further, individual tenants should have to tell the port if they offshored, he said. “You shouldn’t do anything of this magnitude without the port knowing,” he added.
Under the Security of Critical Infrastructure Act 2018, ports are required to report information on who is operating an asset or part of an asset to the Register of Critical Infrastructure Assets, the Australian Department of Home Affairs told SAS. Questioned about the wisdom of multinational corporations having offshore control and management of a nation’s critical infrastructure, Refiti said it would be scandalous if governments were looking the other way.
ICTSI/VICT declined to comment on this issue when contacted by the writer on several occasions. However, it is making efforts to improve the security of the automated port. On 19 November the company announced updates to its cyber-security protections; it was deploying BlackBerry Cylance technology across its global network.
“Economies never sleep – and neither do hackers,” stated Brian Hibbert, ICTSI chief information officer. “Cyber security is our priority at ICTSI, and why we need equally sophisticated, AI-driven technology like BlackBerry Cylance to protect our assets.”
Ports are upping their game to avoid the disruption and major costs that can result from a cyber attack. Evan Davidson, vice-president of sales at BlackBerry Cylance APAC, cited the Cambridge Centre for Risk Studies/Lloyds estimate that “a cyber attack on Asian ports via shipping could cost as much as USD110 billion – half the total global loss from natural catastrophes in 2018”. He acknowledged ICTSI needed to increase its cyber maturity. “They [ICTSI] were running three versions of cyber software and did not have the critical intervention they required,” he told SAS.
Davidson declined to comment on whether ICTSI had suffered cyber attacks in the past. However, he asserted the CylancePROTECT is a software that uses AI and machine learning algorithms to “detect, prevent, and contain existing and new malware will prevent threats”, he said.
“No company can claim that their security products can 100% protect from all information security threats. The use of AI cyber-security solutions is also not a silver bullet, however, it has been proven by independent assessors to be 99.1% effective at predicting and preventing cyber attacks on the end point,” he said, citing studies that show the software has a predictive advantage of up to 33 months.
“BlackBerry Cylance is a cyber-security tool and a good one at that, but they can’t guarantee against all attacks,” Refiti said, stating that most security breaches were down to human error and interaction such as security tools misconfigured or being under utilised.
“AI [cyber security] won’t work by itself,” he explained. “It can become a danger because people get a false sense of security. Technology like this helps, but it’s useless if not used properly,” he said. It would not, for example, stop a denial of service attack – a cyber attack meant to shutdown a machine or network and make it inaccessible to the intended users. “If you deny a third-party service provider access to the Port IT systems to monitor and manage then it’s probably a bigger risk than stealing data,” he said.
Like Refiti, Australian strategist air vice-marshal John Blackburn RAAF (retired), a former head of strategic policy for defence, described offshoring critical infrastructure as fraught with danger. “Are the assumptions being made through the lens of a business, not national security?” he asked. “We need a scenario-based approach – the sort of work I did with the military. Is there an adversary who wants to bring the system down?”
Blackburn questioned whether the Australian government had completed the risk analysis. “If anything becomes automated, offshored, providing services to god knows who, what are the risks?” he asked. While he acknowledged the myriad benefits of automation, he stressed it should not be left to commercial interests, predicting that it is a policy issue that “will come back to bite us eventually”,
Blackburn also warned of the risk of foreign governments gathering intelligence through ownership or control of national assets and called for an audit of critical infrastructure. Associate professor Carsten Rudolph of cyber security, School of Information Technology, Monash University, went further; remote-control systems could create targets for warfare, he cautioned.
“Sensors and camera feeds can be hacked and manipulated so the view you get is deliberately not showing what is happening,” he said, pointing to the 2008 cyber attack that set an oil pipeline in Turkey on fire. Rudolph stressed no single security control, not even advanced cyber-security tools such as CylanceProtect, could guarantee security.
“A system-wide view is required,” he said. “We’re quite bad at building secure systems. Risk analysis should be undertaken before systems are put in place. From the security side we need to rate the risks of moving jobs to cheaper countries.”
It isn’t just cyber-security experts that have aired their concerns, but industry experts too. Peter van Duyn is a maritime logistics expert at the Institute for Supply Chain and Logistics, Deakin University, director of the International Cargo Handling Coordination Association and a former manager at Australia’s Patrick terminals, which pioneered port automation in Australia. “Much of the work can be done from a control tower anywhere,” he said. “But we still need people on the ground, even with an automated terminal, so they can work together, especially if there are any issues.”
Impact on shipping
“Globalisation is happening and will no doubt continue,” said van Duyn. “But Maersk is a bit of a warning. If the whole country comes to halt because of something like this, it might be a wake-up call.”
In June 2017 Maersk AP Moller shipping and port global empire became collateral damage in Russia’s cyber war on the Ukraine. It just took one finance executive at the company’s Odessa terminal in the Black Sea to load a popular accounting software program onto a single computer to wipe all data from the company’s global network. Terminals spanning 76 ports around the globe were crippled – and it was the automated terminals that were the hardest hit. Such was the scale of the malware breach, even books have been written about it.
Writer Andy Greenberg describes comatosed container terminals from Long Beach, Los Angeles, to Rotterdam, Europe, in his book Sandworm. Computer systems crashed, quay cranes froze, gates jammed shut, and tens of thousands of trucks queued, 800 ships lay dead in the water. Shipping was impacted as manifests and other digital data disappeared. Maersk container vessels, representing close to a fifth of the world trade, bobbed at sea unable to gain entry to ports.
The company was really lucky that it was able to reboot after just a week or two. Ghana, Africa, suffered a power blackout disconnecting the local Maersk AP Moller terminal computers from the global network, the day of the security breach, Greenberg wrote. The one lone surviving domain controller was flown in and hand delivered to a team of around 200 Deloitte IT experts working round the clock with 400 Maersk staff in the company’s Maidenhead UK headquarters.
“After the first day, Maersk’s port operations had regained the ability to read the ships’ inventory files, so operators were no longer blind to the contents of the hulking, 18,000 [teu] vessels arriving in their harbours,” Greenberg wrote.
More recent cyber attacks included Long Beach and San Diego, USA; Port of Barcelona, Spain; and Australia’s defence shipbuilder Austal in Perth. “Increased automation and the decrease of manual intervention in the maritime industry provides fertile ground for security breaches,” Dr Indra Vonck, port expert, Deloitte, wrote for the Baltic Ports Organisation in 2017. “Cyber security on ships and in ports now becomes of paramount importance, since the economic impact on the shipping industry and port operations is huge,” he warned.
The Port of Melbourne was audited on 5 December 2017 and will be audited again this financial year, according to the Australian Department of Home Affairs. The Melbourne port and VICT operate in accordance with maritime security plans approved by the Department of Home Affairs under the Maritime Transport and Offshore Facilities Act 2003. Due to privacy and security reasons, the audit outcomes and contents of the security plans may not be publicly disclosed.