This chapter presents a case study of automated maritime container terminals (CTs). It has the aim of demonstrating that the risks derived from the use of technology associated with the Fourth Industrial Revolution (4IR) are both real and dangerous. The work explains the critical function of CTs in the global supply chain and outlines the economic and social consequences that could result if their operations were to be disrupted. The motivations of a range of threat-actors are presented, and it is established that there are feasible scenarios in which any one of the major threat-actor categories may wish to cause disruption at CTs. The vulnerabilities of yard cranes are investigated, and it is concluded that there are likely to be exploitable vulnerabilities in the industrial control system (ICS) networks used on these cranes. The chapter argues that many CT operations are likely to be exposed to significant cyber-based risks and that this exposure will increase with the roll-out of further 4IR technologies unless appropriate control measures are implemented.
TopIntroduction
Automated Maritime Container Terminals (CTs) have employed several of the technologies that are central to the concept of the Fourth Industrial Revolution (4IR) (Schwab, 2016) for some time. They fuse multiple data streams, they rely on advanced cyber-physical systems to handle freight and they use centralized planning tools to coordinate activity. The most recent developments at CTs in Malaysia and Singapore also include the use of Artificial Intelligence (AI) to allow selection of suspect containers for detailed security checks (Economist Intelligence Unit, 2015). The diversity and high degree of interconnectedness of Information Communications Technology (ICT) at CTs means that they present an informative case study for researchers aiming to investigate information security in the nascent stages of 4IR.
World Maritime News reports that approximately 30 CTs globally are classed as being automated (World Maritime News, 2016). This is a small proportion of the total number of roughly
2 000. However, the terminals that are automated tend to be large operations and play pivotal roles in the global CT network. Examples include Hong Kong International Terminal 6, Xiamen Yuanhai CT in China, and several of the terminals at the port of Rotterdam. The number of automated terminals continues to grow as terminal operators upgrade manual operations to streamline and compete with their rivals (Technavio, 2017).
The role of CTs is to enable the transition of freight from sea-borne to over-land modes of transport as goods move from their point of production to the point of consumption. All containerized freight moved by sea will be handled by at least 2 CTs in the course of its transit. The quantity of goods moved by sea is staggering and it was estimated that it amounted to 9.6 billion tonnes in 2013 (The Baltic Exchange, 2016). These figures saw a 200% increase in the two decades preceding 2014 (United Nations Conference on Trade and Development, 2014). The driver of this sustained increase has been the increasingly interconnected nature of the global economy and global economic development.
From these descriptions, it should be clear that disruption to one or more large CTs could quickly impact global supply chains and lead to economic losses for freight companies, CT operators and all of the companies that rely on dependable freight services as part of their business model. National and supra-national institutions have recognized that supply chain disruption poses a systemic risk to global trade and growth (Centre for the Protection of National Infrastructure, 2015; World Economic Forum/Accenture, 2013) and have called for improvements in resilience where possible. Ensuring resilience at CTs involves, among other things, controlling the cyber-risks that are introduced via networked technologies (Kramek, 2013).
This chapter will explore the nature of the cyber-risks to which CTs are exposed and conclude that the risks are indeed real and dangerous. This exploration takes the form of answering the following questions: