Over the past week, as tensions in the Persian Gulf increased between the United States and Iranian fleets, Iran reported that its seaports in the region of Bander Abbas came under a cyber-attack, which caused the Shahid Rajaee port to be shut down for several days. Later reports in the United States attributed the attack to Israel.
It was a series of several cyberattacks that began early this year and culminated in the latest assault.
The cyberattack on the Iranian port is not the first of its kind and will probably not be the last. A cyberattack on a port and the ability to disable or disrupt a port's activity is not complicated.
How is a cyberattack on a port carried out, and how can a port be disrupted for days?
Iran's Terminal Operating System
Seaports operate many computerized systems for port management, loading and unloading of containers and cargo from vessels, shipping and storage at the port, customs payments, maritime control and control systems, customer relationship data systems, physical security systems, and more.
The central port system is the Terminal Operating System (TOS), which allows control and management of the entire port.
This system includes various port management functions, including vessel loading programs (loading and unloading of container vessels), crane control, container storage in the port storage area, controlling trucks, and transportation of the in-port containers to and from the customers.
This system has many interfaces for shipping companies, customers, customs, and more.
Shahid Rajaee Port installed a TOS port management system in 2007. The TOS system was installed at the port by Overseas Port Management (S) Pte. Ltd. (OPM) Singapore.
In 2009, the system was upgraded by a local Iranian company, Kaveh, to an advanced system that includes electronic payment capabilities and management of all port systems.
How to attack a TOS system
On the one hand, a cyber-attack on the TOS system enables collection of intelligence on the port's customers and the movement of containers in it (including specific container tracking), and on the other hand allows for complete disabling of port operations, from the loading of goods and containers on vessels to the transshipment and entry of cargo to and from the port.
The TOS system can be attacked via the cyber domain to disable the port in two vectors. The first cyber-attack vector is through a direct attack of the system over the Internet. Such an attack is expected to be relatively complex based on the assumption that information security systems protect the TOS.
The second attack vector is through a supply chain attack, which means an attack on one of the system interfaces, such as a cyber-attack on the Iranian software company Kaveh, followed by an attack on the Iranian port. Another cyber-attack option is to attack other companies, customers, or affiliates that have an interface to the TOS system.
The supply chain attack allows the information security systems to be circumvented, and the TOS system to be attacked through its interfaces.