As the fourth-largest city in the US, Houston’s bustling port is the Number 1 U.S. port in terms of foreign waterborne tonnage. A slow-moving Buffalo Bayou meets Galveston Bay and forms the channel that allows giant tankers to float from the Gulf of Mexico to a “25-mile-long complex of nearly 200 private and public industrial terminals.” A fast-moving cyberattack struck the Port of Houston this August.
Considering the cyberattack, Ron Bradley, Vice President, Shared Assessments, praises the Port of Houston for “knowing their ports and protocols.”
Bradley continues, “What holds true in shipping ports also holds true in network ports which are similar in a certain sense. In shipping ports, the protocol (via the manifest) is to understand which ships are coming into the port and what is contained within the shipment. The same holds true for networking ports and protocols. Companies must be diligent about continuously scanning open ports from the outside of their network and ensuring no unauthorized ports are accessible.”
The Port of Houston Cyberattack
CNN described the cyber incident at the Port of Houston as, “An example of the interest that foreign spies have in surveilling key US maritime ports, and it comes as US officials are trying to fortify critical infrastructure from such intrusions.”
The Port of Houston attack triggered a Cybersecurity Advisory issued by the Federal Bureau of Investigation (FBI), United States Coast Guard Cyber Command (CGCYBER), and the Cybersecurity and Infrastructure Security Agency (CISA) to alert organizations on bad actors attempting to exploit a newly discovered vulnerability in ManageEngine ADSelfService Plus, a password management service.
Critical Infrastructure Cyberattack
The Port of Houston’s footprint in the American economy is indeed critical. The port provides 1.35 million jobs in Texas and 3.2 million jobs nationwide. The port is the hub of economic activity totaling $339 billion in Texas (20.6% of Texas’ total gross domestic product (GDP)). Finally, the port has a total of $801.9 billion in economic impact across the nation.
Cyberattack Successfully Thwarted
“If the compromise had not been detected, the attacker would have had unrestricted remote access to the network…with this unrestricted access, the attacker would have had numerous options to deliver further effects that could impact port operations” reads the US Coast Guard Cyber Command’s report.
“(Port Houston) successfully defended itself against a cybersecurity attack in August, “says a statement from the Port of Houston. “Port Houston followed its Facilities Security Plan in doing so, as guided under the Maritime Transportation Security Act (MTSA), and no operational data or systems were impacted as a result.”
The Port of Houston responded to the cyberattack with remarkable transparency and efficiency. Their awareness of relevant guidelines and coordination with the FBI, Coast Guard, and CISA is impressive.
Ron Bradley reflects that “The primary mitigation to this particular attack would be to not allow the password reset application to be accessible from outside networks. If that is not practical or possible, then additional layers must be implemented such as multi-factor authentication, in addition to the appropriate intrusion detection and intrusion prevention mechanisms.”
For any organization impacted by the ManageEngine vulnerability, the full cybersecurity advisory is available from the CISA here.