By Eyal Pinko

Background

Over the past week, as tensions in the Persian Gulf increased between the United States and Iranian fleets, Iran reported that its seaports in the region of Bander Abbas under a cyber-attack, which caused the Shahid Rajaee port to be shut down for several days. Later reports in the United States attributed the attack to Israel.

It was a series of several cyberattacks that began early this year and culminated in the latest assault.

The cyberattack on the Iranian port is not the first of its kind and will probably not be the last. Cyberattack on a port and the ability to disable or disrupt port’s activity is not complicated.

How to cyber-attack a port, and how can a port be disrupted for days?

Iran’s Terminal Operating System

Seaports operate many computerized systems for port management, loading and unloading of containers and cargo from vessels, shipping and storage at the port, customs payments, maritime control and control systems, customer relationship data systems, physical security systems, and more.

The central port system is the Terminal Operating System (TOS), which allows control and management of the entire port.

This system includes various port management functions, including – vessel loading programs (loading and unloading of container vessels), crane control, container storage in the port storage area, controlling trucks, and transportation the in-port containers to and from the customers.

This system has many interfaces for shipping companies, customers, customs, and more.

Shahid Rajaee Port installed a TOS port management system in 2007. The TOS system was installed at the port by Overseas Port Management (S) Pte. Ltd. (OPM) Singapore.

In 2009, the system was upgraded by a local Iranian company, Kaveh, to an advanced system that includes electronic payment capabilities and management of all port systems.

How to attack a TOS system?

On the one hand, cyber-attack on the TOS system enables intelligence on the port’s customers, the movement of containers in it (including specific container tracking), and on the other hand allows for complete disabling of port operations, from the loading of goods and containers on vessels to the expense and entry of cargo to and from the port.

The TOS system can attack the cyber dimension to disable the port in two vectors. The first cyber-attack vector is through a direct attack of the system over the Internet. Such an attack is expected to be relatively complex on the assumption that information security systems protect the TOS.

The second attack vector is through a supply chain attack, which means an attack on one of the system interfaces, such as a cyber-attack on the Iranian software company Kaveh and from that attacking the Iranian port. Another cyber-attack option is to attack other companies, customers, or affiliates that have an interface to the TOS system.

The supply chain attack allows information security systems to be circumvented, and to cyber-attack the TOS system through its interfaces.