By Brandon Ross
July 20 — Cybersecurity breaches of port operators’ computer systems have resulted in thefts that left vendors unpaid, an FBI official, highlighting gaps in cybersecurity and cyber insurance policies, told Bloomberg BNA.
Hacking is becoming easier, less time-consuming and less expensive, while the cost to stave off software breaches remains high and requires more coordination than ever, Michael Sohn, supervisory special agent of the FBI Los Angeles cyber outreach division, said. He was speaking to seaport stakeholders, including port operators and vendors, at a July 20 cybersecurity seminar held by the American Association of Port Authorities.
Sometimes a port operator doesn't learn that a system has been breached until hearing from a vendor who has not received a payment that was due, Sohn said. Then the port may find that someone has illegally changed the routing number for a vendor’s bank account. The port can ask the bank to reverse the charge, but banks may not do so because the charge was authorized by the port.
The average cost per company affected is $130,000, Sohn told Bloomberg BNA in an interview during the event. “Sometimes we’re able to recover the money, sometimes we’re not,” he said.
Cyber fraud isn't considered a cyberattack, and so insurers don't pay a claim in many cases, Sohn said.
“[I]f there was a scam, a lot of the time insurance won’t cover that because you directed the banks to move money,” he said. When ports give the go-ahead to pay an account, that may disqualify the transaction from being something the bank will reverse.
“So a lot of the times the banks are saying ‘you told us to do it,' and therefore the banks aren’t liable,” he said.
“The ability to deploy cyberattacks has become so easy, whereas the defense against it has become a team sport,” Sohn said during his keynote address for the seminar. Cyber criminals don't even need to have a highly technical background to hack into systems anymore, Sohn said. Rather, they have an abundance of malware choices—many under $50, some as low as $10 or even available for free—with which to hack a system.
When ports turn to their insurers to cover the cost of cyber crimes, they find that courts have decided in favor of underwriters and many of their claims are not paid, Sohn said.
The effects can be devastating for smaller companies, such as many port vendors.
Port vendors can range from terminal operators like Ports America or Amports, to construction companies, trucking companies, and any other entity that accesses port facilities, David Espie, director of security for Maryland Department of Transportation Port Administration told Bloomberg BNA at the event.
“Small businesses literally go under because of this type of fraud,” Sohn told Bloomberg BNA.
Other speakers at the event from the U.S. Coast Guard, Department of Homeland Security and port operators shared a common suggestion for ports to try to combat system breaches: Share data with the government and from port-to-port. This will let the government better identify trends and get the message out to all ports to be on the lookout for certain activities on their systems that could help them cut off some hacks in before criminals can capitalize on them.
To contact the reporter on this story: Brandon Ross in Washington at firstname.lastname@example.org
To contact the editor responsible for this story: Heather Rothman at email@example.com
Copyright © 2016 The Bureau of National Affairs, Inc. All Rights Reserved.
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to firstname.lastname@example.org.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).
This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to email@example.com.
Put me on standing order
Notify me when new releases are available (no standing order will be created)