Issue link: https://jocdigital.uberflip.com/i/335267
GOVERNMENT WATCH 24 THE JOURNAL OF COMMERCE www.joc.com JUNE 23.2014 By Corianne Egan A YEAR AGO and barely six months old, the Europol European Cyber Crime Cen- ter reported that hackers had attempted to remove smuggled drugs from containers at the Port of Antwerp by hacking into a terminal operating program. More recently, Lars Jensen, the founder of SeaIntel Maritime Analysis who started a maritime cybersecurity company this year, cited the penetration of systems at Antwerp, successful manipulation of the course of a vessel in the Mediterranean and the "demonstrated ability to manipulate AIS (automatic identification system) data for existing vessels as well as (to) create fake AIS data," emulating vessels and distress beacons as reasons for concern. Although there is no evidence a cyber- attack has managed to disrupt global commerce at a U.S. or foreign port, the potential for ever-more-sophisticated hack- ers to do so is growing, and the Government Accountability Office says the U.S. needs to do more to beef up security. Losses to cyber- crime among individuals and companies worldwide already approach $575 billion a year, according to a report released this month by software company McAfee. The GAO's wa rning ca me af ter a yearlong investigation that found the Department of Homeland Security, the U.S. Coast Guard and Federal Emergency Management Agency aren't doing enough to prevent cyberthreats at the nation's 360 sea and river ports. "Disruptions in the operations of our nation's ports, which facilitate the import and export of over $1.3 trillion worth of goods annually, could be devastating to the national economy," the GAO report said. "While the impact of a physical event (natural or manmade) appears to have been better understood and addressed by maritime stakeholders than cyber-based events, the growing reliance on information and communica- tion technolog y suggests the need for greater attention to potential cyber-based threats." The DHS responded by say- ing it would assess cybersecurity at ports nationwide and that it already is working to include cybersecurity in its risk assessments for maritime infrastructure. Those risk assessments should help the DHS decide on a plan of action as it relates to cyberthreats, and will help FEMA guide funding initiatives. No date has been set for the recommendations to be implemented. The GAO identified several threat areas. Terminal operating systems, business oper- ating systems and industrial control systems are at risk, the GAO said, and can be compro- mised by viruses, hackers, phishing schemes and terrorist attacks. Any such event at a U.S. port could disrupt commerce, it said. The GAO has rated nearly all government systems supporting infrastructure as high- risk targets since 2003. The report showed that the DHS hasn't done a risk assessment for U.S. ports, and that most security plans for ports didn't include contingency plans for cyberattacks. Although FEMA identifies cybersecurity as an area that requires fund- ing, the GAO said its granting process lacks efficiency and expert analysis. JOC Contact Corianne Egan at cegan@joc.com and follow her on Twitter: @CEgan_JOC. A RISK IN NEED OF A RESPONSE A comprehensive GAO report says U.S. agencies aren't doing enough to combat the threat of cyberattacks at ports However, the criminal complaint against the Wal-Mart Transportation driver, Kevin Roper of Jonesboro, Georgia, said he had not slept for "a period in excess of 24 hours" before the crash, not that he had been working all that time. "With regards to news reports that suggest Mr. Roper was working for 24 hours, it is our belief that Mr. Roper was operating within the federal hours of service regulations," Wal-Mart said in a statement. Roper later denied claims he had not slept for 24 hours before the crash. Whether Roper violated federal rules, was simply fatigued or neither is unclear, but the high-profile crash led USA Today to come out against the Collins amendment and drew widespread attention in news outlets to the legislative effort to scale back the HOS rules. Controversy over the accident could bring efforts to get changes to the revised driver work rules through Congress to a hard stop. Opponents of the revised 34-hour restart who want the rules changed are trying to separate debate over the Collins amendment from the high-profile accident. "It is important to recognize that this accident had nothing to do with hours of service regulations," Tom Sanderson, CEO of logistics company Trans- place, said in a June 11 blog post. Sanderson noted that Wal-Mart's fleet is equipped with electronic logging devices, and that Wal-Mart, which Hoffa called a "bad actor" with nine fatal truck accidents in 24 months, actually has a strong safety record. In fact, Wal-Mart Transportation has an incredibly good CSA score for hours of service compliance — 0.5 percent out of 100 — and a very low 2.9 percent unsafe driving score in the Federal Motor Carrier Safety Administration's Compliance, Safety, Accountability program. Wal-Mart has more than 6,200 tractors and 7,200 drivers, and its trucks log more than 667 million miles a year, according to FMCSA data. In the past 24 months, the company has had 375 crashes, nine of them fatal; 127 crashes involved injuries. The data do not indicate who was at fault in those accidents. JOC Contact William B. Cassidy at wcassidy@joc.com and follow him on Twitter: @wbcassidy _joc.