Ransomware Attack on Japanese Port Is a Warning to U.S. Shipping

Japan’s largest port suffered a ransomware attack earlier this month, halting all shipments through the port for two days. This security incident underscores the need to strengthen the resilience of U.S. ports to prevent similar attacks and hasten the resumption of operations after such attacks.

Criminal affiliates of the Russian ransomware gang LockBit attacked the Port of Nagoya’s central system controlling all container terminals. This disruption generated a significant buildup of trailers at the port, causing shipping delays. The Nagoya Harbour Transportation Authority reportedly did not pay the ransom but was able to resume operations after 48 hours.

The financial losses from this attack are significant, although authorities have not revealed the total cost. The Port of Nagoya accounts for 10 percent of Japan’s trade volume, or about $125 billion annually, similar to the Port of Los Angeles. In 2021, 178 million tons of cargo transited Nagoya, including most of Toyota’s automotive exports. Shipping delays of this magnitude can cause ripple effects across other industries in other countries, although the port’s ability to resume operations after only two days may have mitigated some of the worst of the impacts on global supply chains.

The attack on Nagoya is part of a larger trend of increasing cyberattacks on the global maritime industry. Since the COVID-19 pandemic began, cyberattacks on the Port of Los Angeles have doubled in frequency. According to an annual survey of American ports, attacks have been rising over the past five years. Three-quarters of respondents to the 2022 survey reported suffering a successful or attempted breach within the past year. Nevertheless, over a quarter of U.S. ports and terminals lack cyber response plans as part of their facility security plans, and those with cybersecurity plans often fail to conduct exercises and update the plans accordingly.

The U.S. government can help the industry better prepare for cybersecurity incidents by strengthening its own ability to engage with port owners and operators. This requires increased funding for the U.S. Coast Guard to help the industry assess and manage risk, support incident response, and facilitate information sharing with the industry. An FDD report released earlier this year, however, warned that the Coast Guard has seen cuts to its cyber funds in recent years despite its responsibilities as the maritime sector risk management agency. With more funds, the Coast Guard should increase information sharing and collaboration with the U.S. private sector, the Maritime Transportation System Information Sharing and Analysis Center, and foreign partners. Working together, the Coast Guard, U.S. port operators, and foreign counterparts can increase preparedness and improve cybersecurity incident response practices to mitigate growing threats.

Jiwon Ma is a program analyst at the Center on Cyber and Technology Innovation (CCTI) at the Foundation for Defense of Democracies (FDD), where Cole Knie is an intern. For more analysis from the authors and CCTI, please subscribe HERE. Follow the Jiwon on Twitter @jiwonma_92. Follow FDD on Twitter @FDD and @FDD_CCTI. FDD is a Washington, DC-based, nonpartisan research institute focusing on national security and foreign policy.