Photo/Illutration Containers wait to be loaded at Nagoya Port’s Tobishima dock in Aichi Prefecture on July 5. (Umeka Yoshinaga)

Nagoya Port needed three days to fully recover from a cyberattack that crippled every procedure in loading and unloading cargo.

The ransomware attack, apparently perpetrated by Lockbit, a Russia-based cybercrime organization, affected an estimated 15,000 containers and related businesses, including Toyota Motor Corp., which has a manufacturing hub in the region.

Although the port in Aichi Prefecture handles about 200 million tons of cargo a year, the most among all ports in Japan, it may have been more vulnerable to an attack compared with other infrastructure in the nation.

Japan’s cybersecurity basic law lists 14 sectors, including airports, electricity, health care and administrative services, as key infrastructure in need of extra protection against cyberattacks.

But seaports are not included on that list.

Seaports were also left out of legislation enacted in May 2022 on improving Japan’s economic security.

In facilities designated as key infrastructure under the 2022 legislation, computer systems and devices must be approved by the government before their installment.

Chief Cabinet Secretary Hirokazu Matsuno on July 6 spoke about the attack on Nagoya Port.

“It is increasingly important to improve the defense and resilience of the information systems of Japan’s infrastructure,” he said.

Those affected by the ransomware attack agreed.

“The government should take measures against cyberattacks because all industries will be affected if transportation, a lifeline for us, is halted,” said an official at Toyota, which was forced to halt operations at its packaging plant for exported car parts on July 7.

A FIRST IN JAPAN

On the morning of July 4, workers noticed something was wrong with the automated check-in system that identifies trucks at the entrance to Tobishima dock at Nagoya Port.

Sensors on both the gate and each vehicle were not working, and drivers were unable to enter the dock to load and unload cargo.

Around one hour later, printers at an office in the port churned out sheets and sheets of paper, each carrying the headline: “LockBit Black Ransomware.”

A message, written in English, said hackers had stolen and encrypted the facility’s data. The message told port operators to access a website if they wanted to recover the system.

Lockbit, one of the largest global cybergangs, is responsible for attacks on more than 1,700 organizations worldwide, according to Recorded Future, an U.S. cybersecurity firm.

Yu Arai, a cybersecurity expert at NTT Data Corp., said Nagoya Port was apparently one of the many random targets of Lockbit’s malware.

Arai said this is the first known cyberattack that disrupted operations at a Japanese port facility.

“We can call it an attack on an infrastructural facility that is vital to our supply chain,” he said. “It’s time for the government to take steps to prevent economic damages caused by cyberattacks targeting port facilities.”

In the United States, seaports are recognized as essential infrastructure. The chief of the U.S. Cybersecurity and Infrastructure Security Agency in March said cyberattacks against the shipping industry were particularly alarming.

(This article was written by Ayami Ko, Umeka Yoshinaga, Chihaya Inagaki and Tatsuya Sudo.)

Related News