Cyber attacks orchestrated against ports are no longer a hypothetical; stakeholders now must understand the economic losses that could come from such an attack. But how to quantify such losses?

A new paper in Transportation Research offers a look at the economic losses sustained by ports after a cyber-attack:

In ports and other facilities of interest, cyber-attacks or disruptions translate almost instantaneously into attacks on physical assets, causing disruptions on the transportation network – examples are loss of instructions from sensors directing the assets, stalling of current physical resources (gantry cranes, automated vehicles) – resulting in cascading effects of such disruptions through the port. Our work aims to estimate the physical effects of such cyber-disruptions by assuming that, following a disruption event, actions for recovery of movements (using unaffected vehicles or other resources) are undertaken. Such recovery actions involve dynamically re-configuring the previous plan of resource allocations and movements for vehicles, people and shipments. In particular, we aim to find an optimal or near-optimal reconfiguration, that will estimate a lower bound on the possible costs of the disruption, because action is often taken to reduce the impacts of the disruption. The resulting problem is a network design problem, which we model as a Disrupted Capacitated Continuous Time Network Design Problem (DC-CTSNDP), as we describe in the following section. While in practice, optimal recovery actions are not always taken, solving this problem helps estimate the minimum costs that will have to be incurred to recover the physical system from the cyber-disruption.

Our work and approach are motivated by large, real-world problem instances at ports in the US, which are larger in size in both space and time, than common network design optimization benchmarks and prior case studies. Because cyber-disruptions can affect operations at a high granularity, we aim to capture resource allocations at similar granularity, i.e., the movements of individual containers or TEUs. Our case study draws from fieldwork at Southport container operations at Port Everglades, FL and required a larger network, more commodities, and a longer optimization time window than previous studies. For example, economic losses for many imported commodity categories do not occur until past the 5 day mark. Therefore, we aim to study recovery windows that last at least a full week, consistent with historically-attested cyber-originating disruptions (e.g. NotPetya) described in Section 3.


The economic impact of disrupted scenarios, on average, were $82,224/$141,647 for cyber-attacks on the landlord port’s cyber-controlled assets and $1.2M/$2.8M for cyber-attacks affecting all port terminal operators in October/May respectively.