Cyber Incident Victim: San Diego Unified Port District
Date:
Sep 2018
Location:
United States of America
Summary
A cyberattack targeted the Port of San Diego, disrupting operations shortly after a similar incident at the Port of Barcelona. The attack caused limited functionality for employees, temporarily affecting public services such as park permits, public records requests, and business operations. Internal IT systems were impacted, though ship movements remained unaffected in Barcelona's case. Both port authorities declined to disclose technical details or confirm if the incidents were related, leaving the nature of the attacks unspecified. Security experts noted the term "disruptive" used by officials often aligns with ransomware incidents, though no confirmation was provided. This marked the third disruptive cyber incident affecting a major port within two months, highlighting operational vulnerabilities in maritime infrastructure.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On September 25, 2018, the Port of San Diego experienced a cyber-attack that disrupted its operations, marking the second such incident at a major port within a week. The port authority publicly acknowledged the attack the following day through a statement from CEO Randa Coniglio, confirming limited employee functionality and temporary impacts on public-facing services. Affected operations included park permit processing, public records requests, and unspecified business services. Port employees continued working under restricted capabilities while the investigation proceeded, though officials declined to provide technical details about the attack methodology or scope when contacted by media outlets. No disruptions to ship movements or maritime operations were reported, mirroring the earlier Barcelona incident's preservation of core harbor functions.
This event followed a September 20 cyber-attack against Spain's Port of Barcelona, which had similarly affected internal IT systems and land operations like cargo loading without disrupting ship traffic. Security researchers noted both ports described their incidents as "disruptive," a term frequently associated with ransomware attacks that impair system functionality without stealth objectives. The July 2018 ransomware incident at China Ocean Shipping Company's Long Beach Port terminal provided additional context for this characterization, though no forensic connection between the three port incidents was established. Port of San Diego officials maintained their investigation without releasing further details about attack vectors, threat actors, or remediation measures. The consecutive timing of these attacks across multiple continents highlighted operational vulnerabilities in maritime infrastructure, with the Port of Barcelona having published an article questioning port cybersecurity preparedness five months prior to its own breach. Financial implications remained unquantified in public disclosures, though the cumulative pattern suggested heightened risk exposure for critical port systems globally.