The Cyber Defense Trident: 3 Approaches for Mitigating Cyber Threats

Guest Article
jason atwell

During World War II, the Federal Bureau of Investigation and the Office of Naval Intelligence (in)famously enlisted the support of the mafia to protect the docks of New York from German and Italian saboteurs. The threat from sabotage was deemed great enough, and the situation was so dire in the early years of the war, that only criminals had the power and control necessary to prevent devastating attacks on vital shipping. Similar dynamics have given rise to the current interplay between ransomware actors and the nation-states that either sponsor or turn a blind eye to their activities. The strategic objectives of China and Russia means ransomware impacting targets outside of their respective economic and political spheres of influence is a useful tool for achieving their objectives at thresholds below armed conflict. In this environment, ports are on the front lines in ways they have not been since World War II, but the threats are now delivered over email by hackers instead of on submarines or bombers by spies and saboteurs.

Ports, and their corollary infrastructure, are major centers of gravity in geopolitical competition. Cyber activity has become a primary means of espionage, and disruptive activities such as ransomware attacks, making ports potentially devastating bottlenecks and lucrative targets for a motivated actor. Cyber attacks on ports have been primarily opportunistic in nature, scattered across industries and geographic locations. Given the continued uncertainty as to the origin, legal status and sponsorship of the groups engaged in these events, as well as the lucrative nature of the payouts, these attacks are like to multiply in number and expand in their targeting.

For the past few decades, the rush has been to build bigger and faster networks that allow for the rapid and efficient movement of people, products and information. These networks have enabled unprecedented growth and ensured ports remain bustling hubs of innovation and economic activity. However, ports represent a microcosm of the problems facing decision-makers and key players, from CEOs to CISOs, network defenders and equipment maintainers. There is a constant need for availability and connectivity, a wide range of new and legacy technology, constant digital and physical traffic, and an even wider range of economic, geopolitical and even meteorological variables that can impact the security environment. The good news is that there are steps that will help defend against and lessen the pain and devastation of cyber attacks targeting ports that may accompany future confrontations between great powers.

Key leaders in port security and operations can mount a three-pronged effort to mitigate the threats posed by adversarial cyber actors.

First, a renewed emphasis should be placed on asset visibility and detection. Enhanced asset visibility provides stakeholders and decision-makers with an accurate risk assessment of their infrastructure. Furthermore, this allows for a defense-in-depth design of detection and countermeasures.

Second, a concerted effort must be made to understand the threat environment both as it is and will be. Defining this environment, both in terms of adversaries’ intentions and capabilities as well as how they disrupt essential functions through cyber attacks, is crucial. This profile allows organizations to tailor their security posture not just to industry best practices, but to their specific facility and functional risk.

And finally, steps must be taken to prepare for the future that place a premium on resilience. New technologies like AI and autonomous vehicles will be required to achieve maximum efficiency and competitiveness. These technologies will give rise to equally novel and emerging threats. Malicious cyber actors will continue to develop ways to exploit technology at the same pace we can find new uses for it. Every new solution can present new problems if security is not part of the equation as we develop, procure, field and operate new software, hardware, systems and networks. Demonstrating resilience in the face of a highly motivated and well-resourced nation-state means being prepared to absorb attacks and continue to operate. A complex mix of technologies is only useful if it is survivable.

We are unlikely to find ourselves recreating the alliance between criminals and the government that protected ports during World War II. However, one similarity is that just as mafia control of the docks in New York showed the FBI and Naval Intelligence that a massive vulnerability to be exploited was sitting on our doorstep, the current spate of ransomware attacks is showing us that if criminals can inflict this kind of damage and disruption, a nation-state would find a similar attack not only easily within their capabilities, but highly desirable when the time comes. Proactive preparation to deal with these threats is not only a good idea; it is essential for ports to continue to fulfill their critical mission in an increasingly confrontational global system.

Jason Atwell is senior advisor, global intelligence for Mandiant, Inc. and presented on cyber security at AAPA’s 2021 Security Seminar and Expo.