{"id":359,"date":"2013-12-06T13:05:33","date_gmt":"2013-12-06T19:05:33","guid":{"rendered":"http:\/\/aapaseaports.naymicrosite2.wpengine.com\/?p=359"},"modified":"2020-04-23T08:09:33","modified_gmt":"2020-04-23T13:09:33","slug":"securing-seaport-cyberspace","status":"publish","type":"post","link":"https:\/\/www.aapaseaports.com\/index.php\/2013\/12\/06\/securing-seaport-cyberspace\/","title":{"rendered":"Securing Seaport Cyberspace"},"content":{"rendered":"

\"\"<\/a><\/p>\n

Ports are jumping in \u2018feet first\u2019 to combat this emerging threat to operations and safety.<\/strong><\/p>\n

By Lori Musser<\/i><\/p>\n

The task of securing cyberspace has emerged as perhaps the single most important seaport security challenge of the decade.<\/p>\n

An increasing number of functions are dependent on port computer systems and the Internet. Any interference can have widespread impacts on business, employees, reputation or partners. Ultimately, economic impact \u2013 the calling card of a port \u2013 could be jeopardized.<\/p>\n

What is Cybersecurity?<\/b><\/p>\n

Beyond protecting information \u2013 cybersecurity goes on the offensive to protect the systems that incorporate and use seaport information. Strategies include identifying risks, managing those risks and managing incidents.<\/p>\n

According to Bethann Rooney, manager of security for the Port Authority of New York and New Jersey (PANYNJ), \u201cMost ports will tell you their cybersecurity is for desktops, networks and email, and that it is well under control. What they don\u2019t have under control is the systems that are dependent \u2013 so many of our systems at ports and marine terminals run off computer networks.\u201d<\/p>\n

Rooney said a port\u2019s first step toward effective cybersecurity is to understand what it is, then to create a plan that looks at the interdependencies of a port\u2019s upstream and downstream computer connections and identifies risks.<\/p>\n

Identifying Risks<\/b><\/p>\n

A proactive cyber defense plan starts with having the right cost, security and risk metrics in place \u2013 that includes broad intelligence. Exposure must be assessed in order to prepare a port to weather a breach. Resiliency is the ultimate goal.<\/p>\n

Cyber threats typically originate outside of an organization and include terrorism, malicious or mischievous sabotage, industrial espionage or political breaches, such as anti-war or pro-labor action. There is often criminal intent to disrupt systems sufficiently to enable cargo theft or the movement of contraband.<\/p>\n

Cybersecurity is less focused on internal threats, such as employee sabotage, chicanery or ineptitude. Users routinely delete critical data, introduce links with executables and send information to incorrect recipients.<\/p>\n

Preventative measures can be put in place to negate the impact of human error and deliberate malfeasance.<\/p>\n

Each port has different assets to protect. At first glance, it may seem that some ports are unlikely candidates for cyber crime. Some \u2013 due to their infrastructure or iconic status \u2013 are logical targets, but all seaports have much to protect. Assets that are less prone to criminal attack may be more likely to be tampered with by wayward techies (reprogramming inane messages on electronic signage is common enough). Ports that are fast-tracking cybersecurity include those that operate their own terminals, handle military or hazardous goods, or run computer-controlled infrastructure, such as gates, bridges, tunnels, ramps, signage, road lanes, lighting, locks, gas lines, traffic control or cranes.<\/p>\n

Even small ports can prove attractive to cyber criminals. Daniel Elroi, president of NorthSouth GIS LLC, specializing in enterprise-grade implementations of geospatial technology, said small ports may be more likely to operate their own terminals or handle hazardous goods, and they may be less likely to have implemented cyber protection.<\/p>\n

There is risk for any data in the hands of a port \u2013 data ranging from vessel manifests to camera recordings to vessel traffic positions \u2013 especially if it is used to carry out automated functions, such as payroll, electronic alerts, bank deposits or infrastructure functions, including locking gates or turning on floodlights. There is also risk for any computer-controlled utilities or services \u2013 the port\u2019s so-called lifelines, such as water, sewer, telephones, energy, fire and other emergency response.<\/p>\n

Ports share data with authorities and the private sector. Storing or processing another organization\u2019s data poses additional risk and requires extra vigilance.<\/p>\n

On the Cusp<\/b><\/p>\n

Most ports are just launching cybersecurity initiatives. October 2013 was designated National Cybersecurity Awareness month by the Department of Homeland Security, and the United States Coast Guard recently advised its maritime security committees to bring the topic to the forefront.<\/p>\n

\u201cWe have gone feet first into it,\u201d said PANYNJ\u2019s Rooney. The port is developing a framework of standards, conducting risk assessments, cyber resilience reviews and utilizing the DHS Cyber Security Evaluation Tool to assess vulnerabilities and identify mitigation measures. She said there is a tremendous selection of available resources from the U.S. Computer Emergency Readiness Team, DHS and USCG, among others.<\/p>\n

Port Canaveral CEO John Walsh said, \u201cAs a top cruise port, we are taking cybersecurity seriously.\u201d Recognizing that the cybersecurity field is in its infancy, he noted the need for ongoing dynamic and proactive efforts.<\/p>\n

Under Constant Attack<\/b><\/p>\n

There are no cybersecurity standards for the maritime industry or for enforcement agencies. In the U.S., the president identified cybersecurity as a priority for critical infrastructure sectors including ports. A Presidential Policy Directive issued in February 2013 underscored the fact that the nation\u2019s critical infrastructure is under constant attack. In the worst-case scenario, lives could be lost.<\/p>\n

Elroi said that ports are grappling with several trends in data transfer and storage that increase the number of points at which information is shared, therefore accelerating the need for cybersecurity. These include enterprise computing (using a server), cloud computing (distributed computing using a real-time communications network to connect computers) and wide-area computing.<\/p>\n

Sharing can open holes in the firewall that the port worked so diligently to create.<\/p>\n

Managing Risks<\/b><\/p>\n

Experts say the cost of cybersecurity is difficult to assess. Some cyber solutions, such as setting up a reverse proxy server by which users can get through a firewall but to only one location or creating replicated databases for outside use, have readily identifiable costs. Ports can conduct cost-benefit analyses and then pick and choose some elements, but others are imperative and the best a port can do is try to minimize the cost. They can create policies, databases, software, infrastructure controls and contracts with cybersecurity in mind. The key costs may reside not in the paraphernalia but in the cost of personnel to implement and oversee.<\/p>\n

Most port cybersecurity programs will take the form of retrofits. Where possible, incorporating cybersecurity elements into infrastructure design may result in long-term cost savings. PANYNJ is doing just that; the new intelligent transportation systems being put in its tunnels and bridges will incorporate cybersecurity from the start.<\/p>\n

According to John Felker, director of cyber and intelligence strategy for Hewlett Packard, the annual cost of cyber crime is $110 billion \u2013 mostly in the theft of intellectual property. This impacts both security and competitiveness. Felker added, \u201c98 percent of data breaches are from outside network. All are avoidable.\u201d<\/p>\n

Chris Silva, president of KOVA, Corp., specializing in solutions for public safety, customer service and workforce optimization, said, \u201cThe ostrich approach will not work.\u201d Chances are someone out there is trying to exploit your weaknesses. \u201cEven though it is very difficult to measure the ROI for something that doesn\u2019t happen, it doesn\u2019t mean the investment is not necessary,\u201d he said.<\/p>\n

Fortunately, some of the security measures put in place since 9\/11 to combat terrorism also deter cyber threats. Others, such as port perimeter security, may thwart old-fashioned walk-on\/drive-on crime but foster the development of cyber crime.<\/p>\n

It may be possible for ports to decrease vulnerabilities by relying more on internal staff and less on consultants, who tend to be granted free reign once initially vetted, but this is not always possible or cost-effective. Nor does it address the issue of employees as threats.<\/p>\n

The pervasive \u201cdoing more with less\u201d philosophy means that today\u2019s ports must try to extract ancillary benefits from their cybersecurity investments.<\/p>\n

Security resources can be tapped for operational work, but multiple uses can create additional security issues. Elroi said, \u201cSecurity cameras, for example, are usually on a separate network for protection, but there may be times that port ops people could make use of the cameras. Is that okay?\u201d He said employee access and authorization is an ongoing challenge for ports.<\/p>\n

Refining Current Risk Management Processes<\/b><\/p>\n

Ports will begin to integrate cybersecurity management into corporate policy, and crisis and continuity planning, but first cybersecurity discussions will have to be elevated to the executive level to align with port goals.<\/p>\n

Ports have long protected themselves against breaches of data, and most ports have excellent firewalls, patches and other protection against spam, malware, viruses and low-level threats to their local area networks and internet\/email. Those computer hygiene solutions have been the traditional responsibility of port IT professionals. Security staff must now work with IT.<\/p>\n

Cdr. Ulysses Mullins, chief of the USCG\u2019s Critical Infrastructure Protection Branch, said the knowledge base and role of port operations on cybersecurity should not be underestimated. He said, \u201cThey bring critical operational information to the table.\u201d<\/p>\n

There is an emerging trend to merge IT and security professionals. Ports that rise above an inter-departmental territorial quagmire and create a well-executed cyber security program may well create a competitive advantage.<\/p>\n

Seaports and their maritime partners are hacked daily \u2013 viral emails are sent from port servers or laptops, contractors steal employee identities, and criminals alter cargo manifest data. In a highly publicized case in June 2013, police uncovered a smuggling operation that used hackers to break into the systems at two container terminals at the port of Antwerp. They reportedly used spear phishing and malware to change the location and the delivery times of containers housing drugs.<\/p>\n

In August 2013, hackers hit the world\u2019s largest oil company, Saudi Aramco. They said the malicious virus was in retribution for the government\u2019s support of \u201coppressive measures\u201d in the Middle East.<\/p>\n

In October 2013, cybersecurity researchers announced they had hacked into the vessel tracking Automated Identification System (AIS) used by U.S. ports. Reportedly, a lack of protection on the system could allow hackers to make ghost ships appear or fake emergency alerts. Since AIS is used to also broadcast the location of Aids to Navigation, an intrusion could wreak havoc.<\/p>\n

Going Beyond Compliance<\/b><\/p>\n

Federal efforts are underway to establish cybersecurity standards for U.S. ports and help prevent intrusions. Cdr. Mullins said the framework for the standards is expected to be rolled out within a few months. Although there will not be a regulatory requirement to participate, the USCG plans to actively encourage voluntary participation via incentives.<\/p>\n

The 2011 U.S.-Canada Beyond the Border Initiative contains an action plan with a cybersecurity collaboration element. Canada\u2019s Ambassador to the U.S. Gary Doer, in a speech at the AAPA Annual Convention in Orlando in October 2013, said that the two countries have enjoyed a joint command of their border perimeter for 55 years, and they should emulate that success by managing technology-related risks. He said his country\u2019s goal is, \u201c\u2026 sharing information before it can represent a red risk to citizens on both sides of the border.\u201d<\/p>\n

Security for Tomorrow<\/b><\/p>\n

Security programs that build upon current strengths and best practices will best leverage the standards as they are introduced. Cybersecurity must be able to protect, detect, respond and recover far faster than traditional security systems.<\/p>\n

Only after financial, economic, competitive, regulatory and image-related risks are recognized can specific protective measures be identified, funded and implemented. There will never be enough money to manage every risk, so cybersecurity is really about keeping risk at an acceptable level.<\/p>\n

Whether a port discovers them or not, and even if it rules its cyber territory with an iron fist, there will be incidents. With foresight, awareness of vulnerabilities, diligence, timely detection, help from allies and early intervention, damage will be minor.<\/p>\n

In 2013 and beyond, cybersecurity has become an enterprise imperative. It will never go away.<\/p>\n

 <\/p>\n

Five Questions Port CEOs Should Ask about Cyber Risks<\/b><\/p>\n

\u2022 How is executive leadership informed about the current level and business impact of cyber risks to the port?<\/p>\n

\u2022 What is the current level and business impact of cyber risks to the port? What is the plan to address identified risks?<\/p>\n

\u2022 How does the port\u2019s cybersecurity program apply industry standards and best practices?<\/p>\n

\u2022 How many and what types of cyber incidents does the port detect in a normal week? What is the threshold for notifying executive leadership?<\/p>\n

\u2022 How comprehensive is the cyber incident response plan? How often is it tested?<\/p>\n

Source: U.S. Department of Homeland Security; derived from \u201cCybersecurity Questions for CEOs\u201d<\/i><\/p>\n","protected":false},"excerpt":{"rendered":"

Ports are jumping in \u2018feet first\u2019 to combat this emerging threat to operations and safety. By Lori Musser The task of securing cyberspace has emerged as perhaps the single most important seaport security challenge of the decade. An increasing number of functions are dependent on port computer systems and the Internet. Any interference can have …<\/p>\n","protected":false},"author":25,"featured_media":360,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4,446],"tags":[],"class_list":["post-359","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-features","category-technology"],"_links":{"self":[{"href":"https:\/\/www.aapaseaports.com\/index.php\/wp-json\/wp\/v2\/posts\/359","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.aapaseaports.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.aapaseaports.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.aapaseaports.com\/index.php\/wp-json\/wp\/v2\/users\/25"}],"replies":[{"embeddable":true,"href":"https:\/\/www.aapaseaports.com\/index.php\/wp-json\/wp\/v2\/comments?post=359"}],"version-history":[{"count":0,"href":"https:\/\/www.aapaseaports.com\/index.php\/wp-json\/wp\/v2\/posts\/359\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.aapaseaports.com\/index.php\/wp-json\/wp\/v2\/media\/360"}],"wp:attachment":[{"href":"https:\/\/www.aapaseaports.com\/index.php\/wp-json\/wp\/v2\/media?parent=359"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.aapaseaports.com\/index.php\/wp-json\/wp\/v2\/categories?post=359"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.aapaseaports.com\/index.php\/wp-json\/wp\/v2\/tags?post=359"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}