Hit enter to search

CYBER SECURITY CASE STUDY FOR ACQUISITION OF PORT

On October 13, 2020

PORT CYBER SECURITY:

What is a port?
A port in a typical geographical location plays an important role in many sectors such as the industrial sector, transport sector etc. It is the main connecting link for trade between countries and enables smooth import and export of goods and commodities. Similarly a port in technology can be the means through which data is transmitted. It could be a physical port or a communications endpoint. A port allows for transmission of data from one network to another or to the internet.

Digitization of port
This digitalization has been centered on the interconnectivity of data Information Technology (IT) and Operation Technology (OT) assets and also the introduction of recent technological enablers, like cloud computing, massive information and Internet of Things (IoT).

This digital transformation of the sector has been crystallized within a short period of time and this process, though done with a positive intent, has actually caused significant new vulnerabilities in the sector’s cyber risk profile. This is evident by the proliferation of cyber security incidents in ports in the recent years. Ports are at risk from cyber attacks and thus important to safeguard them from hackers. Hackers continually try to make backdoor entry via ports.

As ports are a critical and strategic resource for each country, it becomes very important to safeguard Ports from Cyber Attacks, and this is only possible by deploying right Cyber Security Solutions with optimization and in a structured manner.

Background:

A massive Port in a Southern East Country of Asia, wanted to acquire another port in a Middle Eastern country. Both the company’s legal departments drafted the acquisition arrangement, wherein foremost priority was given to the Cyber security assessment, its preparation and wanted the same to be implemented as per the International Ship and Port Facility Security Code.

Appointment of Managed Security Services Agency:

It is essential to appoint a knowledgeable MSSA, and the contract was signed with Infopercept. As an MSSA our major challenges were to bridge the gaps associated with cyber security between each of the entities.

Formation of groups and time sure plans:

The groups were fashioned, assessment plans for cyber security were drawn and deployed with time sure activities. These were framed in thirty day, sixty day and ninety day plans.

Definition of Cyber Security:

Cyber Security is defined as: “The assortment of tools, policies, security ideas, security safeguards, guidelines, risk management approaches, actions, training, best practices, assurance and technologies that will be needed to defend the cyber settings and the organization and the user’s assets.”

Attributes of Cyber Security:

Once the definition was framed, it was vital to spot what Cyber security strives to achieve.

Eight general security attributes were shortlisted as under
  1. Continuity of port operations.
  2. Safety of people & assets.
  3. Knowledge quality & validation.
  4. Port system configuration.
  5. Confidentiality and Integrity availableness (including Reliability).
  6. Safety Resilience Utility genuineness Possession (or Control).
  7. Dominant access to port systems operations.
  8. Safeguarding of Engineering and Technology.
Areas to be cordoned off with Cyber security:

It was important to focus on the important areas to be centered and framed.

  1. Security of Terminal Operations.
  2. Security of Business Operations.
  3. Infrastructure Security Application.
  4. Wireless Security.
  5. Security Posture of the Entire Port.
  6. Optimization of Cyber Security.
  7. Training of the Force.
  8. Compliance Certifications.

It is thus obvious that a single common approach to address all the risks would not work. Taking into account the vulnerabilities in the system and other factors, a strategy needed to be prepared and ensured that it should be regularly reviewed.

What are the motivations behind a cyber-attack?

Nature and reasons for cyber attacks can be aplenty. Ranging from simple data theft to more serious crimes of espionage the reasons can be varied. But each attack has a significant impact on the affected party. Some of the reasons behind a cyber attack are listed below:

  • Espionage:
    Seeking unauthorized access to sensitive data (intellectual property, industrial data, company ways, personal knowledge, pattern of life) and disruption for state or industrial functions.
  • Activism (also called ‘hacktivism’):
    Seeking promotion or making pressure on behalf of a particular objective or cause, as an example, to forestall the handling of specific cargos or to disrupt construction of a brand new port facility. The target is also the port itself, the operator of a port facility or a 3rd party, like the provider or recipient of the loading.
  • Terrorism:
    Use of the port to instill concern and cause physical and economic disruption.
  • Warfare:
    Conflict between nation states, where the aim is disruption of transport systems/infrastructure to deny operational use or disable specific port facilities, like bulk terminals.
Threat Actors:

Once the motives were known, the teams identified important Threat Actors which play an important role in Cyber Attacks, and they were classified into seven classes:

  1. Individuals
  2. Activist Groups
  3. Competitors
  4. Cyber Criminals
  5. Terrorists
  6. Proxy Terror Threat Actors
  7. Nation States

Any of these threat actors were equally relevant to components for the port systems settled on the far side of its perimeter.

Importance of Cyber Security for PORTS:

It is important for the entire team to understand the need for cyber security of ports. The cyber attacks have a volatile impact on:

  1. the speed and potency at which the port will operate;
  2. flexibility of the port to be ready to safely perform specific operations;
  3. the health and safety of employees.

It is therefore most important and foremost that all aspects of the Port, which might get affected by cyber security lapses are mapped. These include

  1. Buildings Linear Infrastructure,
  2. Plant & Machinery,
  3. Data & Communications,
  4. Port Management & Administration,
  5. Security Management & Administration,
  6. Customs & Border management,
  7. Loading Reception,
  8. Handling
  9. Storage Offer Chain Facilities.
Developing a Cyber Security Assessment Plan :

The next step was to look into the Cyber Security Assessment (CSA). Cyber Security Assessment (CSA) was developed on the prevailing security assessments. It began within the port security standards, these assessments enclosed the:

  1. Identification and analysis of assets and infrastructure (for example, facilities, systems and data) that are thought vital to shield, and therefore the external infrastructure systems upon which they rely.
  2. Identification of the port business processes,
  3. Exploration of the Assets and Infrastructure,
  4. Assess criticality of assets and perceive any internal and external dependencies.

So keeping all of the above in chronological order, a good Cyber Assessment Plan was drafted.

Cyber Security Audit:

As soon as the CAP was drawn, the final Cyber Security Audit was carried out. A comprehensive review and analysis of the business’s IT infrastructure was done. It helped to identify threats and vulnerabilities, and exposed weaknesses and risky practices.

Regulations like the GDPR (General knowledge Protection Regulation) will impose hefty penalties in the eventuality of a breach that ends up in exploited knowledge. A cyber security audit helps to mitigate the results of a breach and demonstrates that the organization has taken the required steps to shield consumer and company knowledge.

As Cyber Security Specialists, we advised for more effective courses of action to be taken and would result in immense improvement in cyber resilience. Audits even helped in enhancing and securing the knowledge and shielding the business.

Cyber Security Audit summary:

The audit was split into 2 distinct phases, a Spot Analysis and a Vulnerability Assessment. The Vulnerability Assessment service assists in preventing network attacks by characterizing vulnerabilities and configuration problems that hackers may use to penetrate the network.

In phase one Cyber Security Audit, remediation action was pointed out, breach response was set up, and awareness given to the staff.. Detailed report together with the summary of Cyber resilience assessment was done.

In phase two Vulnerability Assessment, Vulnerability Scanning and identification were done. Configuration and compliance checks were done. Malware detection was mapped, Web application scanning was done, and last but not the least, Data back-up review and analysis were booked in the audit report.

Identifying and Implementing mitigation measures:

The findings of the cyber security report provided a framework for the identification of mitigation measures that were to be applied to minimize the risk levels , This was categorized into four categories, viz; the Individuals, Physical Security, Methods formulated, and technological aspects of the port/port facility. On selecting mitigation measures, utmost care was taken to strike the balance on a case-by case basis between optimum risk reduction and minimizing the impact on the business of the port/port facility.

Developing Cyber Security Optimization and Strategies:

As per the recommendations from Cyber Security Audit report, main security measures and strategies were designed and implemented and these are briefed as under:

  1. Endpoint detection and response strategy.
  2. Well defined Security Information and Event Management (SIEM) solutions with named tools were suggested.
  3. Deployment of Deception technology for creating the decoy for the attacker.
  4. Security Orchestration Automation Response system (SOAR) was set up.
  5. Moving Target Defense Mechanism came into action.
  6. Vulnerability management process was defined.
  7. Creation of a Cyber security Operations Centre (SOC) set up was done.
  8. Network segmentation was well defined.
  9. Privilege Account Management (PAM) was done.
  10. Anti-malware and anti-virus management were set-up.
  11. Updating the management process was done.
  12. Source of update verification identified and deployed.

To sum up we can say that with the right methodology and analytics, with professional proficiency, real time monitoring and improvisation on a timely basis, and deployment of strategies it was possible to set-up a secure network.