The maritime and logistics industry is highly dependent on efficient and secure operations to ensure timely delivery of goods and cargo. Port owners and operators need to ensure that their Operational Technology (OT) environments are secure from cyber threats to avoid disruptions in operations. We explore how a leading container terminal operator approaches OT cybersecurity in general and how the company leverages Dragos technology and professional services to secure its environments.
Cybersecurity is particularly challenging in today’s world, partially because of the increase in threats and digital connectivity and partially because of the shift in how supply chain is managed in the wake of the COVID-19 pandemic. Traditionally, supply chains have primarily relied on the ‘just in time’ model, which emphasises efficiency and cost reduction by minimising inventory levels and relying on precise demand forecasts. The pandemic exposed vulnerabilities in this approach and the concept of ‘just in case’ emerged. This new approach represents a shift towards building more resilience and flexibility into supply chains by maintaining larger inventories, diversifying sourcing options and developing contingency plans.
Challenges
In 2017, a piece of malware called NotPetya infected the computer systems of A.P. Moller-Maersk, a Danish shipping conglomerate, and spread to other companies worldwide.
The attack caused widespread disruption to Maersk’s operations, including the temporary shutdown of several of its container terminals and port operations. The company estimated that the incident cost between US$200 million and US$300 million in lost revenue and recovery costs. The Maersk incident is often cited as a cautionary tale for the importance of cybersecurity and the need for companies to take proactive steps to protect their systems and data, and probably served as a trigger for insurance companies to take a closer look at pricing cybersecurity risk into their policies.
During this time, the performance and security of Operations Technology was managed by the maintenance department at the company, rather than a centralised, security-focused business unit. Facing premium increases, along with heightened focus on OT cybersecurity because of the Maersk headlines, the leadership team kicked off the development of a strategic roadmap that included significant investment in its existing safety-focused culture, a conscious environmental initiative, and projects to evaluate and increase OT cybersecurity posture at each of its port locations. Management was already concerned about the potential impact of cyber threats on its OT systems and the potential for disruptions in operations, and the initiatives driven by the roadmap exercise helped to provide the attention and funding needed to tackle the challenges.
Solutions
Addressing cybersecurity challenges in the maritime and logistics industry requires a comprehensive approach that includes risk assessment, policy development, employee training and technology upgrades. By taking proactive steps to address cybersecurity risks, port operators can reduce the risk of cyberattacks and protect their operations and data.
This customer took the following steps to develop a world-class OT cybersecurity programme:
- The team worked with Dragos and other partners to conduct comprehensive cybersecurity risk assessments to identify vulnerabilities and risks in the port’s network and IoT devices.
- Using the challenges outlined above as a backdrop, the team reviewed results of the risk assessments in the context of their environment. Next, they developed and implemented a cybersecurity plan that includes policies and procedures for incident response, data protection and access control.
- Within this plan, they did a proof-of-concept (POC) with Dragos. Based on the results, they procured and deployed the Dragos Platform, to monitor and detect cyber threats to the port’s OT systems. The platform uses advanced analytics to detect and respond to cyber threats, including malware, phishing and other types of attacks.
Result
Through its unwavering dedication to OT cybersecurity and its partnership with Dragos, the company has been able to significantly enhance the security of its OT environments. Today, it can quantify and prove its ability to detect, mitigate and respond to cybersecurity threats across its networks – resulting in favourable insurance premiums, increased trust and collaboration with internal stakeholders and endorsed by the board, and best-in-class positioning with regulatory bodies.
Dragos platform usage profile and benefits
Dragos Platform technology has provided continuous monitoring and detection of potential cyber threats, allowing the ports to take proactive measures to mitigate the risk of cyberattacks.
- The team uses the platform to conduct automated asset inventories and analyse multiple data sources including protocols, network traffic, data historians, host logs, asset characterisations and anomalies.
- Operators use the platform to verify vulnerabilities or supply chain compromise risks, using the corrected, enriched, prioritised guidance within the platform to manage the full life cycle of specific vulnerabilities in their environments.
- The team uses a combination of the platform and OT Watch Managed Threat Hunting to pinpoint malicious behaviour on their ICS/OT networks.
- In the event of an incident, the company uses expert-authored playbooks to guide their security team step-by-step through investigations, decreasing response time and improving efficiency.
- The Dragos platform and ancillary services make compliance much easier and more streamlined. In fact, the customer estimates that more than 85% of its systems qualify two levels above the minimum standards set forth by its local and regional regulations.
The customer considers the following as the top benefits derived from its use of the Dragos Platform:
- Increased efficiency and productivity
- Asset inventory, verification and changeover is much easier and more streamlined
- It’s easier to collect reporting and metrics for compliance, insurance, regulatory requirements and board reporting
- Less alert fatigue
- Reduction of ‘Shadow IT’ activities within the OT environments
- Easier and faster identification of misconfigurations
- Increased visibility into threats
- Better, more contextual awareness of vulnerabilities
- Easier and more effective vulnerability management
“Using the Dragos Platform, we have a comprehensive and constant understanding of our extended OT network environment, and as a result, we can rapidly identify and remediate threats before they have a chance to impact the continuity of our business and operations,” said the customer CIO.