By Andy Stewartand Don Leyn
At Cisco, deploying advanced cybersecurity capabilities goes in tandem with helping customers such as the U.S.' and the world's largest ports and terminals to implement digital business transformation and modernization.
Keeping bulk cargo and shipping containers moving efficiently and safely at a port requires massive amounts of data to be securely transmitted in real time to and from modern applications such as a Terminal Operating System (TOS), autonomous solutions, and other port operations solutions. Data flows and supporting applications have moved closer to "the edge" -closer to the industrial devices, terminal equipment, moving vehicles, and users. In today's digitally enabled ports and terminals, yesterday's old security perimeter is not sufficient. With the growing number of connected devices, adopting a zero trust security strategy based on a least-privileged approach to network and data access is an absolute necessity to successfully modernize operations.
Maritime and inland port operators increasingly deploy modern wireless connectivity to move data across the yard and increase outputs. They need technology with ultra-low latency, high throughput, high reliability, and seamless handoffs when on the move in a complex radio frequency environment. At the beginning of the pandemic, a large U.S. East Coast port began a journey of upgrading their existing wireless solutions. After testing several candidates, they chose to implement Cisco Ultra-Reliable Wireless Backhaul. In 2021, the port's operations realized a 30% increase in container utilization, and they attribute some of this increase to the improved wireless connectivity capabilities provided by Cisco URWB.
While helping port and terminal operators deploy modern wireless networks to digitize operations, our efforts also help them solve three primary cybersecurity challenges:
It is central to address these issues holistically when taking a zero trust approach to build a customer's industrial network. As described in NIST SP 800-207, "Before undertaking an effort to bring zero trust to an enterprise, there should be a survey of all assets, subjects, data flows, and work flows. [ . . .] This awareness forms the foundational state that must be reached before a zero trust architecture deployment is possible." Thus, providing extreme visibility to a port or terminal operator begins with:
Next, following zero trust and industrial security best practices-as defined in ISA-95/IEC-62264 and ISA-99/IEC-62443-and using the knowledge from those authorized network flows, we implement policy and network segmentation with a defense-in-depth strategy that builds segmentation and zones with sanctioned conduits to prevent attacks and lateral movement. In short, this entails a bottom-up, trust-nobody approach where every available security capability of the platform is leveraged to provide segmentation, threat-informed security, and governance. This ensures a transparent policy between operations and security personnel -thus, allowing for secure, safe, and efficient operations in the physical port/terminal.
Cisco security solutions are built directly into network equipment and decode industrial protocols to monitor operations, feed the cybersecurity platform with operational technology context and comprehensive threat intelligence, and, thus, enable security and operational collaboration. With this extreme visibility across all devices and data flows, the cybersecurity platform can automatically detect intrusions and abnormal behaviors, enforce appropriate policy, and alert the security team to act.
Deep visibility includes the ability to acutely characterize the state of all industrial assets-including device make/model, firmware, latest patches, and other systems factors-to assess industrial asset vulnerability. The Cisco Cyber Vision sensor built into Cisco industrial network equipment makes it easy to build a comprehensive picture of the industrial environment. Security and operations personnel can assess risk and implement a continuous improvement process via deliberate patch management and/or implementing additional isolation to potentially vulnerable devices until it becomes safe and operationally feasible to update the device.
Delivering effective cybersecurity for critical infrastructure requires a deliberate effort across any organization's approach to bring together people, processes, and technology. We are excited to enable terminal management and port operations to become more reliable and sustainable through digitization and-integrated with these modernization efforts-make them more secure. An integrated networking and security portfolio helps the maritime transportation sector through this journey -delivering the best technology, which underpins efficient processes and enables the sector's personnel with the skills and tools necessary to realize all the possibilities of modern port operations.