The cyber threats facing the world’s ports are diverse and growing every day. So too are their potential ramifications. AI, however, may well offer an answer., writes Brian Dixon.
From being a seemingly distant sci-fi concept a few years ago, artificial intelligence (AI), along with its mathematical subset of machine-based learning (ML), is increasingly becoming a maritime reality, making numerous inroads into various fields of application. Among other things, for example, this particular technology is currently being developed and/or deployed by various shipping lines to enhance navigation; optimise route planning; reduce fuel consumption; avoid collisions; and even predict market conditions.
What’s more, AI also has the potential to radically ramp up cybersecurity, as Philippines-headquartered International Container Terminal Services Inc (ICTSI) can arguably now attest having recently deployed BlackBerry’s CylancePROTECT system across its entire global port operations.
Whereas conventional anti-malware software has to date adopted a reactive signature-focussed approach to detecting threats, CylancePROTECT employs what BlackBerry describes as “an AI-based machine-learning model” that immediately interrogates any executable program the moment an end-point attempts to launch it. Having been trained to recognise the characteristics of “billions” of executable files – both malicious and benign – the system is thus able to instantly identify and quarantine any potential threats before they can cause harm.
This, BlackBerry asserts, gives CylancePROTECT an unrivalled “pre-execution capability” that ensures each and every protected end-point stays continually malware free. Importantly, it also imbues the system with “true zero-day prevention”, meaning it can counter otherwise unseen new threats as and when they emerge. This approach also means that CylancePROTECT, which does not require regular software updates nor an Internet connection to operate, can offer users “whisper-quiet prevention” as it eradicates the need for either real-time or scheduled scanning, so freeing up resources for the better running of the client’s core software.
Additionally, the system also proactively identifies the malicious use of memory, enabling it to protect users from so-called ‘fileless attacks’. Similarly, it can also prevent the use of unauthorised devices, such as USB memory sticks, that could otherwise be used, wittingly or unwittingly, as a vector for an attack; control when, where and how scripts can be executed and by whom; and also ensure that “fixed-function devices are in a pristine state continuously, eliminating the drift that occurs with unmanaged devices”.
Furthermore, CylancePROTECT, BlackBerry notes, is both “reliable and easy-to-manage on a large scale” and also readily able to address “a variety of complex systems and end-points”. This is a clear boon to a company such as ICTSI, which, it notes, operates “thousands of end-points” throughout its network of operations in 32 ports across Asia, Europe, Africa and the Americas. But ICTSI is certainly not the only port operator that potentially stands to benefit from BlackBerry’s AI-based system.
Taking out the easy
“The public may not realise just how diverse ports are,” says Campbell Murray, global head of BlackBerry Cybersecurity Delivery. “In the UK alone there are over 470 active ports, all owned and operated by different Government authorities or private entities and each facing the same challenges of communication security and asset tracking, but largely each has developed its own solution to meet these challenges.”
“No two ports operate in the same way,” he continues. “This presents the attacker with a richly diverse threat surface and the subsequent opportunities to interrupt, interfere, mimic or otherwise eavesdrop on communications. This allows the thief to identify physical assets to steal and use the port infrastructures to directly attack ships.”
Moreover, the threats facing ports continue to grow in number and broaden in scope. “Modern-day piracy has evolved from the physical hijacking of ships to the theft of manifest information, allowing pirates to identify high value cargo and to hide contraband in plain sight,” Murray states. “As high-throughput areas for passengers and goods, ports are no different to any other public space and face the same threats as these do. They differ in that much of the technology in use is specific to maritime, and here lies their greatest threat.”
“The exchange of port logistical operational data is crucial for the smooth running and thus profitability of each port. Any interruption to this data flow,” he explains, “can have serious consequences for the port, shipping organisations and the end consumers of the goods they transport. Currently, there is little harmonisation between embarking and arriving port authorities and many legacy systems and technologies have to be supported or reverted back to a manual process.”
But with a recent report by Lloyd’s of London, for instance, calculating that a cyber-attack on 15 ports in Asia-Pacific could result in losses of around $110bn, are ports becoming more aware of their cyber vulnerabilities? Murray thinks so, stating that the “subject of cybersecurity is increasingly being discussed with relation to ports” while the maritime sector as a whole is becoming “more transparent regarding the issues and challenges” it faces.