U.S. Ports Highlight Critical Infrastructure Vulnerabilities

Recently the Armis team attended a U.S. House Committee on Homeland Security hearing on port security vulnerabilities. Testimony from the Cybersecurity and Infrastructure Security Agency (CISA), and the Transportation Security Administration (TSA), was truly eye-opening and we wish this hearing had received more media attention.

Central to security concerns was the presence of Chinese manufactured cranes and software in use at U.S. maritime ports, and the risk a nation state could take control of resources at ports that support automation. Witnesses included Eric Goldstein, executive assistant director for cybersecurity at CISA, Neal Latta, assistant administrator for enrollment services and vetting programs at the TSA, and Rear Admiral Wayne R. Arguin Jr., assistant commandant for prevention policy at the U.S. Coast Guard.

“Our nation’s maritime ports play a crucial role in our commercial supply chains and national security operations,” said Subcommittee Chairman Carlos Gimenez, a Florida Republican. “As adversaries like the Chinese Communist Party (CCP) work to undermine and infiltrate our critical infrastructure and conduct surveillance operations on American industries, this Committee is examining any potential port vulnerabilities that may jeopardize our national security, from defending our cyber networks and assessing threats posed to physical infrastructure to ensuring the integrity of America’s maritime workforce.”

These port security concerns are not new. In April Chairman Gimenez sent a letter cosigned by numerous other House Chairmen asking Department of Homeland Security (DHS) Secretary Alejandro Mayorkas for a briefing on the cybersecurity threats posed to business and industrial operations by Chinese-manufactured cranes operating at U.S. ports.

According to the publication CSO, in September of 2021 FBI agents conducted a search of a Chinese merchant ship delivering port cranes to the Port of Baltimore, MD. Reporting in the Washington Times suggested agents may have found intelligence-gathering equipment on the ship, but there has not been any kind of official confirmation.

The challenge when it comes to port security is a lack of visibility to the ever growing threat surface. Legacy security tools can only see managed – not unmanaged – devices on the network. The number of unmanaged devices has exploded in recent years and are a gigantic blind spot in federal network protection. Nation-states are now actively targeting unmanaged Operational Technology (OT) and Internet of Things (IoT) devices. Traditional end-point detection and response (EDR) systems don’t work on unmanaged devices because they can’t accommodate security agents.

These unseen devices don’t generate logs and scanning them with a network scanner could lead to major disruption, degrading performance and causing production downtime. Agencies need an agentless EDR security platform that can solve this problem by covering the gaps left by legacy, agent-based solutions.

CISA recognized the need for better threat visibility with its Binding Operational Directive (BOD) 23-01, released late last year. BOD 23-01 requires all Federal Civilian Executive Branch (FCEB) agencies to begin performing automated asset discovery every seven days. This discovery must at a minimum include the entire IPv4/IPv6 space used by the agency. Agencies must also initiate vulnerability enumeration across all discovered assets every 14 days.

Armis can help ports close this visibility gap. The Armis Platform is entirely agentless, providing 100 percent asset visibility. Armis also continuously monitors the state and behavior of all devices on a network for indicators of attack. When a device operates outside of its known-good profile – for example, a camera on a crane – Armis issues an alert or triggers automated actions. These alerts can be caused by a policy violation, misconfiguration, or abnormal behavior such as inappropriate connection requests or unusual software running on a device.

The agentless Armis platform also offers simple and speedy deployment. It can quickly be integrated into whatever security systems a port or agency already has in place. It is also totally passive so that it won’t disrupt the operations of devices. Automated enforcement is immediate and continuous because the discovery of assets and identification of issues works in real-time.

This lack of visibility into critical infrastructure vulnerabilities threatens national security. Ports must achieve a total, consolidated view of their risk postures. Click here for more information on how Armis protects the mission.