On Point: Q&A With Klinton “Klint” Walker
What’s the next step for these seaport exercises?
The next evolution is to start doing multi-port exercises. Right now, we have a whole list of tabletop exercise templates on the CISA website. There’s one aimed at ports, but it’s vague and only focuses on a single tenant. We want to expand that, not just for seaports, but also river ports, airports, and trucking and rail stations, focusing on the entire transportation sector and supply chain. With some of these ports, the rail line, the roadways are major avenues to get goods out of the port and where they need to be. And if those industries are hit, that can also shut down a port.
Can stakeholders perform these exercises on their own?
We highly encourage that. We always want to be invited, but every organization should do tabletop exercises internally and externally with their partners—what we call ecosystem exercises. These are picking up steam even in the commercial world. The dependence on managed service providers, cloud computing and contract work means that you can’t just do things in-house anymore. You have to exercise with multiple entities.
And sometimes your expectations for those entities aren’t reality. I look at some of the incidents I first responded to. After one incident, the CISO [chief information security officer] for that organization said, “If you had asked me before this whether my team was the best, I would have said yes, but I realize now that my team is the best at steady state operations, but they’re novices when it comes to incident response.”
What are some challenges specific to seaports?
We’re talking about a lot of tenants operating into one ecosystem, each with their unique way to operate and their own dependencies. Some of them use up-to-date systems; others lag behind. Some might be technology companies; others might be industrial control systems.
You’re talking about the interoperability of networks. You’re talking industrial control systems like cranes or badge access systems, or these large inventory systems that need to interoperate with traditional IT technologies, all across the common backbone, or across the common operating system.
A lot run almost on a flat network for the backbone with individual silos for some of the tenants. That’s always a unique experience when you have so many different entities involved in one ecosystem, all operating as best they can. But if even one has a flaw, everybody shares that flaw. In a lot of places, so many ships are coming in, so many different systems attach to that network, even for short periods of time.
And a lot of individuals, temporary employees, move on and off, or have physical access to the systems. You have so many hands that can touch so many parts of the system, it takes a convergence of physical security and cybersecurity to ensure port operations.
And a lot of them still use copper or fiber, but we also have cellular systems and point-to-point radio signal systems. All these technologies coming together make for a lot of endpoints, and if you leave even one unsecured, that can cause a foothold for threat actors to get wherever they need in the network.
What are some early lessons learned?
I’ve been amazed at how unique every port is, how some have a robust cybersecurity presence, and others rely on the county or the city to provide a lot of their IT or cyber support. Some tenants have robust cyber programs, and others don’t emphasize cyber because they’re not traditional technology companies. But in this day and age, every company must be a technology company, because we all live and breathe and survive on our technology and our ability to move products from point A to B, and technology enables that.
This column has been edited for clarity and concision.
Comments