4 lessons from ‘Hack the Port’ about 'critical infrastructure' cybersecurity

Cybersecurity leaders and practitioners recently gathered at Hack the Port in Ft. Lauderdale, Florida, to discuss the evolving threats to ports — a key sector within the nation’s critical infrastructure — and how to better protect them. The event comes at a time when the world watches conflict unfold between Russia and Ukraine, prompting new warnings from the administration that cyber attacks may occur outside of this warzone, so critical infrastructure owners and operators need to accelerate efforts to lock their digital doors.

Hack the Port made clear that there are key themes that any critical infrastructure owner and operator — whether public or private sector — needs to keep in mind in order to lock their digital doors. Those themes are outlined here.

Hackers with little means can make a large impact

The cost of entry for attacks has plummeted. We are seeing adversaries with little means make a large impact on their critical infrastructure targets, to the tune of $4.24 million average cost per breach. For instance, the hack that took down the largest fuel pipeline in the US and led to shortages across the east coast was the result of a single compromised password found on the dark web that gave hackers access to the company’s VPN without multifactor authentication. Coupled with a fragile supply chain from the strains of the pandemic and a major cargo ship grounding incident, hackers are pouncing on the dynamism of a changed world.

What we’re learning from every cyber incident is that data is the hacker’s new weapon. In order to prevent or mitigate their efforts, cyber defenders need to collect as much data of their own as possible so that it can be analyzed, acted upon, and shared as threat intelligence. With Elastic’s Limitless XDR offering, which unifies security information and event management (SIEM), endpoint, and cloud security, defenders tap into detection rules, endpoint code, and other protection artifacts from millions of users within Elastic’s free and open platform. These artifacts are actionable and incredibly affordable for users ranging from small business to military service branches. New users can benefit in the same way by standing up Limitless XDR in the cloud, in a matter of minutes without any hardware required.

Connected or disconnected, it must be protected

Ports and maritime control systems, like other critical infrastructure, lean on legacy operational technology (OT) networks and Internet of Things (IoT) devices in addition to information technology (IT), but have a limited number of staff members that specialize in the OT. It’s concerning then that in 2020 alone, there were 500 major incidents targeting critical infrastructure OT. On top of that, many maritime control systems run in disconnected, intermittent, limited (DIL) environments, and do not have connectivity once they are afloat. These DIL systems may look to use low earth orbit satellites for connectivity, which introduces more complexity to the cyber footprint.

Whether connected or disconnected, it’s important to understand the makeup of critical infrastructure in order to protect it. Events like Hack the Port are important because they expose broader audiences to what’s historically been confined to the industry itself. They also provide the opportunity to discuss technology transfer, such as military-related solutions that can be applied to critical infrastructure challenges. For example, using Elastic, running machine learning models locally on DIL endpoints instead of using a malware signature-based approach enables the endpoints to remain protected, whereas traditionally, disconnected endpoints would have out-of-date signatures and be at risk. Plus, with configurable queues and distributed-by-design architecture, data and telemetry can be queued at the edge if and when network communications are down. When communications are restored, data can be seamlessly pushed from the endpoint to the cluster ensuring no data is lost due to communication issues.

Cybersecurity compliance isn’t busy work

In her remarks at Hack the Port, Jen Easterly, the director of the Critical Infrastructure Security Agency (CISA), referred to ports as a “soft spot” in America’s critical infrastructure, and the importance of securing them cannot be understated because $5.4 trillion flows through ports each year – accounting for a quarter of the US gross domestic product. CISA provides critical infrastructure owners and operators with a great deal of threat intelligence, training, and resources, and is a leading force behind the administration’s Executive Order (EO) on Improving the Nation’s Cybersecurity. This EO outlines several standards and requirements that federal civilian agencies, working in partnership with the private sector, must meet in order to foster a more secure cyberspace.

The EO’s standards and requirements provide a strong foundation for critical infrastructure cybersecurity, whether owners or operators are bound by it or not. At Elastic, we understand that these owners and operators thrive in machinery and logistics, not necessarily in standards and requirements. That’s why we’ve outlined a few areas to tackle immediately to lock your digital doors using a single platform. View our industry brief to understand how we help organizations meet or exceed compliance requirements related to event log management, endpoint detection and response (EDR), and secure cloud adoption with Zero Trust.

Cyber workforce assessment with diverse talent recruitment

An (ISC)2 study found that progress is being made in addressing the global cybersecurity workforce shortage with 700,000 new entrants joining the field since 2020. However, they also estimate that the cybersecurity workforce needs to grow 65% to effectively defend organizations’ critical assets. Critical infrastructure owners and operators, in particular, should continually assess their cybersecurity workforce needs. Resources from organizations like the Office of Personnel Management are available to help cybersecurity stakeholders identify work roles of critical need and pinpoint the workforce’s most critical skill shortages.

Critical infrastructure owners and operators also need to invest in training the next generation of cyber defenders to respond to next generation cyber threats. MISI, the organization behind Hack the Port, understands this well and uses Elastic Security solutions to give diverse talent time on target with real world cyber scenarios. Elastic is also committed to connecting the dots on diversity in cybersecurity recruitment, and regularly hosts Capture the Flag events in addition to its robust training program. The cyber skills learned through these types of programs can be reused in new assignments, a real advantage of free and open software.

Take action on ‘Hack the Port’ themes

Now that Hack the Port has wrapped, Elastic stands ready to support maritime and other critical infrastructure owners and operators in applying the cybersecurity themes presented at the conference. We encourage you to check out our Limitless XDR demo, and when you’re ready to take action, contact us at federal@elastic.co or start your FedRAMP cloud trial here.

Related blogs:

• Forrester names Elastic a Strong Performer in the Endpoint Detection and Response Wave
• A single platform for US Government security and logging compliance