Andrew Tsonchev discusses using Artificial Intelligence to defend the cyber-border

A number of recent high-profile attacks on industrial networks have served as a wakeup call to government, demonstrating that the impact of attacks against critical infrastructure is not just financial. Cyber-attacks have the potential to severely disrupt critical services, jeopardise company systems and what’s more, endanger physical safety.

Although not typically front of mind when it comes to cybersecurity, ports and harbours are high risk, dynamic environments. They are also being increasingly targeted by hackers, as demonstrated by recent attacks on ports in Barcelona and San Diego. Much like a city, potential risks enter their borders – both physically and virtually – every day. From travellers using a ferry’s public WiFi, to the unique network-connected operational systems on every ship, the proliferation of new technology across a port’s digital ecosystem is limitless. With no signs of digitisation slowing, hyper-connected, ‘smart’ ports featuring port-wide digital platforms able to automatically navigate ships using real-time data, are becoming reality.

The intertwining of physical and digital across our ports, creates a monumental challenge for the cyber-security teams tasked with their defence. Connecting large-scale industrial machinery such as oil export pipelines and cranes, to traditional IT in vessel traffic control centres, creates an increasingly complex network. Without the means to understand and discover network vulnerabilities, or dedicated security tools for legacy, bespoke industrial systems, ports are exposed to cyber-attackers with numerous opportunities to compromise and disrupt operations. Successful attacks on the maritime industry demand high levels of specialisation and novelty. This means ports are often contending with well-run, highly resourced criminal groups or nation states rather than lone, experimental hackers.

With the European Union Network and Information Security (NIS) Directive recently introducing security requirements for operators of essential services, cyber security can no longer be an after-thought for port operators. Unlike many regulations, the UK’s NIS Directive explicitly states that no ‘paper exercise’ can satisfy any of its requirements, avoiding the pitfall in which security teams are forced to choose between addressing their highest security risks or merely tick the required boxes. This means that all of its auditors must be experts in the regulations themselves, and compliance can only be achieved through practical effectiveness.

This mounting regulatory pressure, combined with potential breaches on commonly used ship-tracking technology hitting the headlines, has led port security teams to seek a security overhaul. In order for attacks on industrial environments to have any impact, something out of the ordinary must happen.

The traditional approach to cyber defence is inherently retrospective, only providing protection for attacks that have been seen before. But as they are bombarded with novel, bespoke cyber-attacks, security teams are increasingly relying on artificial intelligence to keep their port systems and operations safe. Machine learning systems can provide bespoke, tailored, protection for highly specialised environments, allowing for the detection of targeted attacks against unique industrial systems. Harwich Haven Authority is a major trust port in the UK, handling 40 per cent of the country’s container traffic and some of the world’s largest ships. The authority is just one of a growing list of maritime organisations acknowledging that human beings alone cannot combat the threat, deploying AI to bolster their cyber defence.

Adhering to this requirement, analogous to the human immune system, cyber AI uses machine learning to learn the normal ‘pattern of life’ for every device, controller and user on the unique network, including increasingly popular cloud platforms. Using this dynamic understanding, they then detect subtle abnormal behaviours in real time, and autonomously fight back against unknown threats.

Leveraging this new breed of cyber defence, security teams can catch and immunise the vulnerable IoT across their networks. For example, a port may invest in biometric fingerprint scanners for their staff to enter a high-security control room. Although a forward-thinking safety feature, these sensors are invisible to most legacy security systems and offer a foothold for attackers to gain network entry and leap across the network to hack into shipping operations. However, by deploying autonomous response technology, AI can be used to detect strange connections on any network-connected device. When detected, cyber AI will respond in seconds to in-progress attacks by slowing down or entirely stopping the specific connection involved. Akin to ‘digital antibodies’ these responses are surgical and proportionate, preventing system downtime which could have severe consequences for international port services.

On the cusp of an era of machine-on-machine attacks, where the bad guys leverage AI to accelerate their infiltration of networks and systems, ports will continue to attract the most sophisticated attacks. Arming port defenders with the right technology will allow them to respond at the same speed and level of complexity as the attackers, and win. This will be critical in the race to secure the technology that is fundamental to the efficiency and effectiveness of the modern port.

Andrew Tsonchev is director of technology, Darktrace Industrial. The world leader in cyber-AI, Darktrace was founded in Cambridge in 2013 and in just five years has achieved a valuation of $1.65bn. The company’s ‘Enterprise Immune System’ defends over 7000 networks worldwide from the latest cyber-threats, working with customers such as Drax, London Gatwick Airport and the City of Las Vegas.