BLUF
From 2011 to 2013, Antwerp Port was subjected to cyber and physical attacks from a criminal organization. This was one of the first times criminals used both technological advances and weak physical security to export an international used enterprise. This paper will analyze the factors that lead to weak security, ways to protect an enterprise from cybersecurity risk, and mitigation strategies to strengthen physical and cyber security.
Factors in this Case
One might question how their Amazon packages get to their house. The answer is the shipping industry. Hauling large quantities of products from across the world has been done for hundreds of years. Advancements such as large almost indestructible boxes in 1956 and technology improvements have made the tedious process faster. Though, this has not deterred criminals from finding ways to infiltrate systems.
Criminal Organizations for years have used physical harm threats in order to move their products such as illegal drugs and immigrants from point A to point B without interference. In the Past, criminals have done this by threatening former employees or by placing their men at physical locations. However, these crime syndicates have found ways to use technological advances to their advantage. Techniques such as inserting USB drives into company computers to port scan for PINS that controlled access to shipping containers.
Another factor that made Antwerp a target was its central location. Being located in Belgium allows Antwerp access to different waterways and railroad systems in Europe. The land Antwerp occupies has a certain level of openness to the public that was attractive to criminal organizations. Parks, hotels, and nature preserves allow for thousands of people to come within the facilities.
In addition to these factors, the criminal organization that attacked Antwerp used phishing emails and text messages to obtain information. This kind of network attack sends harmful links to employees luring them to click. These phishing emails were sent in order to gain access to Antwerp’s operational tracking systems which controlled the arrangement of containers on ships. This would allow criminals to manipulate company logistics in their favor. All of these factors contributed to the Antwerp Port attack in 2011 which allowed the port to be used in malicious manners.
A “Pwnie”
“Pwniers” are such as keyloggers, customized surveillance devices, and even manufactured cellular devices used to inflate Antwerp’s internal network and send data collected to the syndicates servers. Pwning is normally used by white hat hackers that are hired to hack into systems in order to create better security practices of an enterprise. Though, the white hat hackers in this case were physically threatened to cooperate.
One way to stop “pwnies” from collecting data is making sure systems are up to date, monitoring networks, and adequate physical security. Networks that are up to date with the latest security systems would have less vulnerabilities than outdated networks. Monitoring the devices themselves and networks would notify employees of suspicious activity. Lasty, having adequate physical security such as key cards, police officers, and cameras would prevent unauthorized individuals from entering the premises.
How to protect an enterprise from cybersecurity risk
According to Kirkpatrick in “Port of Antwerp Case Study- Early Example of Cyber/Physical Threat” keyloggers were used in the attack to record log-in passwords of the port’s operating system. One technique to mitigate this risk would be to instill two-factor authorization into the operating system. This would end an alert to a user cellular device in order to grant access to the system. This second step would make it harder for hackers to breach a system.
Another technique used by companies to mitigate risk would be by controlling the accessibility of data in a system strictly. Implementing a system that monitors which individuals have access to certain information in order to do their role without accessing information not needed. This would prevent unauthorized individuals from accessing sensitive information just because they are an employee.
Importance of Physical security
As expressed in “Port of Antwerp Case Study-Early Example of Cyber/Physical Threat” by Charles Kirkpatrick, in 2011 a crime organization tried to obtain access to Antwerp through phishing attacks across emails and text messages. Yet, these attempts were unsuccessful. Then the crime organization turned to physical break ins to gain data. Then after data was compromised, illegitimate truck drivers would pick up the containers before the real drivers came.This shows that physical security is just as important as cybersecurity when it comes to protecting information.
The fact is that these physical security vulnerabilities were exploited. Ways to prohibit these weaknesses would be to implement two factor authentication and key cards to enter the port instead of simply entering a password. Security guards to ensure real employees are accessing the containers. Finally, surveillance cameras to record all motion on premises would add another layer of security.
Mitigation strategies for DP World
I believe it would benefit DP World if they invested into superior physical security Mitigation strategies that I would recommend to DP World and other organizations would be exceptional motion sensors, alarm systems, surveillance cameras being monitored by employees, and key cards. Motion detectors would alert security if an individual is on premises without authorization.
Conclusion
The attack on the Antwerp Port in 2011 was a multi-layered scheme that lasted for two years. Before this, cyber and physical related crimes that took place at once, were unheard of. This case allows for cybersecurity experts to learn useful strategies to prevent similar attacks from happening in the future. Mitigation tactics such as the importance of physical security such as surveillance cameras, two step authentication, key cards, security guards, and alarm systems aid in the protection of sensitive data. In addition, the use of reliable cybersecurity like network monitoring, updated systems, and employee access control strengthen an enterprise’s security. All of these techniques can be used by cybersecurity professionals to develop new mitigation skills.
Work cited
The Mob’s IT Department | Bloomberg Business