Managed Service Providers and Cybersecurity Risk in Ports
By Chris Carter, Information Security Analyst, Port of Vancouver USA
Managed Service Providers (MSP) use their tools to monitor and maintain networks remotely and have become a popular target among cybercriminals. MSPs act as hub-and-spoke to many companies, including ports and other critical infrastructure industries. From this perspective, it makes sense for cybercriminals to attack one service provider, the MSP, has access to multiple ports. Cybercriminals' ability to deploy ransomware to numerous victims at once increases their chance of a payout and decreases the time other companies or ports have to patch the holes the cybercriminals used to carry out their attack. Does your port utilize an MSP or a vendor to manage or support an aspect of your operations? What risk does this pose?
MSPs are excellent resources for managing and maintaining information technology systems. They can augment existing staff when appropriate policies, procedures, and contract language is applied. The Cybersecurity & Infrastructure Security Agency (CISA) this past summer released "Mitigations and Hardening Guidance for MSPs and Small- and Mid-sized Businesses." The two-page document provides excellent guidance that ports can use today to help reduce risk. Please consider taking a few minutes to review it; those few minutes could keep you out of the next cyberattack headlines.
Information Technology (IT) systems play a vital role in ports throughout the region. They have become necessary in day-to-day operations in large and small ports. Most ports throughout the state may not have a full-time employee to support or manage their different IT systems and rely heavily on MSPs. IT systems such as HVAC or security systems may require a vendor access can pose a risk of falling victim to a cyber-attack. When MSPs connect or access port environments remotely, the port now assumes that MSP’s cybersecurity posture, or way they handle cybersecurity. Depending on the MSPs cyber-posture, a cybercriminal can enter through a door you are unaware of.