By Andy Stewart and Don Leyn

At Cisco, deploying advanced cybersecurity capabilities goes in tandem with helping customers such as the U.S.’ and the world’s largest ports and terminals to implement digital business transformation and modernization.  

Zero trust security for digitally enabled ports

Keeping bulk cargo and shipping containers moving efficiently and safely at a port requires massive amounts of data to be securely transmitted in real time to and from modern applications such as a Terminal Operating System (TOS), autonomous solutions, and other port operations solutions. Data flows and supporting applications have moved closer to “the edge” – closer to the industrial devices, terminal equipment, moving vehicles, and users. In today’s digitally enabled ports and terminals, yesterday’s old security perimeter is not sufficient. With the growing number of connected devices, adopting a zero trust security strategy based on a least-privileged approach to network and data access is an absolute necessity to successfully modernize operations.

Ultra-reliable wireless backhaul – fiberlike wireless anywhere

Maritime and inland port operators increasingly deploy modern wireless connectivity to move data across the yard and increase outputs. They need technology with ultra-low latency, high throughput, high reliability, and seamless handoffs when on the move in a complex radio frequency environment. At the beginning of the pandemic, a large U.S. East Coast port began a journey of upgrading their existing wireless solutions. After testing several candidates, they chose to implement Cisco Ultra-Reliable Wireless Backhaul. In 2021, the port’s operations realized a 30% increase in container utilization, and they attribute some of this increase to the improved wireless connectivity capabilities provided by Cisco URWB.

Solving the three primary cybersecurity challenges

While helping port and terminal operators deploy modern wireless networks to digitize operations, our efforts also help them solve three primary cybersecurity challenges:

Extreme visibility: Delivering an accurate inventory of what is connected to the network helps them understand the operational configuration and their security posture. This visibility helps prioritize what needs to be fixed to reduce the attack surface, but also provides insights to reduce downtime and improve operational efficiency.
Enhanced control: With enhanced visibility, operators can understand exactly which devices need to communicate with each other and control how they are communicating – enabling network segmentation and secure data conduits that permit their terminal operating system (TOS) and other vital applications to exchange data securely.
Foster collaboration: Gaining visibility into connected devices and communication patterns enables the accurate information transfer needed for operations and IT personnel to collaborate and implement the best security policies. It also enhances operational throughput and efficiencies.

It is central to address these issues holistically when taking a zero trust approach to build a customer’s industrial network. As described in NIST SP 800-207, “Before undertaking an effort to bring zero trust to an enterprise, there should be a survey of all assets, subjects, data flows, and work flows. [ . . .] This awareness forms the foundational state that must be reached before a zero trust architecture deployment is possible.” Thus, providing extreme visibility to a port or terminal operator begins with:

Mapping the data flows from and between all the vital applications (e.g., TOS, autonomous systems, crane systems, gate operating systems, camera systems, customer-facing applications, etc.)
Identifying and acutely characterizing the associated devices, equipment, and users generating and exchanging this data
Deriving and specifying operational data exchange characteristics such as required latency, redundancy, prioritization schemas, and bandwidth requirements.

Policy and network segmentation

Next, following zero trust and industrial security best practices—as defined in ISA-95/IEC-62264 and ISA-99/IEC-62443—and using the knowledge from those authorized network flows, we implement policy and network segmentation with a defense-in-depth strategy that builds segmentation and zones with sanctioned conduits to prevent attacks and lateral movement. In short, this entails a bottom-up, trust-nobody approach where every available security capability of the platform is leveraged to provide segmentation, threat-informed security, and governance. This ensures a transparent policy between operations and security personnel – thus, allowing for secure, safe, and efficient operations in the physical port/terminal.

You cannot protect what you don’t see

Cisco security solutions are built directly into network equipment and decode industrial protocols to monitor operations, feed the cybersecurity platform with operational technology context and comprehensive threat intelligence, and, thus, enable security and operational collaboration. With this extreme visibility across all devices and data flows, the cybersecurity platform can automatically detect intrusions and abnormal behaviors, enforce appropriate policy, and alert the security team to act.

Deep visibility includes the ability to acutely characterize the state of all industrial assets—including device make/model, firmware, latest patches, and other systems factors—to assess industrial asset vulnerability. The Cisco Cyber Vision sensor built into Cisco industrial network equipment makes it easy to build a comprehensive picture of the industrial environment. Security and operations personnel can assess risk and implement a continuous improvement process via deliberate patch management and/or implementing additional isolation to potentially vulnerable devices until it becomes safe and operationally feasible to update the device.


Delivering effective cybersecurity for critical infrastructure requires a deliberate effort across any organization’s approach to bring together people, processes, and technology. We are excited to enable terminal management and port operations to become more reliable and sustainable through digitization and—integrated with these modernization efforts—make them more secure. An integrated networking and security portfolio helps the maritime transportation sector through this journey – delivering the best technology, which underpins efficient processes and enables the sector’s personnel with the skills and tools necessary to realize all the possibilities of modern port operations.

Learn more

Find out about Cisco’s solutions for terminal operations and ports
Discover Cisco’s comprehensive industrial security solution and Cisco Cyber Vision
Learn more about Cisco Ultra-Reliable Wireless Backhaul
Subscribe to the Cisco IoT Security Newsletter.

Leave a Reply