Seaports Magazine - Summer 2017 - 23

April Danos, director of information
technology for the Greater Lafourche
Port Commission and chair of the AAPA
Cybersecurity Subcommittee, part of the
AAPA's Information Technology Committee
(see sidebar), explained, "Operational technology, or OT, is all about industrial controls, things like automated cranes, or a card
reader that controls a gate. Information
technology, or IT, is needed to secure those
systems. In the example of the card reader,
a cyber breach - where someone tampers
with the data - could enable unauthorized
people to enter a secure area." Other examples of what might happen, cited by Danos,
include a situation where firmware controlling a port's security camera is not updated,
creating a vulnerability where a hacker, or
worse, someone planning a physical attack,
could gain control of the camera. She said,
"Our job is to think it through....to envision
the worst case scenarios and come up with
the worst nightmare. Then we can begin to
plan properly."
Port Fourchon, like many AAPA members, is a "landlord port," which influences
the way that security is organized. Danos
explains, "As a landlord port, it is our tenants
who do the physical doing when it comes to
running and operating their facilities and
systems. When it comes to security matters, they take their guidance from the
U.S. Coast Guard, which requires Facility
Security Plans."
The port, however, maintains a backbone of collaborative command and control software and hardware assets that make
coordinated incident response and security

"Our job is to think it
through....to envision
the worst case
scenarios and come
up with the worst
nightmare. Then we
can begin to plan
properly."
-April Danos, Director of
Information Technology, Greater
Lafourche Port Commission

AAPA Resources
Two AAPA technical committees and one subcommittee tackle issues related to topics
discussed in this article. The Security Committee, chaired by Joseph Lawless, of the
Massachusetts Port Authority, is tasked with: "...collecting and disseminating information pertaining to protection of cargo and facilities from theft, pilferage and vandalism,
including prudent business and operating practices, appropriate facility design security
and personnel training and procedures and port security technologies and techniques."
The Information Technology Committee, chaired by Lance Kaneshiro, from the Port of
Los Angeles, has the mission of "monitoring, collecting and disseminating knowledge
regarding the development of information technology, including but not limited to the
areas of electronic data interchange, management information systems and other automation initiatives in the area of information technology undertaken by federal agencies
and ports in AAPA member counties, as well as monitoring such initiatives throughout
the world..." The Cybersecurity Subcommittee, chaired by April Danos, from the Port
of Fourchon, is part of the IT Committee and has the mission of monitoring, collecting
and disseminating knowledge regarding cybersecurity. The Department of Homeland
Security (which includes U.S. Customs and Border Protection and the U.S. Coast Guard)
plays a key role in security matters. A March 2017 AAPA brief on Government Relations
Priorities: Maritime Security outlines recommendations for federal lawmakers. It can
be found at: http://bit.ly/AAPAbrief

possible. Additionally, the port maintains a
dialogue with its tenants, agency response
partners, and the local Coast Guard in
order to provide a layered, more resilient
approach to security as a whole. Resiliency
is very much on the mind of Danos and her
colleagues: "If something like a GPS hack
happened and it led to a vessel collision,
it would be a port problem. How do we
respond? We are constantly thinking about
how to get back up and running, as quickly
as possible," she said.
At the level of individual terminals,
the Coast Guard has also been ratcheting
up security requirements - notably with
the Transportation Worker Individual
Credential (TWIC). Jim Strey, president/
CEO of idSoftware, explained that new rules
initiated, which will enter into full force in
August 2018 (following a two-year phasein period), require "All Class-A facilities to
comply with rules requiring all TWIC cards
to be read electronically - with biometrics
validated each time a card holder enters the
facility." Strey explained, "At these facilities, anybody - even delivery truck drivers
- needs to have a valid TWIC card with the
biometric indicator." idSoftware, which has
offices in Jacksonville, Fla., and Greenville,
S.C., creates and sells products such as
SecureGate Ports and VisCheck Ports that

"let terminals comply with these new rules."
However, in the interests of keeping this
electronic data intact and safe from cyber
security threats, "no data is actually stored
in our system," said Strey, and any transmission of data (for example, from a hand-held
device) is encrypted. "Our primary focus
is about who is on the facility at any point
in time."
For terminals where certain dangerous
cargo (CDC) is handled, the new regulations
are being felt, as well. However, less than
a year past the startup date of the tighter
regulations, a pilot project is already underway with a group of facilities around the
United States, including Port Everglades,
Fla.; Panama City, Fla.; Mobile, Ala.; and
Freeport, Texas. On the West Coast, projects are underway in San Diego and at
Everett, Wash.
The importance of the cyber realm is
also evident in the positioning taken by
KBRwyle. Serving mainly governmental
entities, KBRwyle is a subsidiary of KBR,
a Texas-based provider of differentiated
services and technologies that acquired
Honeywell Technology Solutions Inc.
(HTSI) in late 2016. KBRwyle has two tools,
Portable Cyber Assessment Tool (PCAT)
and CSTAR (a reporting tool), that are
used to document a company's risk posture

SUMMER 2017 * WWW.AAPASEAPORTS.COM

23


http://www.bit.ly/AAPAbrief http://WWW.AAPASEAPORTS.COM

Table of Contents for the Digital Edition of Seaports Magazine - Summer 2017

AAPA Headquarters
From the President’s Desk
Stakeholders: A Seaport’s Secret Resource
Why Ports Need Allies: Maintaining a Working Waterfront Takes a Network of Supporters
The Next Generation of Leaders — Succession Planning Provides Security, Guidance for Future
Port Security — An Exercise in Partnerships
Lessons From the Past: A Renewed Commentary on Port Security
Cyber Security: What Port Authorities Need to Know
Tomorrow’s Leaders Need More Than On-the-Job Training
Index of Advertisers
Seaports Magazine - Summer 2017 - Intro
Seaports Magazine - Summer 2017 - bellyband1
Seaports Magazine - Summer 2017 - bellyband2
Seaports Magazine - Summer 2017 - cover1
Seaports Magazine - Summer 2017 - cover2
Seaports Magazine - Summer 2017 - 3
Seaports Magazine - Summer 2017 - 4
Seaports Magazine - Summer 2017 - 5
Seaports Magazine - Summer 2017 - AAPA Headquarters
Seaports Magazine - Summer 2017 - 7
Seaports Magazine - Summer 2017 - From the President’s Desk
Seaports Magazine - Summer 2017 - 9
Seaports Magazine - Summer 2017 - Stakeholders: A Seaport’s Secret Resource
Seaports Magazine - Summer 2017 - 11
Seaports Magazine - Summer 2017 - 12
Seaports Magazine - Summer 2017 - 13
Seaports Magazine - Summer 2017 - Why Ports Need Allies: Maintaining a Working Waterfront Takes a Network of Supporters
Seaports Magazine - Summer 2017 - 15
Seaports Magazine - Summer 2017 - 16
Seaports Magazine - Summer 2017 - 17
Seaports Magazine - Summer 2017 - The Next Generation of Leaders — Succession Planning Provides Security, Guidance for Future
Seaports Magazine - Summer 2017 - 19
Seaports Magazine - Summer 2017 - 20
Seaports Magazine - Summer 2017 - 21
Seaports Magazine - Summer 2017 - Port Security — An Exercise in Partnerships
Seaports Magazine - Summer 2017 - 23
Seaports Magazine - Summer 2017 - 24
Seaports Magazine - Summer 2017 - 25
Seaports Magazine - Summer 2017 - Lessons From the Past: A Renewed Commentary on Port Security
Seaports Magazine - Summer 2017 - 27
Seaports Magazine - Summer 2017 - Cyber Security: What Port Authorities Need to Know
Seaports Magazine - Summer 2017 - 29
Seaports Magazine - Summer 2017 - 30
Seaports Magazine - Summer 2017 - 31
Seaports Magazine - Summer 2017 - Tomorrow’s Leaders Need More Than On-the-Job Training
Seaports Magazine - Summer 2017 - 33
Seaports Magazine - Summer 2017 - Index of Advertisers
Seaports Magazine - Summer 2017 - cover3
Seaports Magazine - Summer 2017 - cover4
Seaports Magazine - Summer 2017 - divider1
Seaports Magazine - Summer 2017 - divider2
Seaports Magazine - Summer 2017 - 41
Seaports Magazine - Summer 2017 - 42
Seaports Magazine - Summer 2017 - 43
Seaports Magazine - Summer 2017 - 44
Seaports Magazine - Summer 2017 - 45
Seaports Magazine - Summer 2017 - 46
Seaports Magazine - Summer 2017 - outsert1
Seaports Magazine - Summer 2017 - outsert2
http://www.nxtbook.com/naylor/AAPQ/AAPQ0118
http://www.nxtbook.com/naylor/AAPQ/AAPQ0417
http://www.nxtbook.com/naylor/AAPQ/AAPQ0317
http://www.nxtbook.com/naylor/AAPQ/AAPQ0217
http://www.nxtbook.com/naylor/AAPQ/AAPQ0117
http://www.nxtbook.com/naylor/AAPQ/AAPQ0416
http://www.nxtbook.com/naylor/AAPQ/AAPQ0316
http://www.nxtbook.com/naylor/AAPQ/AAPQ0216
http://www.nxtbook.com/naylor/AAPQ/AAPQ0116
http://www.nxtbook.com/naylor/AAPQ/AAPQ0415
http://www.nxtbook.com/naylor/AAPQ/AAPQ0315
http://www.nxtbook.com/naylor/AAPQ/AAPQ0215
http://www.nxtbook.com/naylor/AAPQ/AAPQ0115
http://www.nxtbook.com/naylor/AAPQ/AAPQ0414
http://www.nxtbook.com/naylor/AAPQ/AAPQ0314
http://www.nxtbook.com/naylor/AAPQ/AAPQ0214
http://www.nxtbook.com/naylor/AAPQ/AAPQ0114
http://www.nxtbook.com/naylor/AAPQ/AAPQ0413
http://www.nxtbook.com/naylor/AAPQ/AAPQ0313
http://www.nxtbook.com/naylor/AAPQ/AAPQ0213
http://www.nxtbook.com/naylor/AAPQ/AAPQ0113
http://www.nxtbookMEDIA.com