MDR vs MSSP vs SIEM: The Evolving Threat Detection Landscape
Nov 29, 2023

Wed, Apr 20, 2022
Last year, images of ripped-open packages stolen from cargo containers littering the tracks in Los Angeles went viral. According to Los Angeles Police Chief Michel Moore, “Guns are among the items that have been stolen from cargo containers on railroad tracks in Lincoln Heights.” The disturbance is being investigated as possibly contributing to the derailment of 17 rail cars.
The maritime supply chain crisis gripping the U.S. started in the early months of 2021 with a flotilla of ships sitting off the coast of California and has since prompted a substantial amount of planning and logistics conversations about threat and vulnerability management from both the public and private sectors. Approaching this complex commerce situation requires new ideas along with tried and trusted practices to alleviate the problems surrounding threat mitigation and vulnerability resiliency efforts for port security directors as well as those tasked with protecting America’s supply chain in the Pacific region and nationwide.
Although the Maritime Transportation Security Act (MTSA) of 2002 is about to turn 20 years old in November, this current crisis shares many of the unique challenges faced by port security directors in 2002 working to ensure federal safety and security statutes following the attacks of 9/11. We may not be managing the response to the unprecedented attacks of 9/11, but we would be hard-pressed to meet a subject matter expert in the maritime sector who has yet to observe something as impactful to the maritime commerce and transportation sectors during the current crisis.
For example, at the Port of Los Angeles/Long Beach there exists a logistics nightmare for both the law enforcement entities who have the authority to implement the MTSA and the port security directors charged with regulatory mandates. As containers, ships, trucks and railway elements delay and back up, we are beginning to identify significant vulnerabilities in the North American supply chain. We witness these glaring vulnerabilities as trains and trucks sitting idle with valuable cargo become easy targets for criminal organizations, contributing to thinly stocked shelves and out-of-stock items at stores nationwide.
However, these threats are not new. With transportation-related criminal activity tracing back to the 1800s when Jesse James and his notorious gang of outlaws staged the world’s first robbery of a moving train, maritime and transportation sectors have always been prone to security threats. When asked why he robbed banks, the notorious bank robber Willie Sutton is credited with saying, “Because that's where the money is”. While most of the world quarantined in their houses during COVID-19, criminal organizations targeted—and continue to target—the maritime and transportation sectors, along with cyber vulnerabilities, for the same reason Willie Sutton did—because that is where the money is.
These vulnerabilities increase as public and private entities charged with mitigating threats must now deal with backed-up transportation routes in and out of their ports and ships at bay awaiting transfer of cargo, similar to what’s happening at the Los Angeles rail yard, creating potential vulnerabilities that a criminal or terrorism organization can exploit.
Several causes are contributing to the events playing out on the train tracks in Los Angeles. To name a few: lack of fencing and proper lighting, law enforcement resources stretched too thin and a depleted security guard force dedicated to the facilities. This physical environment not only lacks basic security to protect the supply chain but encourages crime and disorder. Even when efforts are made to take legal action against these modern-day train robbers, those tasked with stopping thefts and holding suspects accountable face what seems like a revolving door at the courts with repeat offenders returning unabated to continue the thefts.
A solution-oriented security strategy at the L.A. rail yards and at any location that is tasked with securing the American supply chain should consider these seven factors in their security planning.
Video surveillance programming: Due to camera fatigue, video surveillance systems are only effective when the proper technology is deployed effectively, and the program in which the video is utilized is maximized. If all you need is to be able to document an incident, having numerous cameras that record 24 hours a day is enough. If you are hoping to prevent something from happening, you need to ensure proper program management.
Video surveillance and camera systems have been greatly modernized, enabling law enforcement to respond to crimes more quickly. Below are some of the ways these systems have been updated:
Previously, helicopters could be deployed to be the “eye in the sky,” providing real-time intelligence to law enforcement or security operations. However, these deployments were costly and required dedicated resources and specially-trained personnel. A cost-effective alternative to helicopters that port security directors can consider are drones, or unmanned aircraft systems. Drone technology not only provides security managers with surveillance technology in hard-to-reach areas but also can be deployed in quick response to an incident not normally captured by a standalone camera. AI-equipped cameras allow port directors or security team members to launch a drone and monitor it on their smartphone, capturing real-time intelligence.
In Boston, Kroll installed Shot-Spotter ballistic detection systems that alerted 9-1-1 dispatchers to gunshots seconds after they were discharged. It identified the location and number of gunshots and was able to provide the direction and speed the shooter was traveling as they discharged. We have also deployed pan-tilt-zoom Homeland security cameras, which are not fixed and can be directed at the needed location when an incident occurs. This type of camera covers potentially huge areas, but not simultaneously. The Kroll team was eventually able to unite the two technologies to allow every camera to turn toward the location the gunshots were detected to maximize the chance of capturing the suspects as they were in the act and fleeing the scene.
Whenever a new threat to safety and security arises, it is the responsibility of private business and law enforcement to work together to develop a solution. After 9/11, airlines strengthened their cockpit doors and enlisted armed U.S. Air Marshals to accompany flights. Private entities have an obligation to secure their facilities, personnel and products. Law enforcement and elected officials need to work together with businesses and the community to provide safety and security for all.
Source: 1.https://www.dailymail.co.uk/sciencetech/article-8774151/Most-Americans-recorded-238-TIMES-week-security-cameras-study-reveals.html
Incident response, digital forensics, breach notification, managed detection services, penetration testing, cyber assessments and advisory.
In today’s fast-paced world, disruptions can happen anytime. Kroll’s full suite of business continuity, resiliency and disaster preparedness capabilities is designed to prepare your enterprise for unexpected risks and maintain competitiveness throughout the full lifecycle of any disruption.