Securing IT Infrastructure of Europe’s Largest Seaports: A Case Study of Hamburg Port Authority
- Cybersecurity & Privacy - Network Security
- Platform as a Service (PaaS) - Application Development Platforms
- Construction & Infrastructure
- National Security & Defense
- Cybersecurity
- Tamper Detection
- Cybersecurity Services
The Hamburg Port Authority (HPA), responsible for managing all harbor-related infrastructure for the city of Hamburg, faced significant challenges in securing its vast IT infrastructure. This infrastructure included 350 kilometers of fiber cable, 850 routers and switches, 500 servers in two data centers, and thousands of computers and smartphones running over 600 applications across 63 separate locations. The HPA IT managers identified several security challenges, including over 100 local administrators managing applications without support or follow-up, applications without a designated owner responsible for security or lifecycle management, and a flat network structure focused more on performance and flexibility than security. Additionally, HPA workers were not optimally aware of best security practices, leading to concerns about unidentified network exposures.
The Hamburg Port Authority (HPA) is a local governmental agency that manages all harbor-related infrastructure for the city of Hamburg, Germany. This includes streets and bridges, railways, and water infrastructure. The HPA oversees one of Europe's largest and busiest seaports, which is a key trade lane connecting Eastern Europe to the rest of the world. The port provides over 150,000 jobs and processes more than 135 million tons of cargo with an annual 9 million TEU capacity, expected to double by 2025.
To address these challenges, HPA partnered with XM Cyber, a global leader in Attack Path Management. They implemented XM Cyber’s Attack Path Management Platform to identify and address security issues on a day-to-day basis. The platform provided HPA with a more comprehensive view of their overall security posture, identifying issues such as unsecured databases, missing patches, and unsecured test machines. The platform's attack-centric risk analysis identified domain credential issues as a significant security challenge. To address this, HPA IT leaders reduced the number of domain admins and streamlined the use of different accounts for separate needs. XM Cyber’s professional services team provided support in analyzing and finding the best possible solutions for issues HPA was unsure about.