«Being a resilient and cybersecure port is a key competitiveness factor»

Cybersecurity in the maritime sector has ceased to be a technical issue to become a global strategic priority.

• International organizations such as NATO have recently emphasized the urgency of strengthening ports' digital defenses, aware that a breach in these critical infrastructures can have far-reaching consequences for trade, energy security and geopolitical stability.
• The European Commission's new ProtectEU strategy also considers ports as key infrastructure, and cybersecurity is one of its main pillars. In accordance with its objective of strengthening the Union's internal security.

Along the same lines, the International Association of Ports and Harbors (IAPH) has published its Cyber Resilience Guidelines for Emerging Technologies, a roadmap for ports to integrate security into all their technological projects. These guidelines call for international cooperation, team training and the adoption of stronger regulatory frameworks to accompany the sector's digital transformation.

From the Port of Barcelona, Chiara Saragani and Javier Garrido have participated in the preparation of this report and with them we have been able to break down some of the issues related to cybersecurity in the port environment.

[PierNext] The IAPH emphasizes the need to incorporate security-by-design cybersecurity in the early stages of any port technology project. Is this already being done or does it remain a pending subject?

[Javier Garrido]: It's rather a pending subject. In fact, the objective of this guide is precisely to raise awareness among management teams —for example, C-Level profiles— that new technologies, many of them linked to digitalization, require cybersecurity measures from scratch. Only this way, when a hack comes, you'll know how to act.

Of the technologies analyzed in the report (AI, IoT, 5G, automation, drones, green energy and quantum computing), which pose the greatest challenges for port operations today?

[J.G.]: Quantum computing is still very immature, which means we don't know well the risks it can pose in the face of a cyberattack. Furthermore, we must consider that emerging technologies that allow managing more information also increase the potential impact of cyberattacks, by being able to take advantage of this greater data computing capacity.

Automation is another challenge: it increases productivity, but also multiplies the digital data that can be subject to attack. For example, if a container terminal is blocked by a hack, it can affect the traffic of thousands of trucks that circulate through it.

[Chiara Saragani]: These technologies not only touch various types of activities and objectives of maritime logistics, but they can also be applied in different areas, covering a very large environment. That's why it's fundamental that a port first defines where it wants to advance, how it will apply these technologies and where they can be most useful. Only this way can it implement a truly effective cybersecurity strategy.

For example, deploying 5G in a port can take years of preparation, especially to understand well the challenges it poses from a security point of view and how to take advantage of its benefits safely.

What other technologies can help strengthen port cybersecurity?

[J.G.]: Although, as I said it's not yet mature, quantum computing could also help a lot in the future. For example, with Quantum Machine Learning to detect phishing attempts or to map critical infrastructure. In general, it can contribute to containing and neutralizing attacks early.

The guide also insists on staff training. Are port teams being adequately trained to face these threats?

[C.S.]: Each technology has its own pace of evolution and many emerging solutions still require constant learning. IT departments have solid knowledge and are key in internal technological management, in addition to promoting continuous staff training to face new challenges. Likewise, collaboration with companies specialized in specific areas, such as 5G or artificial intelligence, complements that expertise and facilitates successful integration of technologies in the port environment.

[J.G.]: As digitalization advances, initiatives are being launched to train all port employees in practical issues related to technological security.

So far we have spoken in terms of the future, but have there been notable incidents in ports?

[J.G.]: Yes. The Port of Barcelona suffered a cyberattack on September 20, 2018. Thanks to backups, normality could be recovered by applying a contingency plan, but operations were partially affected and, for example, for several days port authority staff could not access their computers. These situations, although harsh, help to be better prepared for future incidents and prepare better contingency plans. On the other hand, shipping companies have also suffered attacks, such as the case of Maersk in 2017, whose global losses were estimated at around 250 million dollars.

What lessons were drawn from that attack?

[J.G.]: We created an innovative port cyber resilience project that we are developing. Many stakeholders intervene in a port and, if each one has its own isolated system, you end up with multiple entry doors for a potential attack. That's why we are working on establishing a SOC of SOCs, that is, a Global Security Operations Center that supervises all the SOCs of the different port agents. This way, if there's a breach in one of them, we can detect it quickly and coordinate the response to minimize the impact.

And in addition to what has been learned, what are now the cybersecurity priorities of the Port of Barcelona?

[C.S.]: It will be key to fully coordinate the port's cyber resilience system, something complex because each stakeholder has its own way of working. It will also be important to evaluate how emerging technologies can provide security: for example, blockchain can give greater robustness to digital operations, 5G allows faster responses to incidents and AI helps prevent risks.

In terms of international collaboration, what mechanisms do you consider most effective for sharing threat intelligence?

[C.S.]: More than closed projects, today ideas are being shared among various IAPH member ports to share experiences, identify common interests and explore collaboration pathways.

In fact, this guide seeks precisely to highlight shared challenges and, perhaps in the future, propose general lines that all ports can apply.

We must also take into account that we increasingly dump more data in the cloud and that ports are more interconnected. A cyberattack on one of them can put an entire network of infrastructures at risk.

[J.G.]: In Europe, work is already being done on the EU Port Strategy and in working groups, special focus is being considered on cybersecurity. This will allow establishing a common strategic framework, although then each country or port adapts the details.

Let's not forget the economic impact: blocking a port can paralyze entire sectors. In the case of the Port of Barcelona, for example, almost 100% of the gas consumed by Catalonia is imported through the port. If this traffic is blocked, the economic damage would be enormous. The same would happen if the entry of containers for automobile factories or cereals for the food industry is paralyzed.

Will we be able to predict cyberattacks?

[J.G.]: For now, the priority is to consolidate that port cyber resilience umbrella that covers all agents and secure data custody chains. From there, collecting information and doing simulations, we can improve protocols and get closer to predicting attacks or, at least, identify moments of greatest vulnerability.

[C.S.]: Today we work more on prevention and reconstruction, but I believe that in the long term we will be able to anticipate or, at minimum, detect in advance when we are most vulnerable.