Resilience and collaboration, the best defense of ports against cyberattacks

The digitization of ports and the maritime industry has been essential for the global logistics chain to overcome the pothole of the pandemic. The dark side of digitization is that it carries a higher risk of cyberattack. With this threat in mind, the International Association of Ports and Harbors (IAPH) has prepared the guide 'Cybersecurity Guidelines for Ports and Port Facilities', a tool for ports to be more resilient and collaborate in the design of joint strategies to protect them from a common enemy: hackers.

Posted on 10.08.2021
To face the common enemy, collaboration on cybersecurity between the agents of the sector is essential. (GettyImages)

A very real threat

Ports and port facilities are moving towards automation, connectivity and the electronic exchange of information. This means that millions of data on global logistics generated daily are exposed to possible cyberattacks.

According to IAPH data, between February and May 2020, cyberattacks targeting the maritime industry multiplied by four. Specifically, those aimed at hacking operational technology increased 900% since 2017.

In late July, South African state logistics company Transnet suffered a cyberattack that hampered container terminals at the ports of Durban, Ngqura, Port Elizabeth and Cape Town, causing delays in exports from the region.

In May 2020, it was the Port of Shahid Rajaee in Iran that suffered a cyber attack on the computer systems that control the flow of ships, vehicles and goods, paralyzing the loading and unloading activities of the terminals.

In this context, the publication of the guide ‘Cybersecurity Guidelines for Ports and Port Facilities’ seeks to answer three questions defined by its authors as crucial and that every executive should consider in their cybersecurity strategy:

  • How can I establish the true financial, business and operational impact of a cyber attack?
  • How prepared is my organization to prevent, stop and recover from a cyber attack?
  • What do I need in terms of resources to effectively manage the risk of a cyber attack?

According to Jens Meier, CEO of the Port of Hamburg, this increase in attacks is the turning point for port authorities to implement strategies against cyberattacks. "Protection from cybercrime should be a priority for ports regardless of their level of digitization and connectivity," he assured during the webinar held during London International Shipping Week where the cybersecurity guide was presented.

Cyber resilience enables to anticipate, identify, detect, respond to, and recover from potential cyberattacks. (GettyImages)

Greater cyber resilience

In addition to digitization and connectivity, the Internet of Things and its associated devices are another source of information susceptible to being attacked. For this reason, in his presentation, Meier delved into the concept of cyber resilience in order to safeguard the integrity and availability of critical data, guarantee the provision of services and protect the maritime infrastructure.

Greater resilience enables entities to anticipate, identify, detect, respond to, and recover from potential cyberattacks. For ports and port facilities this means much more than investing in technical solutions: it requires designing an effective model for cyber risk management, implementing it as part of the corporate culture and including best practices that promote continuous improvement.

“Those activities that are critical to both our business and that of our partners, customers and suppliers must be identified. Anticipation is key, you have to create strategies that can evolve to counteract the tactics of hackers, ”says Meier.

Between February and May 2020, cyberattacks targeting the maritime industry quadrupled

How Much Protection Is Enough?

Meier asks himself this rhetorical question, pointing out that the necessary security level is defined after carrying out a Business Impact Analysis, which informs on the degree of disruption that an incident that causes the interruption of processes can cause. The first step is to establish levels of confidentiality, designate who can access this information internally, and how to store and destroy it.

The CEO of the Port of Hamburg shares that to execute it successfully, the entire organization must be involved, and that for this, training is essential. "How to prevent an employee from being a victim of phishing? Organizing attack and defense drills to test our methodology.”

To execute a successful cybersecurity strategy, the entire organization must be involved. (GettyImages)

The importance of exchanging experiences

On the other hand, Lance Kaneshiro, CIO of the Port of Los Angeles, stressed during the webinar the importance of exchanging experiences in cybersecurity internally and externally, and at different levels; between port authorities, industry players, other sectors of the national and the international sphere.

"Collaboration allows defining business strategies with those of cybersecurity, complying with existing regulations and aligning common objectives to increase collective resilience, not only in our sector but also at a national and supranational level," he said.

The port of Los Angeles announced in December 2020 the creation, together with IBM, of the Port Cyber Resilience Center, which will detect malicious cyber incidents that may affect the flow of cargo in addition to improving the amount and speed of information exchange within the port community. This facility follows the Cyber Security Operations Center that the port authority inaugurated in 2014.

Cristian Medrano, head of telecommunications and cybersecurity at the Port of Barcelona, expresses a similar thought: "We need to continue working collaboratively, bearing in mind that cybersecurity is the responsibility of all of us, not just of a department of the port authority."

The Port of Barcelona suffered a major cyber attack in 2018 whose impact was minimized thanks to the work of the cybersecurity office. Due to the persistent risk, the Port has awarded a new cybersecurity services contract in order to protect the port authority from loss or theft of information.

These services are divided into two components: the ICT Security Technical Office, responsible for managing and auditing the entire information security process, carrying out the application of the Security Master Plan and the Security Operations Center ( SOC) which will be a continuous computer security surveillance service that includes the analysis and correlation of information security events, the management of incident alerts and support for the management of security incidents.

“The hyperconnected maritime chain depends on a reliable and efficient data exchange. All the agents of the sector must create multiple layers of defense to prevent a hacker from being successful. The price of not improving our collective cyber resilience can mean the loss of infrastructure of critical systems, delays in the logistics chain, as well as having economic, organizational and environmental repercussions,” Meier warns.