Are Ports Prepared To Deal With Threats From Hackers?
The most serious cyberattack in the history of the maritime sector occurred in June 2017. The largest container transport company in the world, Maersk, was the victim of a computer attack which prompted losses of around 250 million euros and had a profound effect on the logistics chains of hundreds of thousands of clients. Back in 2015, transportation was the fifth-most attacked industry according to the IBM 2016 Cyber Security Intelligence Index. However, European ports only began to invest in cybersecurity three years ago. Are they really prepared to deal with the threats posed by hackers?
The challenges posed by cybersecurity
According to Cristian Medrano, that ports have to deal with four main cybersecurity challenges.
Getting one step ahead of cybercriminals. Every day, all ports receive dozens of attacks, meaning vulnerability scans in their public IPs. However, the truly worrisome attacks are those that are unseen. In Medrano’s opinion, the best strategy for dealing with this kind of attack is to be prepared. “The only protection”, he says, “is to be one step ahead of the criminals, to find and solve the vulnerabilities before they do”, although we cannot forget that complete security is impossible. “At some time, your organisation is going to undergo a successful attack”, says the head of cybersecurity at Port of Barcelona, “so your goal is to be as prepared as possible for when this attack happens”. The best way to be prepared is having set protocols for each kind of cyberattack and for both the IT Systems department and security workers, as well as facilities users, so they know how to act in the event that this kind of attack occurs. Educating staff on the importance of following rules and practising with them frequently is the most effective recipe.
Cybersecurity should grow at the same pace as the implementation of digital services. American and Asian ports are keenly aware of this, and this is why they began adopting measures before their European counterparts and act like private enterprises. “The Port of Los Angeles, for example, has an impressive infrastructure devoted to cybersecurity”, says Medrano. In his opinion, “the digital transformation is a huge opportunity: if we manage to make cybersecurity yet another element in this transformation, the cultural shift it is making us undergo can be harnessed to implement cybersecurity measures in a cross-cutting fashion, and they will be fully accepted by all the stakeholders involved”.
The technological environment that characterises modern ports poses a greater risk of cyberthreats and therefore the need to maximise protection. Not only can cybercriminals attack from multiple entry points, but the interdependence of systems and electronic devices, the relative ease and profitability of successful attacks and the difficulty of identifying the culprits contribute to increasing this kind of attack. According to Medrano, “security should increase as the range of digital services does”.