With digitalization comes risk: how ports prevent cyberattacks

Digital port innovation has helped improve the shipping process, however it has also brought along with it a certain vulnerability. Learn how ports are maintaining strict standards of protection against cyberattacks, alongside the upgrade of shipping technology. Here we show you some of the initiatives of Los Angeles and Barcelona in fighting cyberattacks.

Posted on 06.11.2020
Cyberattacks are a challenge for every link in the supply chain. (Gettyimages)

While upgrades to digital port technology have offered a number of advantages to each link of the shipping supply chain in terms of efficiency, profitability, and sustainability, the mass amounts of data passed between shareholders everyday makes the industry more susceptible to cyberattacks.

The impacts of such threats are wide sweeping which can disturb port operations in a number of ways. Not only must ports protect employees and port users from, in the worst case, potential injury, digital ambushes can also include the theft of sensitive and critical data, the robbery of cargo and goods, illegal trafficking, system damages, or any harmful actions to the environment.

Any of these threats could force ports to close or interrupt operations which would inflict in financial loss and resulting in an even more vulnerable supply chain susceptible to further damages.

For example, the cyberattack on Maersk, the world’s biggest carrier of seaborn freight, occurred in 2017. This incident caused major halts in operations affecting 76 port terminals around the world that were forced to a standstill, sustaining financial losses up to $300 million from loss of revenue, IT restoration costs, and operations costs.

In the 21st century, harmful or criminal actions can be conducted in stealth by the use of digital platforms. Ports would need to step up against these threats of the modern era in order to counterstrike any possible cyber-attacks. This demands the need for cybersecurity infrastructure within port authorities has become a major focus for ports around the world.  Learn about the digital security challenges that ports face and how they are developing solutions that help fortify the shipping supply chains to prevent cyber-infiltration.


Port of Barcelona has enacted a cybersecurity scheme that focuses on adapting legislation, developing specific policies, simulating strikes and training employees. (Port de Barcelona)

Cyberattacks: A challenge for every link in the supply chain

While the need for digital security is undeniable, ports around the world face a number of challenges in putting their safety measures in place.

According to the report on Port Cybersecurity: Good Practices for cybersecurity in the maritime sector by Enisa, the main challenges faced when implementing cybersecurity include:

  • A lack of a digital culture in the port ecosystem, in which some stakeholders are still conservative.
  • A lack of awareness and training regarding cybersecurity.
  • A lack of time, budget, and qualified human resources allocated towards these measures.
  • Complexity within the port ecosystem including the diverse base of stakeholders.
  • The need to find the right balance between business efficiency and cybersecurity.
  • New risks resulting from the digital transformations of ports.

This graphic from the same report demonstrates some of the threats that ports face in the wake of cyberattacks.

One of the main challenges is that, since digital systems constitutes an interdependent framework, cyber criminals can use this to their advantage by launching attacks from different points of entry. As the purpose of ports is to be the origin or destination of goods, a disruption would reverberate across the entire system. For this reason, joint response plans are crucial for securing an effective and resilient supply chain.

To achieve this, ports are developing collective coordination structures to share information by using secure technological forums. This can be seen in the work of the Port of Barcelona, which intends to establish a coordinated connection space to give a unified response to any threats that unfold.

The Port of Barcelona: Developing a cybersecurity scheme

Although the usual defense measures taken by companies to prevent attacks, like firewalls or antiviruses, still provide a level of protection, the Port of Barcelona recognized that their advancements in technology require a lot more in order to ensure secure operations.

For this reason, they have enacted a cybersecurity scheme that focuses on adapting legislation, developing specific policies, simulating strikes, training employees, and more.

With the development of their monitoring activities in collaboration with a number of public and private bodies, the Port of Barcelona continues to provide an optimal service that achieves both digital efficiencies and remains secure for all entities that come in contact with it.

This cybersecurity scheme takes into consideration a number of points within the port system including the global strategy of the port. It’s also designed to improve certainty in computer systems and applications, provide support for new developments, raise employee awareness of potential cyberattacks, manage all levels of safety - both preventively and reactively, and apply clearly defined policies.

Each port has the responsibility to take on their own version of a security scheme if they hope to keep movements to and from the port reliable. To achieve this goal, the Port of Los Angeles took the route of developing an operations center, which helps to achieve necessary coordination.

The first cybersecurity operations center

In response to potential threats in security, the Port of Los Angeles developed their Cyber Resilience Center (CRCenter) back in April 2014. It was the first center of its kind, manned 24/7 and ISO 27001 certified to ensure optimum support.

This CRCenter provides a valuable service for the supply chain ecosystem, as everyone within it is aware of the risks. Having a center of this kind to provide cyber security and resilience helps the whole chain deal with issues collectively.

According to Eric Caris, Director of Cargo Marketing from the Port of LA, the center intercepts or blocks around 20-30 million attacks every month against port stakeholders, the ecosystem, and the whole maritime industry that moves through the port.

It also includes an early warning system to improve the speeds of warnings, as well as an analyzing scheme of activities on social media and news from around the globe.

But, as always, it’s a collaborative effort. Participants are expected to inform the center when they see threats hit their own systems, so that all parties can react accordingly.

The Port of LA’s Cyber Resilience Center blocks around 20-30 million attacks every month

Navigating the cyber-challenges of digital technology

It’s important to bear in mind that it’s impossible to achieve absolute security, no matter the level of secure system development. As such, it is necessary to have protocols in place for each known type of cyber-attack.

Thus, the biggest challenge that ports face is finding the response that can offer the greatest value to each link in the chain at the best possible cost. Followed by implementing this solution as the priority at every level, which is a feat of its own.

But with more awareness, comes better efficiency. And with the help of each link following a cybersecurity scheme, ports can fight off unwanted attacks and provide an effective and secure service.