The European Union Agency for Cyber Security collaborated with a number of EU ports to provide a useful foundation on which CIOs and CISOs of entities involved in the port ecosystem, especially port authorities and terminal operators, helping them on how to build their cybersecurity strategy.
Ports tend to rely more on technologies to be more competitive, comply with some standards and policies and optimize operations. This brings new stakes and challenges in in the area of cybersecurity, both in the Information Technologies (IT) and Operation Technologies (OT) worlds.
Yet, because of the rapid development of digitalization ports now have to deal with a great number of cybersecurity challenges, some of them are quite generic within any IT and OT environment, while others are quite specific to port ecosystems.
In essence:
| Shutdown of operations, port paralysis | If the shutdown lasts more than a few hours, it can harm strongly the commercial operations (loss of money), the delivery of essential goods for a nation, especially for the islands (food, fuel, etc.) as well as pose safety and security issues (queue of several boats at the port entrance). |
| Human injuries or death, Kidnapping | Ports must face high security and safety challenges, because many people work in port areas can perform dangerous jobs and because ports also must manage a quite large passenger flow easy to predict (ferries, large cruise vessels.). |
| Sensitive and critical data theft | Port systems may hold critical information, whether it is personal information (crew or passenger data), critical commercial information (location and content of containers, competitive know-how) or National security information (port being essential assets for a nation): the theft of these information can have disastrous consequences. |
| Cargo and goods stealing | Attackers can browse cargo and container lists to identify the most valuable goods for black markets (to be stolen in the port or targeted for future piracy attacks when the ship in at sea). |
| Illegal trafficking | The marine ecosystem is one of the largest playgrounds for organized crime: ports are often used for illegal and criminal traffic (drugs, arms, prohibited goods, most wanted people.). |
| Financial loss and costs | A port can lose a lot of money due to the stop of operations or for repair budget, in case of damage on its systems and infrastructure |
| Fraud and money steal | The financial systems of the ports can be compromised to steal money from them. |
| Systems damages or worst, destruction | Due to the high complexity of port systems and infrastructure, some of which are critical (e.g. industrial systems that manage large amounts of dangerous goods), damage or worse, destruction to those systems and infrastructure has disastrous consequences for port operations and safety and security, including people. Tankers (especially refined products and gas) are very vulnerable to fire and explosion; local storage of flammables and chemicals is also possibly massive. |
| Tarnished reputation, loss of competitiveness | Ports are in an extremely competitive international ecosystem: the slightest incident or problem on its activities and operations can damage its reputation and lose customers who could direct their traffic to neighbouring ports. |
| Environmental disaster | As the port is the direct interface between the hinterland and the sea, an environmental disaster in port areas can have disastrous consequences on populations, fauna and flora and human infrastructure, at a very long distance (oil spill, gas explosion, ocean pollution, shipwrecks, etc.). |
In addition, more cyber security challenges that ports have to deal with are:
- Lack of digital culture in the port ecosystem
- Lack of awareness and training regarding cybersecurity
- Lack of time and budget allocated to cybersecurity
- Lack of human resources and qualified people regarding cybersecurity matters
- Complexity of the port ecosystem due to the number and diversity of stakeholders taking part in port operations
- Need to find a right balance between business efficiency and cybersecurity
- Legacy of some systems and practices: e Lack of regulatory requirements regarding cybersecurity
- Difficulty to stay up to date with the latest threats Technical complexity of port IT and OT systems IT and OT convergence and interconnection
- Supply chain challenges
- Strong interdependencies
- New cyber risks resulting from the digital transformation of ports
Credit: Enisa
Therefore, in light of the barriers and negative results of a cyber attack, the report identified a number of security measures that ports could implement, to better protect themselves from attacks.
The main measures identified are described below and intend to serve as good practices for people responsible for cybersecurity implementation in Port Authorities and Terminal Operators
- Define a clear governance around cybersecurity at port level, involving all stakeholders involved in port operations.
- Raise awareness of cybersecurity matters at port level and infuse a cybersecurity culture.
- Enforce the technical cybersecurity basics, like network segregation, updates management, password hardening, segregation of rights, etc.
- Consider security by design in applications, especially as ports use many systems, some of which are opened to third parties for data exchange. Any vulnerability on those systems can be a gate to compromise the port systems.
- Enforce detection and response capabilities at port level to react as fast as possible to any cyberattack before it impacts port operation, safety or security.
To explore more on "Port Cybersecurity" click herebelow
