The UK published an amended cyber security code of practice concerning those with responsibility for protecting the technical systems of port facilities and vessels docked in ports, following the frequency of cyber attacks in the last years.
- developing a cyber security assessment and plan for important assets, processes and potential vulnerabilities
- devising the most appropriate mitigation measures
- having the correct governance structures, roles, responsibilities and processes
- handling security breaches and incidents
- highlighting national and international standards used and the relationship to existing regulation.
The Good Practice Guide uses principles, in comparison to national legislation or specific standards to promote good practice in ports and boost the cyber security measures already implemented.
The Guide mostly concerns those responsible for protecting the port/port facility, ships (when docked or berthed), persons, cargo, cargo transport units and ships’ stores within the port from the risks of a security incident.
It is highlighted that the loss or compromise of one or more of these assets can affect:
- the speed and efficiency at which the port can operate;
- the ability of the port to be able to safely carry out particular operations;
- the health and safety of staff and other people affected by the work activities being undertaken and to whom a duty of care is owed.
In the meantime, it is reported that some steps to develop a cyber security assessment include the identification of asses and infrastructures, such as facilities, systems and data, that are crucial for protecting external infrastructure systems.
Also, another step is the identification of the port business processes using the assets and infrastructure, to assess criticality of assets and understand any internal and external dependencies.
Moreover, it is crucial to identify any risks that can arise from potential threats to the assets and infrastructure, to assess criticality of assets and understand any internal and external dependencies.
Cyber Security Plan
When developing a cyber security plan, the report recommends following a holistic approach, including the people, process, physical and technological aspects of the port assets.
Additionally, the plan should include the policies that set out the security-related business rules derived from the relevant PSP or PFSP; the processes that are derived from the security policies and that provide guidance on their consistent implementation throughout the lifecycle and use of the port assets; the procedures that comprise the detailed work instructions relating to repeatable and consistent mechanisms for the implementation and operational delivery of the processes.
To learn more click herebelow
