In an era where our global dependence on major commercial ports for the efficient movement of goods is undeniable, the necessity of embracing digital transformation has taken center stage. Smart ports have emerged as a solution, incorporating innovations that automate and streamline the logistics processes. However, as the industry progresses towards this transformation, it has also become increasingly vulnerable to cyber threats, putting the security of the whole industry at risk.
The Inadequate Attention to Maritime Cybersecurity
Despite the potential consequences of cyber-attacks, maritime and port cybersecurity still does not receive the same level of attention as other sectors. In fact, supply chains have already ground to a halt numerous time as a result of attacks, revealing the need for increased awareness around this issue. Thankfully, new guidelines and certifications are beginning to shift the conversation and generate the attention needed.
According to a report by the International Association of Ports and Harbors (IAPH) and the World Bank, the outbreak of the COVID-19 pandemic only exacerbated the risks, with stakeholders around the world reporting measurable increases in cyber threat activities during the pandemic. In just a few months in 2020, cyber-attacks against the maritime industry overall increased fourfold, with attacks against OT systems specifically rising by over 900% since 2017.
As a result, cyber attacks are becoming the largest risk faced by port authorities and the wider port community.
Cyber Resilience is Key
In response to this growing concern, the IAPH has developed Cybersecurity Guidelines to assist port facilities in assessing and mitigating the risks of cyber attacks. The guidelines help executives analyze and establish the true financial, commercial, and operational impacts of an attack.
Port and port facility leaders must understand that cyber threats are not bound by borders or logistics supply chains. In fact, they can jeopardize an entire port or port facility’s operations and are proliferating at an ever-increasing pace. This makes the need for effective management of cyber risk even more critical as we embrace new technologies and automated systems that rely on key cloud-service providers.
By raising awareness among top executives and providing insights into cyber risk management, the guidelines help foster a culture of cybersecurity leadership. Additionally, they emphasize the importance of organizational readiness, including training programs and emergency management plans to enhance the resilience of ports and facilities.
A Holistic Approach to Collective Responsibility
They also emphasize that managing cyber risk is not solely the responsibility of the IT department. The guidelines advocate for a collective approach to cybersecurity, involving all stakeholders, including ship operators, maritime agencies, customs, and law enforcement. Top-level executives are urged to allocate resources and actively manage governance to support cybersecurity operations. This approach necessitates the development of a robust cybersecurity workforce within the port ecosystem. By fostering a culture of cybersecurity awareness and responsibility throughout the organization, ports and port facilities can better protect critical data, ensure uninterrupted service delivery, and safeguard vital maritime infrastructure.
Effective management of cyber risk is critical to the proper functioning of a diverse maritime community where stakeholders from the port authority, ship operators, port facilities, maritime agencies, customs, and law enforcement are all interconnected. By following the IAPH’s Cybersecurity Guidelines, the global port and facility community can establish a path towards cyber resilience, ensuring the safety and security of goods transported through our ports and maintaining the smooth movement of nearly nine billion tonnes of goods around the world.