We welcome information technologies, because they entail huge progress. In the maritime industry, as well. Developing these technologies provided for ships communicated with the port through berthing-aid systems, load management, etc. Port equipment that optimises processes and improves the clients’ experience.
However, this “connection” makes ships potential targets for cyber-attacks. It makes them vulnerable to all kinds of digital attacks. And it’s far too easy. Any virus can make its way into the system through a pen drive inserted by a technician to repair something or when updating software.
Cyber security risks
The International Maritime Organisation (IMO) acknowledges that there are cyber security risks at seaports. What does this refer to, exactly? To “adverse events in digital technologies that can have an operational and security impact on organisations and ships.”
One of the most well-known cyber-attacks was suffered by the shipping company Maersk in 2017. This was one of the main parties affected by the digital virus NotPetya, which also affected large European institutions and companies. Losses were calculated at 300 million dollars. In fact, 76 port terminals had to close.
A cyber security plan is essential. The IMO prescribes a protocol with 5 principles, encompassing actions to create a “protective shield”:
- Identify: define staff duties in managing cyber risks, and identify systems that would pose a danger if interrupted.
- Protect: implement measures and plan for contingencies to control risks and protect against cyber events.
- Detect: create protocols to detect cyber events.
- Respond: implement plans to restore systems, operations and port equipment affected by cyber events.
- Recover: set measures to restore the cyber systems necessary for ocean transport operations targeted by cyber events.
Additionally, the IMO’s maritime security committee encourages all ships to have a cyber-attack management system by 2021. In addition to its guidelines, regulation ISO 27001 is of note, bearing on information security management systems. Certification helps to foment activities that protect information at organisations.
This year, the NIS Directive (Network and Information Security) came in force in the European Union. It contains measures intended to guarantee a high shared degree of security in information networks and systems.
Good port equipment, global security
Port cyber security should always be taken under consideration. Because a secure port is a port that protects the interests of ships and freight. However, it also prioritises people and the environment.
There are many regulations governing and controlling port sea traffic. All this is to create secure activity at all levels. And in this regard, port equipment plays a very important role, since installing certain elements in the port entails increased security in general. Some examples are: fenders, berthing and undocking aid systems, and quick-release hooks.