Cybersecurity threats for Ports – An Unsettling Picture

HAMBURG : Christina Prieser, Associate Partner at HPC moderated the forum which delivered an unsettling message that potential disruption through malicious cyber attacks on ports’ IT infrastructures will only increase in the future.

Among the experts contributing, Scott Dickerson the founder of CISO LLC, which develops bespoke security programs for the maritime industry predicted, “We focus too much on legal regulations instead of fighting the perpetrators. This will lead to further disruptions to supply chains in the coming years. He went on to focus on contingency planning to combat the risks. Key to this is to foster a culture of security awareness throughout the organization. “This can only be achieved if it is driven from the top down by the CEO or port director,” he emphasized. “If top management don’t really care about a risk area like cyber security, everyone else will quickly see through it. Having the issue handled solely by technical experts would be a disservice to the organization because it’s not just technicians who work with operational technology and the Internet of Things (IoT), but the entire port administration.

Asking the all-important question, the moderator solicited the thoughts of the panel on what specific security measures can protect port facilities from cyberattacks through the growing influence of IoT. Firstly, Gadi Benmoshe, Managing Director of Marinnovators, an Israeli consultancy for maritime supply chains noted that there are currently far fewer IoT systems implemented for data collection, analysis and automation than operational technology that controls physical processes. “One of the biggest weaknesses in port cyber security,” he said. “We therefore strongly recommend separating the physical networks of operational technology or IoT from the administrative networks.”

Pradeep Luthria, Senior Partner at Saiber Innovation Technology, a cyber security solution provider in Dubai (UAE), calls for better communication about attacks: “If we got to the bottom of the causes and communicated about them more quickly, we would be better prepared.” His most recent example is an attack at the end of August on Seattle-Tacoma International Airport, where the internet and web systems were down for days.”

One initiative discussed was the international Maritime Transportation System Information Sharing and Analysis Center (MTS-ISAC), a central coordination point for the timely exchange of information on cyber threats between trusted stakeholders. Its focus is on information technology, operational technology and IoT. “The MTS-ISAC and other non-governmental organizations can share information within minutes instead of weeks and months later, as is the case with some government agencies,” Dickerson pointed out.

There is no shortage of rules and regulations for cybersecurity. Gadi Benmoshe, who is also Vice Chairman of the Data Collaboration Committee at the International Association of Ports and Harbors (IAPH) highlighted the IAPH Cybersecurity Guidelines for Ports and Port Facilities. The IAPH is also supporting the IMO’s mandatory requirement for a “Maritime Single Window”, which came into force this year. This enables ship information to be exchanged on a central digital platform. “The IAPH is proposing to the IMO that the member states introduce a binding legal framework for cyber security of the Maritime Single Window by April 2025,” announced Benmoshe. He also reminded the audience that the topics of cyber attack mitigation and harmonizing port cyber security standards will feature prominently in next week’s IAPH World Ports Conference in Hamburg.

Cybersecurity requires constant focus and on-going development, the experts agreed. Luthria believes it is important to make people responsible and accountable for this and Benmoshe is pinning his hopes on artificial intelligence, which could help to better detect and prevent cyber-attacks. In conclusion Dickerson had a useful tip, “Restrict your IT, operational technology and IoT architectures from being accessible from the public internet to reduce potential attacks.”

The full session Connecting Ports #09 is available on YouTube Connecting Ports | Session#09 | Uncharted Waters: The Cybersecurity Challenge for Ports (youtube.com)

About HPC

HPC Hamburg Port Consulting is a logistics consultancy specializing in strategy and transformation services for the ports, terminals and hinterland facilities sectors. Since its foundation in 1976, the Hamburg-based consultancy has carried out more than 1,800 projects in 136 countries on six continents, covering the entire development cycle of port projects. HPC employs around 100 experts with a background as terminal operators, software engineers, logistics managers, transport economists, data analysts and scientists as well as mathematicians. As a subsidiary of Hamburger Hafen und Logistik AG (HHLA), HPC has its roots in port handling of containers, general cargo and multipurpose freight as well as hinterland traffic.