The Hamburg Port Consulting (HPC) hosted its ninth CONNECTING PORTS talk show earlier this month, focusing on the growing vulnerability of port facilities to cyber-attacks.
International experts discussed the urgent need for the maritime port sector to enhance its preparedness in safeguarding these critical infrastructures.
Christina Prieser, Associate Partner at HPC, moderated the forum which delivered an unsettling message that potential disruption through malicious cyber attacks on ports’ IT infrastructures will only increase in the future.
Among the experts contributing, Scott Dickerson the founder of CISO LLC, which develops bespoke security programmes for the maritime industry predicted: “We focus too much on legal regulations instead of fighting the perpetrators. This will lead to further disruptions to supply chains in the coming years.
He went on to focus on contingency planning to combat the risks.
“Key to this is to foster a culture of security awareness throughout the organisation,” said Dickerson.
“This can only be achieved if it is driven from the top down by the CEO or port director. If the top management don’t really care about a risk area like cyber security, everyone else will quickly see through it.
“Having the issue handled solely by technical experts would be a disservice to the organisation because it’s not just technicians who work with operational technology and the Internet of Things (IoT), but the entire port administration.”
Pradeep Luthria, Senior Partner at Saiber Innovation Technology, a cyber security solution provider in Dubai (UAE), called for better communication about attacks: “If we got to the bottom of the causes and communicated about them more quickly, we would be better prepared.”
His most recent example is an attack at the end of August on Seattle-Tacoma International Airport, where the internet and web systems were down for days.
One initiative discussed was the international Maritime Transportation System Information Sharing and Analysis Center (MTS-ISAC), a central coordination point for the timely exchange of information on cyber threats between trusted stakeholders. Its focus is on information technology, operational technology and IoT.
“The MTS-ISAC and other non-governmental organisations can share information within minutes instead of weeks and months later, as is the case with some government agencies,” Dickerson pointed out.
READ: SSA launches new cyber maturity assessment tool
Gadi Benmoshe, Managing Director of Marinnovators and Vice Chairman of the Data Collaboration Committee at the International Association of Ports and Harbors (IAPH) highlighted the IAPH Cybersecurity Guidelines for Ports and Port Facilities.
The IAPH is also supporting the IMO’s mandatory requirement for a “Maritime Single Window”, which came into force this year. This enables ship information to be exchanged on a central digital platform.
“The IAPH is proposing to the IMO that the member states introduce a binding legal framework for cyber security of the Maritime Single Window by April 2025,” announced Benmoshe.
He also reminded the audience that the topics of cyber attack mitigation and harmonising port cyber security standards will feature prominently in next week’s IAPH World Ports Conference in Hamburg.
Cybersecurity requires constant focus and ongoing development, the experts agreed. The experts stressed the importance of responsibility and accountability with regard to cybersecurity and backed Artificial Intelligence to be a driving force to combat cyber-attacks.
Earlier this year, the Biden Administration announced that it would issue an Executive Order to improve port cybersecurity in the US with a promise of $20 billion in funding.
Is safety a priority in your operations?
Join the Maritime Safety Series: Port Edition, a new virtual event from Port Technology International and ICHCA, focused on improving port safety through discussion and innovation.
