With cyber-attacks no longer the stuff of “fictional narrative”, the UK Department for Transport (DfT) has released a new cyber security code of practice on cyber security for UK ports.
The document, released on 27 January, notes that cyber attacks on port systems are “no longer considered hypothetical” and cites the 2017 cyber-attack on Maersk from the destructive NotPetya virus which caused losses in the region of $200 to $300 million.
In other cyber security incidents, the ‘Good Practice Guide’ notes, port assets have been infected with malware and there has been unintentional jamming of wireless networks.
“Failure to address security risks could lead to serious injury or fatality, disruption or damage to port systems, loss of use of buildings, impact upon business operations, reputational damage, loss of revenue, financial penalties or litigation,” the foreword of the guide warns.
The 71-page guide provides actionable advice on various points including developing a cyber security assessment and plan for important assets, how to handle security breaches, and having the correct governance structures, roles, responsibilities and processes.
The release of the report coincides with the UK’s Maritime Minister, Nusrat Ghani MP, embarking on a shipping industry tour of southern ports.
Beginning in the Port of Plymouth on 27 January she will then visit DfT/MCA MARLab in Southampton. The MARLab is currently developing ways to better regulate ‘smart’ and autonomous shipping, so these state-of-the-art developments can be utilized by UK shipping.
“We know the UK shipping sector is among the most advanced in the world, and all the work I’ve been seeing today is confirming that,” Ghani said in a statement.
“And I’m clear this Government is committed to ensure the UK continues to benefit from our world-leading maritime sector. That’s why we’ve released refreshed cyber security guidance for ports today, to make sure that our ports aren’t just some of the best in the world, but also some of the safest too.”
The guidance was produced by the Institution of Engineering and Technology in conjunction with the DfT. It is a revised version of an earlier code on cyber security for ports published in 2016.
The DfT notes that this information should be used with the Cyber Security for Ships Guidance which was published in 2017.