Skip to main content

Article

Digitalization in ports and terminals: Technology advances bring increased risk

Today’s smart ports and terminals are adopting new technologies — remote operations, autonomous systems, and integrated information and communications platforms — to better track and monitor ships and expedite deliveries, warehousing, and customs. The goal is to increase productivity and enhance the client experience.

Today’s smart ports and terminals are adopting new technologies — remote operations, autonomous systems, and integrated information and communications platforms — to better track and monitor ships and expedite deliveries, warehousing, and customs. The goal is to increase productivity and enhance the client experience.

The quest to increase speed, decrease delays, encourage visibility into supply chain operations, and enable more efficient turnarounds means that ports and terminals have deepened their reliance on technology. Although the opportunity to take advantage of higher freight volumes and improved throughput outweigh the associated risks, if managed correctly, increased reliance on technology comes with increased exposure to cyber risk.

The isolated adjustments and investments in technologies, typically made over many years, have led to a non-homogenous legacy technology structure that is more susceptible to cyber threats.

Further, greater data capabilities and connected technologies — both internally and with external stakeholders — introduce new access points and vulnerabilities that could provide today’s advanced threat actors an entry point into a network.

Increased vulnerabilities in an expanded attack surface

As happens in any industry, the new technologies being adopted by ports and terminals come with vulnerabilities that are readily accessed by threat actors through public, online databases.

New technologies and their increased touchpoints lead to an expanded attack surface — the aggregate of all known, unknown, and potential vulnerabilities and weaknesses across all people, hardware, software, and network components that may present cyber criminals an entry point.

A major cyber incident could potentially bring a port or terminal to a standstill for hours, days, or even weeks. And because ports and terminals are critical infrastructure, disruptions can ripple through global supply chains, causing significant delays and other issues.

In addition, cyberattacks can potentially lead to physical damage that threatens not only operations, but the safety and security of workers and others. Threat actors, for example, could manipulate a port’s sensors and thermostats, leading to a fire with the potential to threaten docked ships, especially those carrying fuels and flammable chemicals.

Such risks underscore how important it is for ports and terminals to invest in a smart digitalization strategy that identifies and addresses vulnerabilities and creates a resilient organisation that is able to withstand and recover from a cyberattack.

Cyber threats are not limited to malicious software (malware) that can spread to or from suppliers and customers, but can also include:

The increase in cyber threats has spurred some agencies, including the European Union Agency for Cybersecurity (ENISA), to publish guidance aimed at improving cybersecurity. ENISA’s Cyber ​​Risk Management for Ports report, published in December 2020, aims to introduce a specific approach to cybersecurity risk assessment in ports.  

In 2017, the International Maritime Organization (IMO), responsible for regulating shipping, and the Maritime Safety Committee (MSC), published a series of recommendations to help maritime companies, including ports and terminals, manage their intensifying cyber risk. Both acknowledged the pressing need to raise awareness about cyber threats and vulnerabilities.

Self-assessments and scenario planning help evaluate the threat landscape

To protect their operations from an increasingly challenging threat, it is recommended that ports and terminals embed effective cybersecurity controls within their systems and processes. Together with more effective and agile engineering protections, the right controls can help organisations protect assets from unauthorised access, damage, theft, and loss.

Actions that every port and terminal can consider to enhance cybersecurity include:

Cyber risk assessment: A critical first step towards improving cybersecurity is to carry out an in-depth cyber assessment with third-party stakeholders focused on the identification of key IT and OT assets and the port services they support. By reviewing the overall cyber environment and attack surface, ports and terminals can better understand their overall cybersecurity profile. These tools — built on cybersecurity best practices — can help evaluate the maturity of a cybersecurity program. For example, a self-assessment may uncover that a logistics partner has unnecessary privileged access into a port’s network. Insights can be critical in allowing organisations to identify and proactively address gaps that may lead to dangerous vulnerabilities.

Scenario planning: An integral part of a cyber risk management strategy, scenario planning allows your organisation to understand the impact of potential attacks and rehearse your response to them. Cybersecurity professionals, working with your organisation, can identify vulnerabilities and recommend actions to improve your defences.

Quantification: Understanding the actual costs of various scenarios will help inform where to invest limited resources strategically. For example, how much would it cost a port if operations are completely or partially paralysed for a few hours or a few days? And what would be the financial and other repercussions if a complete system shutdown was to lead to a major accident?

Analysing and quantifying a variety of scenarios — together with your expected response — should provide a clearer picture of the potential financial impacts of cyber events. This, in turn, will help with decisions regarding cybersecurity investments, including the purchasing of sufficient cyber insurance.

Five actions to manage cyber exposures

As digitalization introduces new vulnerabilities, ports and terminals can consider integrating the five steps outlined by the National Institute of Standards and Technology’s (NIST) cybersecurity framework within their self-assessment: 

Managing cyber risk through cybersecurity controls

The prospect of increased efficiencies in the future will see ports and terminals continue to adopt smart technologies. However, as their attack surface expands, so will their potential financial, regulatory, and reputational challenges. 

Having cyber hygiene controls in place is critical to reduce cyber risk. Further, many cyber insurers are carefully scrutinising an organisation’s cyber controls, with companies that fall short of expectations potentially facing the prospect of non-renewal or not being able to secure their preferred coverage or pricing.

Although cyber hygiene controls have been established best practices for many years, not all companies have ingrained them into day-to-day processes. While there are 12 main controls that should be adopted, organisations can start by focusing on:

Where to start?

Although cyber risk cannot be completely eliminated, the appropriate risk management strategy, together with a robust cyber insurance program, can help mitigate risk and recover faster from an event. Ports and terminals can take action to become more cyber resilient, starting with these five steps:

  1. Improve training and education. Many employees at all levels within the maritime industry have not received the appropriate technology and digital training to prepare for their role in managing the cybersecurity risks faced by an increasingly digitalized industry. People’s actions are a significant challenge for organisations seeking to become more resilient, and reducing human error is crucial to keeping ports and terminals safe. It’s important to recognise that workers tend to have different levels of cyber awareness based on differing experiences and capabilities. Proper training and education of your workforce is crucial to shore up cyber resiliency.
  2. Invest in specialised cybersecurity personnel. Across-the-board training is essential to reduce human error that could lead to cyber breaches. But considering the potential risks associated with increased digitalization, ports and terminals should also consider investing in personnel with a solid background in cybersecurity processes to lead the effort. This team should include specialists suitable for the size and complexity of your business; for larger organisations, the team should be led by a CISO reporting to the board.
  3. Understand third-party risks. Ports and terminals operate within a complex ecosystem of suppliers, users, and customers. A port, for example, can have hundreds of stakeholders providing services, each with various cybersecurity strengths and weaknesses. Mapping out the touchpoints and how operations connect will help in the understanding of how each player contributes to cybersecurity vulnerabilities. It’s important to map out and assess vendor risk and include requirements to protect an organisation in contracts. Frequent communication with stakeholders is critical to understand any changes in cybersecurity. Also, it is recommended that organisations consider revoking unnecessary access that third-party vendors have to their IT systems.
  4. Address system weaknesses. Many ports and terminals are operating legacy assets — including operational technology systems, IT networks, end-user devices, and communication components — that are outdated and/or have not received needed security updates. The integration of new technology with legacy systems could also cause security challenges. Cybersecurity specialists with visibility across an organisation can help identify system weaknesses that could increase cyber exposures and recommend actions to address these challenges.
  5. Keep up with regulatory changes. Cybersecurity regulations are being written by jurisdictions across the world, creating a complex and ever-shifting regulatory environment. The IMO and their Maritime Safety Committee have provided recommendations on maritime cyber risk management, while different domiciles have their own requirements and penalties for non-compliance. Port groups may operate under more than one regulatory regime, requiring diligence to ensure their operations meet all requirements. The regulatory environment is likely to remain complex, and maritime companies will need to dedicate resources to remain compliant.

Addressing today’s challenges and moving towards cyber resilience requires a shift in mindset. While ports and terminals have many years of experience in protecting their assets from physical attacks and accidents, they need to apply the same focus to protecting operations from cyberattacks and cyber events through a robust cybersecurity strategy that includes training and improved cyber controls. Where the risks of cyber events are correctly understood, quantified, and managed, the opportunities of digitalization outweigh them and are far reaching.