Today’s smart ports and terminals are adopting new technologies — remote operations, autonomous systems, and integrated information and communications platforms — to better track and monitor ships and expedite deliveries, warehousing, and customs. The goal is to increase productivity and enhance the client experience.
The quest to increase speed, decrease delays, encourage visibility into supply chain operations, and enable more efficient turnarounds means that ports and terminals have deepened their reliance on technology. Although the opportunity to take advantage of higher freight volumes and improved throughput outweigh the associated risks, if managed correctly, increased reliance on technology comes with increased exposure to cyber risk.
The isolated adjustments and investments in technologies, typically made over many years, have led to a non-homogenous legacy technology structure that is more susceptible to cyber threats.
Further, greater data capabilities and connected technologies — both internally and with external stakeholders — introduce new access points and vulnerabilities that could provide today’s advanced threat actors an entry point into a network.
As happens in any industry, the new technologies being adopted by ports and terminals come with vulnerabilities that are readily accessed by threat actors through public, online databases.
New technologies and their increased touchpoints lead to an expanded attack surface — the aggregate of all known, unknown, and potential vulnerabilities and weaknesses across all people, hardware, software, and network components that may present cyber criminals an entry point.
A major cyber incident could potentially bring a port or terminal to a standstill for hours, days, or even weeks. And because ports and terminals are critical infrastructure, disruptions can ripple through global supply chains, causing significant delays and other issues.
In addition, cyberattacks can potentially lead to physical damage that threatens not only operations, but the safety and security of workers and others. Threat actors, for example, could manipulate a port’s sensors and thermostats, leading to a fire with the potential to threaten docked ships, especially those carrying fuels and flammable chemicals.
Such risks underscore how important it is for ports and terminals to invest in a smart digitalization strategy that identifies and addresses vulnerabilities and creates a resilient organization that is able to withstand and recover from a cyberattack.
Cyber threats are not limited to malicious software (malware) that can spread to or from suppliers and customers, but can also include:
The increase in cyber threats has spurred some agencies, including the European Union Agency for Cybersecurity (ENISA), to publish guidance aimed at improving cybersecurity. ENISA’s Cyber Risk Management for Ports report, published in December 2020, aims to introduce a specific approach to cybersecurity risk assessment in ports.
In 2017, the International Maritime Organization (IMO), responsible for regulating shipping, and the Maritime Safety Committee (MSC), published a series of recommendations to help maritime companies, including ports and terminals, manage their intensifying cyber risk. Both acknowledged the pressing need to raise awareness about cyber threats and vulnerabilities.
To protect their operations from an increasingly challenging threat, it is recommended that ports and terminals embed effective cybersecurity controls within their systems and processes. Together with more effective and agile engineering protections, the right controls can help organizations protect assets from unauthorized access, damage, theft, and loss.
Actions that every port and terminal can consider to enhance cybersecurity include:
Cyber risk assessment: A critical first step towards improving cybersecurity is to carry out an in-depth cyber assessment with third-party stakeholders focused on the identification of key IT and OT assets and the port services they support. By reviewing the overall cyber environment and attack surface, ports and terminals can better understand their overall cybersecurity profile. These tools — built on cybersecurity best practices — can help evaluate the maturity of a cybersecurity program. For example, a self-assessment may uncover that a logistics partner has unnecessary privileged access into a port’s network. Insights can be critical in allowing organizations to identify and proactively address gaps that may lead to dangerous vulnerabilities.
Scenario planning: An integral part of a cyber risk management strategy, scenario planning allows your organization to understand the impact of potential attacks and rehearse your response to them. Cybersecurity professionals, working with your organization, can identify vulnerabilities and recommend actions to improve your defenses.
Quantification: Understanding the actual costs of various scenarios will help inform where to invest limited resources strategically. For example, how much would it cost a port if operations are completely or partially paralyzed for a few hours or a few days? And what would be the financial and other repercussions if a complete system shutdown was to lead to a major accident?
Analyzing and quantifying a variety of scenarios — together with your expected response — should provide a clearer picture of the potential financial impacts of cyber events. This, in turn, will help with decisions regarding cybersecurity investments, including the purchasing of sufficient cyber insurance.
As digitalization introduces new vulnerabilities, ports and terminals can consider integrating the five steps outlined by the National Institute of Standards and Technology’s (NIST) cybersecurity framework within their self-assessment:
The prospect of increased efficiencies in the future will see ports and terminals continue to adopt smart technologies. However, as their attack surface expands, so will their potential financial, regulatory, and reputational challenges.
Having cyber hygiene controls in place is critical to reduce cyber risk. Further, many cyber insurers are carefully scrutinizing an organization’s cyber controls, with companies that fall short of expectations potentially facing the prospect of non-renewal or not being able to secure their preferred coverage or pricing.
Although cyber hygiene controls have been established best practices for many years, not all companies have ingrained them into day-to-day processes. While there are 12 main controls that should be adopted, organizations can start by focusing on:
Although cyber risk cannot be completely eliminated, the appropriate risk management strategy, together with a robust cyber insurance program, can help mitigate risk and recover faster from an event. Ports and terminals can take action to become more cyber resilient, starting with these five steps:
Addressing today’s challenges and moving towards cyber resilience requires a shift in mindset. While ports and terminals have many years of experience in protecting their assets from physical attacks and accidents, they need to apply the same focus to protecting operations from cyberattacks and cyber events through a robust cybersecurity strategy that includes training and improved cyber controls. Where the risks of cyber events are correctly understood, quantified, and managed, the opportunities of digitalization outweigh them and are far reaching.