Geo political changes in the last year has led to an increase in cyber risks. During a recent top meeting in Barcelona top CEO’s in the maritime sector agreed that secure digital communication platforms are essential for fast and efficient information transfer cargo handling in the ports but that at the same time cyberrisk is becoming a hot topic for port communities around the world to avoid operational chaos, business disruption and financial loss. According to the World Economic Forum, economic loss owing to cyber crime is representing 3,4% of global GDP.
Cybercriminals and digital warfare attackers are increasingly searching for the shortest and easiest way to get access to the digital crown jewels in the mainports of the world. They buy userid’s and passwords on the Darkweb, the ‘underworld’ of the internet. They scan computer systems on missing patches to find an easy way to get access to the Crown Jewels of the maritime sector.
The top 3 risks are unavailability of Port infrastructure caused by ransomware. (remember the Maersk incident), or an internet infrastructure which is damaged, or take over of internet of things systems like locks, bridges and or vessels.
The main mitigation actions are multi factor authentication (a second factor besides a password e.g. a code in your smartphone, fingerprint etc), excellent cyber hygiene (e.g. patching procedures, pen testing), prediction of cyber attacks (e.g. Secure Development Life Cycles), Business Continuity Plans (e.g. playbooks) and Top management attention on Cyber Risk Management.
In case of cyber incidents companies and organisations will be asked to explain how this could happen, CEO’s will need to proof that guidelines (e.g. IMO), frameworks (e.g. NIS, ISO27001) were implemented to prevent this kind of incidents. Legal explanations will be requested by the companies who suffered damage.
Companies should not start flying without parachutes. Digital transformation in the Maritime Sector needs to be facilitated by leading frameworks such as ISO27001.
The question is not whether a severe cyber incident will happen, but when it will happen.
To increase protection of your digital systems against cybercrime the services of http://www.Cyber4ce.eu can protect you in an efficient way.
Services we offer vary from Ransomware protection, consultancy, business continuity workshops, Implementation of ISO27001:2022, Internal Audit.
Your first call and our first visit is free contact us
https://smartports.tv/whats-next-in-cibersecurity-at-ports-and-port-facilities
keeping things proprietary as long as possible. Providers can also suddenly announce cost increase or be bought out by a larger company resulting in policy and or location changes.
contract negotiation at least the following important criteria needs to be agreed: availability (e.g. 99.99% during work days), performance (e.g. maximum response times), portability of the data (e.g. ability to move data to another provider) and resolution times of incidents.
won’t show it to anyone else) that promise does not prevent their own exploitation of the customer data e.g. to improve search results, to deliver ads or to mine data for their own purpose . Also, If the user encrypts the data, it’s more difficult for the cloud provider to deliver some cloud services (e.g. search).
systems are built. This virtualization enables the provider to use physical devices in a more economic way. However virtual firewall support that exists today is very limited and attackers learned how to compromise the virtualization layer to gain control of the operating systems on virtual machines.
John Bun 