A new UK cyber security good practise guide highlights the very real risk of cyber security breaches and the need for robust prevention strategies to protect financial, security and reputational interests.
The ‘Cyber Security for Ports and Port Systems’ guide, published by The Institution of Engineering and Technology, with the UK Department for Transport, aims to help ports highlights what actions need to be taken and by who.
“Cyber-attacks on port systems are no longer considered hypothetical or simply the stuff of fictional narrative,” said the guide, which noted how Maersk’s security setup left it open to an attack from the Maersk virus in June 2017.
It stressed that the consequences of failing to address security risks could lead to serious injury or fatality, disruption or damage to port systems, loss of use of buildings, impact upon business operations, reputational damage, loss of revenue, financial penalties or litigation.
The guide explained that port facilities are becoming increasingly complex and dependent on the extensive use of information and communications technologies (ICT) at all stages of their lifecycles – for example, in the growth of automated berthing operations.
It pointed out that some of this technology is embedded in the fixed and mobile assets used to operate the port; other elements may be remotely located
A key aim of the guide is to communicate that cyber security of port systems is managed cost-effectively, as part of mainstream business.
The Port of San Diego, Port of Barcelona, Cosco Shipping Lines and APM Terminals are amongst maritime organisations which have suffered cyber attacks.
In October 2019, a Cyber Risk Management (CyRiM) project report estimated that losses of up to US$110bn would occur in an “extreme” cyber-attack scenario involving Asia-Pacific (APAC) ports.