Cybersecurity: Five critical steps for port terminal managers and operators
Ports around the planet are ramping up their operational and infrastructural capabilities, with digital transformation the main driving force behind these developments. And the increased level of integration and interconnectivity between ports presents new challenges and risks. This includes increased opportunities for cyber-criminals to attack the entire supply chain, thus increasing the vulnerabilities of these entities.
Data safety and information security are of critical importance. Cybersecurity is considered one of the three top risks of ports along with piracy and terrorism. Yet many ports are not fully prepared to manage these risks. Greater awareness of cyber-risks and vulnerabilities are necessary to promote and advance safe and secure shipping. In this regard here are five critical steps that port and terminal managers and operators and administrators should take to ensure that computer data and system integrity are secure
1. KNOW KEY SYSTEMS
Identify (a) key systems (hardware and software) and data that, if breached, could compromise, or otherwise affect the port’s safe operation; and (b) the steps required to nullify or minimize such risks or downtime.
2. ESTABLISH CYBERSECURITY POLICY & PROCEDURES
To ensure business continuity, implement policies and procedures to safeguard against cyber incidents and threats. These policies should also identify and define the roles and responsibilities of key personnel, users and management. When there are changes to operations (as systems and functions are upgraded), the new policies and procedures should be reviewed and updated.
3. ACCESS CONTROL
Implement stringent access and user control. Passwords and user access credentials should never be shared with unauthorized personnel. Change auditing should also be automated across key IT systems to detect issues as they occur.
4. CONDUCT PERIODIC CYBERSECURITY CHECKS
Schedule periodic scanning and vulnerability tests on key systems and applications. Ensure that patching and updates are applied on a regular basis. As new threats are detected, improved mechanisms must immediately be put in place to defend against them. Your current system and applications may be in good working order but skipping an update or patch places your entire port operations at risk.
5. TRAIN STAFF
Constantly train staff on current risks, how to identify potential threats and how to report them. Staff should also be made familiar with the procedures to precisely identify when it is their own security team at work on the system, as against a malicious imposter.
Cybersecurity is not just an IT or Security team function It is everyone’s responsibility. All staff must be made aware of this fact: breaches at your port can affect the entire supply chain.
Contact the ADVANTUM Networking Services team for assistance with improving your port’s cybersecurity and network security.