Container point of view
22 June 2023
Artificial intelligence in the maritime economy
9 August 2023
When we talk about maritime cybersecurity, we mainly think about ships. Especially since their existing infrastructure is highly developed and closely interconnected, encompassing industrial automation and OT/IoT/IT (operational technology, internet of things, information technology) systems. However, it is the ports that should be the focus of attention. They are places where the level of ICT risk is much higher than on a single ship on the open sea.
In a port, a large number of ships appear in a single location at high dynamics, and in cyber reality they can and do affect each other, often unnoticed and currently unmonitored. Also present at the port are cargo handling companies, logistics companies, transportation companies, government institutions – each with its own systems, processes, vulnerabilities and risks. In sum, therefore, the threat multiplies significantly, and this is due to the very large number of links and facilities. So, if an attacker wanted to exploit an existing vulnerability for his attack, as well as leverage the port environment, it would be relatively easy for him to find vulnerable systems and exploit them right there in the port, in order to then spread to other parts of the world quite easily.
In the event of a cyber incident, it becomes possible to block a single port, a navigable channel, the supply chain of a specific commodity, or global trade through ICT means. Thus, we see that ports are one of the key places where ensuring ICT security should be a priority.
To manage cybersecurity in an efficient way, it needs to be looked at holistically, not just in terms of shared visibility of events from the physical, OT/IoT or IT domains. Nor can ship security be separated from seaport security, as ports are the place where many threats of extreme importance to maritime transport and the maritime sector as such, such as the offshore sector, can best be controlled and mitigated. Conducting similar activities on a consistent basis, however, will require a comprehensive view, that is, of more than just one area.
Port authorities should therefore have a leading role in setting security standards, as well as monitoring their own systems, infrastructure, vessels and any other systems that could potentially affect their operations, as well as the logistics chains running through their ports. They should also continuously exchange threat information with other ports and key players in the field (e.g., railroads, state institutions, key logistics companies). This is especially important in the perspective of the connection between systems and processes linking different entities, with different levels of maturity, different internal processes and procedures related to cyber security. Only with the holistic view that port authorities have will it be possible to design and implement standards that ensure a comprehensive service process – from monitoring systems and processes for security, to maintenance, incident handling and remediation processes.
From the times when the main problem in the maritime sector was a single frustrated man who used his knowledge to take revenge on his former employer, the world has changed a lot. Virtually all attackers are already professionals. Criminal organizations have begun using new methods to revive their old scenarios for gaining money or knowledge. In the same way, authorities in some countries have begun to use cyber attacks (carried out through mercenary teams or their own cyber armies) to bolster their operations against adversaries. Such hybrid threats, composed of a combination of cyber and physical attacks, can be really serious, as they will be remarkably effective. The effect of hitting private enterprise could be to disrupt the economy nationwide and compromise energy security. Similarly, a hit to the country’s infrastructure could disrupt private businesses. Defense against such serious threats should be fully professional, not only in a top-down approach, but also bottom-up. It should therefore also include hard infrastructure, sealing monitoring gaps, streamlining processes, monitoring, responding to threats and evaluating their effectiveness. Even if we don’t stop all attacks, we can and should reduce the impact and consequences of most of them. Ports are the best place to implement and monitor security – which is why we believe their security should be a top priority.
Article developed with Namiary na Morze i Handel magazine
phot. Namiary na Morze i Handel magazine
