Author: Schneider Electric
Ports have accelerated their pace of digitalization. They are leveraging technology to improve efficiency and logistics, achieve port sustainability goals, and streamline processes. For instance, ports are adopting connected technology, automating equipment and processes, enabling remote access and control, and connecting OT and IT networks. These changes have intensified the need to prioritize cybersecurity because digitalization and increased interconnectedness can introduce new cyber vulnerabilities.
Cyberattacks are increasing on ports worldwide. They can disrupt port operations, as well as have negative financial impact, cause reputational damage, and lead to regulatory consequences. For example, in July 2023, the Port of Nagoya, Japan’s largest and busiest shipping port, was forced to suspend operations following a ransomware attack. The attack disrupted the port’s communication systems, which affected imports and exports, because the facility was unable to load and unload containers from trailers for two days.
Many businesses are being affected by cyberattacks, including data breaches across sectors and damage and disruption to industries such as finance, healthcare, and energy. To address these widespread cybersecurity concerns, governments and organizations have developed legislation, as well as guidelines, aimed at improving cybersecurity. For example:
Ports are part of the world’s critical infrastructure – moving both people and the majority of traded goods. Despite their importance, there is no common methodology for port cyber-risk assessment, according to the European Union Agency for Cybersecurity (ENISA). To help remedy this, ENISA has developed actionable port-specific cyber risk management guidelines and identified good practices for managing cybersecurity challenges. This approach is mapped to the risk assessment methodology’s steps in the ISPS Code and the EU legislation for Port and Port Facility Security.
ENISA’s four-phase cybersecurity plan includes:
Following recommended practices, such as those from ENISA, is an important aspect of ports’ cybersecurity. Ports also benefit from working with experienced experts who can help implement a holistic cybersecurity plan that helps maintain a port’s cyber defenses over time.
For example, to be more cybersecure, ports must be able to identify information technology (IT) and operational technology (OT) assets and services (ENISA Phase 1). This can be difficult if ports lack the available resources or the necessary information regarding their IT and OT cybersecurity vulnerabilities. While ports are familiar with the topic of IT cybersecurity, port facility managers often are not aware of the cybersecurity risks to their OT systems. By working with OT cybersecurity specialists, ports can conduct a risk assessment that helps determine the specific areas where ports need to focus and improve.
Based on the risk assessment results, certified OT cybersecurity experts can perform vendor-agnostic services, such as design and implement a strategy that helps ports protect critical assets, reduce exploitable weaknesses, and defend against cyber-attacks. This approach is more robust when supported by advanced technology solutions that conform to ISA/IEC 62443 standards and are secure by design.
Like ports, the aviation industry must comply with the NIS2 Directive. For example, by upgrading its power monitoring and control systems’ cybersecurity, a European airport was able to fulfill the directive’s requirements. This also minimized cybersecurity vulnerabilities and built the foundation for a long-term cybersecurity maintenance program.
Making power monitoring and control systems cybersecure was the airport’s priority because a cyber-attack on only one or two subsystems could have impacted the airport’s operations. For example, cyberattackers could have reprogramed upper permissible voltage levels so that the Landside Airport Operations Center’s (APOC) networks were continually starved of power.
To improve cybersecurity, this airport implemented solutions, such as installing anti-malware, implementing hardening measures to protect existing hosts, and configuring and operating back-up solutions.
The results included:
Cyber-attacks are a major threat to ports’ operations. While ports may be aware of IT cybersecurity, they also need the same level of awareness and expertise when it comes to OT cybersecurity The cybersecurity risks will become even more prevalent as ports digitalize more actions and assets. Ports can reduce their vulnerabilities and make operations more secure and resilient by having expert support, tools, services and standards in place to help protect against attacks and limit damages.
Learn more about OT cybersecurity solutions for ports. https://www.se.com/ww/en/work/solutions/cybersecurity
About the author
Tam Osentowski, Vice President, Global Transportation Segment
Tam is VP of Global Transportation Segment where she is responsible for the strategy, sales & deployment of Schneider Electric’s end-to-end portfolio for infrastructures of the future. Tam has been at the forefront in understanding, defining, and delivering solutions to address customer pain points through her 21 year tenure at Schneider Electric. Her expertise in sustainability consulting services and strategic customer experience management allows her to deliver tailored services for new and existing customers, with a particular focus on leading electrification efforts to build more sustainable operations.
Texas-based Osentowski earned a Leadership in Energy and Environmental Design Accredited Professional (LEED AP) designation and holds a Bachelor of Science and Master of Business Administration.
Author: Tom's Hardware Il settore degli smartphone pieghevoli si sta preparando per alcuni importanti aggiornamenti,…
Author: GAMEmag iRacing è spesso considerato un colosso nel settore delle simulazioni automobilistiche, distinguendosi per…
Author: Agemobile Apple lo scorso anno ha introdotto un nuovo Game Porting Toolkit per aiutare…
Author: IlSoftware Linux ha guadagnato popolarità negli ultimi decenni, specialmente tra sviluppatori, amministratori di sistema…
Author: Hardware Upgrade Guardate con invidia il vicino con il soffiatore per pulire il giardino…
Author: klatsch-tratsch Bill (l.) und Tom Kaulitz sind angeblich zwei der Promis eines geplanten "LOL"-Specials.…