IAPH releases cyber security guidelines for new port technologies

1. Integrate cybersecurity aspects in the early stages of emerging technologies planning, implementing cybersecurity by design: Cybersecurity should be embedded in the early stages of technology planning. Delaying implementation, or addressing vulnerabilities only after a cyberattack, can result in significantly higher costs and a higher impact on the organization operation continuity.
2. Assess cybersecurity risks and vulnerabilities introduced by emerging technologies, even if those technologies are not planned to be implemented within the organization: Even if an organization does not intend to adopt a particular emerging technology, it is crucial to evaluate potential risks it may introduce to existing infrastructure within the organization. For example, quantum computing will affect current encryption methods.
3. Avoid the misconception that non-IT systems do not require cybersecurity assessments: As you can see in these guidelines, even the very important initiatives of green energy might introduce new cybersecurity vulnerabilities, which may have disastrous impact on the maritime supply chain operation.
4. Recognize the potential physical impact of cyberattacks: For example, drone hijacking: an attacker could take full control of the drone, redirecting it to unauthorized targets or using it for sabotage.
5. Conduct a holistic cybersecurity assessment when integrating multiple technologies: Some emerging technologies, such as Automation, rely on a combination of other technologies. Cybersecurity assessments should consider the overall system, not just individual components.
6. Implement technology-specific protection, detection, and mitigation measures, in addition to general cybersecurity measures outlined in the IAPH Cybersecurity Guidelines for Ports and Port Facilities: Emerging technologies have specific characteristics and it is important to implement protection, detection, and mitigation measures that are tailored to the technology and not only the general ones. For example, dedicated authentication methods used in 5G networks.
7. Look for new cybersecurity solutions that are enabled by emerging technologies: Some emerging technologies may introduce new cybersecurity solutions that should be leveraged to enhance organizational cybersecurity. For example, AI excels at monitoring information systems. Using behavioral analysis, it identifies anomalies in network traffic and user behavior. Even IoT introduces new cybersecurity solutions, such as decentralized IoT-based honeypot solutions: IoT devices, which can serve as honeypots to lure attackers, allowing organizations to gather intelligence on their attack methods.
8. Training and education is an important tool to ensure cybersecurity by design implementation of emerging technologies in the maritime supply chain: When teaching emerging technologies in maritime-related courses, cybersecurity-related content should be included. This is relevant to internal training in maritime supply chain organizations and in maritime supply chain-related education institutions, including universities.
9. Engage in the efforts to update the national and international legislation to adapt the existing requirements, for a cyber-secure implementation of emerging technologies in the maritime supply chain.

These guidelines have involved a significant amount of work from Gadi, our DCC chair Ingrid Boqué and the team of authors from our membership and partner experts. It addresses the number one health, safety and security concern identified by our surveyed respondents to the recent IAPH World Ports Tracker market and sustainability trends report

… said IAPH managing director Patrick Verhoeven.