Posted on May 17, 2016
By Barry Parker, portstrategy
I know, I know … it’s all easier said than done, but those who don’t keep up are almost guaranteed to be left on the beach looking at changing trades flows sailing to competing ports, or regions.
A session on cybersecurity at a recent shipping conference that I attended has great implications for ports. The same group thinking and problem solving that I’ve espoused for dealing with certain regulatory initiatives – think about container weighing – can also be applied to cyber incidents.
In a networked world where systems are linked up, the impacts of a cyber incident might reach way beyond one particular system. One panelist at the meeting that I attended talked about security having its own eco-system, telling the audience of several hundred shipping executives: “It goes beyond your own company… you need to look at vendors and customers.”
In the case of ports, port and terminal information systems are now linked up with those of trucking companies, shipping lines and intermediaries. And even the port business will be profoundly impacted by the next wave through the Internet of Things, where many mechanical devices will be tied together through intranets.
Unlike static RFID tags, which can be polled, the next generation of sensors and the like are programmed to talk to other equipment. So the potential for a cyber incident – which might be malicious, but might also be the result of a human error – looms large with the consequence of slowing down or shutting off cargo throughput.
In the shipping context, one panelist said: “It’s not that different from what we’ve done in managing other risk”; here, oil spill management comes to mind. Another speaker recommended entering into retainer agreements with cyber specialists so they could quickly be mobilised in the wake of an incident.
Other panelists suggested ‘table top exercises’ to simulate cyber-catastrophes; again, not dissimilar to the emergency preparedness drills that ports and shipping companies regularly engage in. It’s not that much of a stretch to include cyber incidents into such drills; computer ‘glitches’ increasingly have the potential to quickly and unpredictably immobilise flows of cargo. If that’s not an emergency to be prepared for, I don’t know what is.
Source: portstrategy