The UK government has published an updated version of its Ports and port systems: cyber security code of practice document, which aims to provide guidance for companies with responsibility for protecting technical systems at port facilities and vessels docked in ports.
The guidance was produced by the Institution of Engineering and Technology in conjunction with the UK Department for Transport, and provides advice on developing a cyber security assessment and how to plan for important assets, processes and potential vulnerabilities.
The document highlights national and international cyber standards used and their relationship to existing regulation, and aims to to assist companies in handling security breaches and incidents and devising appropriate mitigation measures.
The guide is an updated version of the Code of Practice Cyber Security for Ports and Port Systems originally published in 2016, with the latest version taking particular note of the June 2017 NotPetya cyber-attack, which disrupted operations at Maersk so severely that the company reported resultant losses of some $200-300 million.
“Port facilities are becoming increasingly complex and dependent on the extensive use of information and communications technologies (ICT) at all stages of their lifecycles – for example, in the growth of automated berthing operations,” the report says.
“Some of this technology is embedded in the fixed and mobile assets used to operate the port; other elements may be remotely located, such as the systems used to schedule vessel and cargo movements. This Good Practice Guide explains why it is essential that cyber security be considered as part of a holistic approach throughout an asset’s lifecycle, as well as setting out the potential financial, reputational and safety consequences that may arise if threats are ignored.”
“It is intended that this Good Practice Guide be used as an integral part of an organisation’s overall risk management system and subsequent business planning, to ensure that the cyber security of port systems is managed cost-effectively, as part of mainstream business.”