The challenge of cyber security for ports ecosystems
As ports become increasingly reliant on technology and the use of data, cyber risk identification, mitigation and response, become key points of conversation.
We spoke with Chronis Kapalidis at the event to find out more about the challenges for port ecosystems with regards to cyber security and how ports can look to safeguard themselves against cyber-attacks.
Chronis is an Academy Stavros Niarchos Foundation Fellow at the International Security Department, Chatham House. He is also the European Representative of HudsonAnalytix, focused on converged security.
Chronis has over 16 years of professional experience as a navy warfare officer in NATO, EU and UN operations.
Watch/ read the interview below.
It not just about protecting your core infrastructure, but also looking at the periphery. So, when looking at an asset taxonomy, it needs to be layered – the core, the periphery, and the edge.
Q: What are the 3 biggest factors in safeguarding logistics operations against cyberattacks?
Chronis Kapalidis: In order to answer that question, we need to understand what cyber security actually is.
In my corporate engagements, we’re looking at 3 different pillars of cyber security which one needs to address in order to fortress your operations.
These 3 pillars are: technology, people, and processes.
Technology requires one to use specific state of the art technology in order to be prepared against cyber attacks. A company also needs to raise awareness within the organisation as people tend to be the weakest link when it comes to cyber security.
They need to be aware of what is at stake but also the third pillar of processes which interlinks the other two pillars, and about how people can use the technology which has been installed.
It’s an ongoing process which requires a holistic approach in order to fortress a logistical operation. We predominantly speak with IT people – most organisations believe that cyber security is an IT problem. The IT people do understand what is at stake, but it is difficult to get senior management commitment in order to budget or spend resources and allocate people or time in order to tackle cyber security.
A top down approach is the only way forward.
Q: What are the main factors which port infrastructure and services need to have in mind when defining a comprehensive asset taxonomy?
CK: From the feedback we have received, port environments need to understand that they do not operate in isolation. They have assets (mainly ships) coming in which are connected to the port IoT infrastructure but they also have third-party vendors which come into the port and use the existing IT and IoT infrastructure to conduct business.
It not just about protecting your core infrastructure, but also looking at the periphery. So, when looking at an asset taxonomy, it needs to be layered – the core, the periphery, and the edge.
Q: What are the different cyber security challenges for IoT devices and cloud platforms?
CK: What we are seeing is that when you rely on IoT devices or cloud services, in most cases, cyber security is not in your hands. It’s in the hands of the vendor.
With that in mind, you really do need to do your due diligence well in advance before selecting a specific service or device. Cheap is not always the best option and you need to prioritise the ways in which you can illustrate cyber security by design in those specific devices and services.
Q: How strong to you believe the cyber security maturity of port ecosystems is at present?
CK: There is no clear answer to that as there would be a number of factors influence the answer from port to port. I would say the big ports which have the capacity to deal with cyber security are on a good level, but the smaller ports which facilitate cruise ships or smaller cargo ships don’t have the luxury to invest in cyber security at the same level of the larger ports.
Even if they do understand their protection is insufficient, it is difficult for them to have the resources to deal with this issue.
We work with the European Union, and specifically what they are doing is looking at the creation of a cyber risk self-assessment model for all ports in the industry. This is a start to solving the problem, by giving these smaller ports a ready-made solution to implement in their ecosystems.
Q: What makes events like this invaluable to the industry?
CK: Networking is at the core of event like this, but of course it’s also important to see what the state of the art with regards to specific topics is within the smart ports conversation. It may seem as a niche topic, but it isn’t.
Smart ports cover a huge variety of topics from environmental to cyber security, and several others in between.
So, knowing what is out there, and having a place where we can congregate to share that knowledge is really the best way forward.
Q: What are the hot topics for your presently?
CK: Digital transformation is a definite buzzword for me. It means several things and is definitely open to interpretation. In our minds you need to look at your port ecosystem specifically, then look at your needs, and then try to address these specific needs.
In short, don’t get carried away by buzzwords and try and look at the specific problems which you have as an entity.