Due to the coronavirus pandemic, the members of the European region of the International Association of Ports and Harbors (IAPH) attended this year’s regional meeting digitally. The theme of the event was Cyber Security and Digital Trust. IAPH represents over 180 member ports and 140 port related businesses in 90 countries.
At the first digital regional meeting, Jens Meier, IAPH Vice President for the European Region and CEO of Hamburg Port Authority (HPA), focused on informing members of current developments and on raising cybersecurity awareness. Discussions focused on the need for ports to secure their organizations more effectively in order to avoid cyberattacks and to ensure a better response against them.
Beyond this, CEO Jens Meier and the board members have been setting out a roadmap for a strategic re-orientation of the organization. They want to ensure that IAPH provides both leadership and support to its diverse members in order to bring more added value to the initiative oriented to its members and future needs. Also, Santiago Garcia-Milà, President of the IAPH and Deputy Director of Port of Barcelona, attended the session and gave an overview of the various changes that have taken place in the organization since 2016. Garcia-Milà pointed out that the three new Technical Committees implemented this year focus on members’ needs and strengthen the relationship with IMO.
Maritime transport is a crucial activity for the global economy. It enables the import and export of goods, the critical supply of energy, and transport of passengers and vehicles. Our global critical ecosystem relies on more than 1,200 seaports within the European Union alone. Covid-19 has accelerated the global digitalization trend and drives further investment in the modernization of port information technology infrastructures in order to remain competitive in the new reality.
Safeguarding operational assets from persistent threats while also maximizing efficiency, real-time intelligence, and system uptime is no small task. Control systems have become vital to ensure that our daily lives run smoothly, supplying power, running refineries, and also running medical, transportation, building control, and logistics technologies. The exposure list is long, and stakes are growing higher. Businesses are clearly struggling to resolve cybersecurity vulnerability in control systems and operational technology (OT) environments.
This session addressed the actual cybersecurity risk with the targeted attack against the Port of Barcelona and broader aspects of cyber-resilience such as challenges and possible remediation from the leadership role perspective.
Mr. Meier approached this topic by summarizing the current trends in cyberattacks and informing about the measures that the Hamburg Port Authority has taken. He declared: “If we want to take full advantage of the opportunities offered by digitalization, we must manage the cyber-risks involved and thus ensure digital trust. Protection starts with people. Regardless of the methods of attack – e-mail, cloud applications, web, or social media – attackers are increasingly taking advantage of the human factor. That’s why the approach to cybersecurity should be centered around people.” Jens Meier added: “Artificial intelligence is an extremely useful technology that enhances the intellectual abilities of people and that should be expanded and used where necessary. However, computers will not replace people. They are tools that will complement us.” The cyber threat situation in 2020 is marked by the Covid-19 pandemic. Meier: “Remote working as a result of the pandemic is another contributory factor to a business’s vulnerability to cyberattacks.”
Catalina Grimalt, Deputy General Manager of Organization and Internal Resources at the Port of Barcelona, spoke of her own experience with the cyberattack suffered by the Barcelona Port Authority in September 2018. “We have learned to improve on safety”, said Catalina Grimalt. “We were attacked, thus we are aware of the seriousness of this issue. We have been working hard on cybersecurity, implementing different security procedures and our systems are supervised by three different authorities. The most important thing we learned is that the port is not only responsible for its own cybersecurity, but also for the cyber-resilience of the whole supply chain, so we have to build up the resilience of all our ports”.
A representative of the State Office for the Protection of the Constitution of the City of Hamburg additionally pointed out the high risk of manipulation of data with unnoticed technology. Malicious software can be imported through updating processes or by remote control, so it is highly recommended to evaluate the systems critically on an ongoing basis.