The International Association of Ports and Harbors, a global organization representing ports worldwide that works with the United Nations, has released an 84-page document outlining "IAPH Cybersecurity Guidelines for Ports and Port Facilities."
According to the Executive Summary of the document, "The risk of a cyber-attack has become the top risk for port authorities and the wider port community. The accelerated pace of digitalization in port and port facilities only intensifies the urgency for executives to focus on organizational cyber resilience in order to safeguard the integrity and availability of critical data, ensure service delivery and protect maritime infrastructure. Doing so will increase the overall cybersecurity capabilities of the global maritime supply chain."
With the pandemic, the world's ports have faced an uphill battle to get container ships through in a timely manner. Backups across the world have caused delays in shipping which has a domino effect for numerous industries. If a port were to be hit by a ransomware attack, that could further exacerbate problems for the global supply chain, perhaps worse than what we saw when the EverGiven was stuck in the Suez Canal earlier this year.
In 2018, the Port of San Diego was included on the list of victims of a ransomware attack that also targeted hospitals, transportation agencies, and municipalities. Because of the guidance of the FBI at the time, the Port recovered their data without having to pay up.
The IAPH guidelines hope for similar outcomes for ports across the world. One of the main aspects of the document is the suggestion to create a Cybersecurity Maturity Model, which can help with executive-level decisions by evaluating informing where best practices could be implemented.
These guidelines are an example of how more and more industries are recognizing just how serious cybersecurity is.