Cybersecurity at ports and terminals: Focus on the right things

"We always advise our customers to focus most of their attention and resources on the areas of cybersecurity that exhibit the greatest risks or are most easily addressed," says Jouni Auer, Chief Information Security Officer, Kalmar. "Sometimes customers are wary about using, for example, cloud services from companies such as Google, but the likelihood of an actual data breach in these services is vanishingly small. These companies have the largest resources in the world devoted to cybersecurity, simply because the stakes of any major incident would be so high."

We always advise our customers to focus most of their attention and resources on the areas of cybersecurity that exhibit the greatest risks or are most easily addressed

Auer points out that if any security breach does occur in solutions that utilise hosting by major cloud providers, it is overwhelmingly likely to be a result of the system being compromised elsewhere. 

"Major cloud services will almost always be vastly more secure than the on-site processes for using these services,” adds Henri Kettunen, Cybersecurity Lead, Kalmar. “In practice, by far the greatest cybersecurity risk for ports and terminals results in IT infrastructure that is unmaintained or simply forgotten."

In practice, by far the greatest cybersecurity risk for ports and terminals results in IT infrastructure that is unmaintained or simply forgotten

The human element

Alongside software and network-connected hardware, a major attack vector and source of vulnerabilities is – perhaps unsurprisingly – people. How can cybersecurity professionals balance the need for user vigilance with building systems that are secure and resilient?

"It's somewhat paradoxical that most remote cybersecurity threats are almost always the result of something that someone does or doesn't do locally," notes Timo Alho, Director, Product Management & Business Development, Kalmar. "If you only focus on the technical systems, you will be missing many of the attack vectors that are both most common and exhibit the greatest risks."   

If you only focus on the technical systems, you will be missing many of the attack vectors that are both most common and exhibit the greatest risks

"No matter what security measures we have in place, ultimately the systems will always be used by people," adds Jouni Auer. "A basic principle for today's cybersecurity professionals is that instead of trying to build a single, impenetrable firewall around our systems, we need security in depth, with multiple layers of controls and monitoring. So, we always try to make sure our cybersecurity architectures have the appropriate security layers built in, without compromising usability."  

Auer notes that while it's crucial to recognize the human element in cybersecurity, simply blaming users for security breaches is an outdated idea. "We should stop using this concept of the 'weakest link', particularly when it is applied to the people using the system. If you blame the user for your cybersecurity issues, you will most likely only be inhibiting them from reporting any security incidents that may actually occur. Instead, do your best to educate your users to act safely, while building in security layers that catch any threats even when they don't."

Instead, do your best to educate your users to act safely, while building in security layers that catch any threats even when they don't

Know your systems

As ports and terminals are critical infrastructure, many terminal operators will have detailed and stringent cybersecurity requirements that differ from those in other industries. At the same time, the basics are still the same: Allowing people and systems to do what they need to do while preventing them from doing what they are not supposed to do.

"One of the most important aspects of cybersecurity is simply keeping track of what systems and connections you are running," notes Jani Mäntytörmä, Chief Cybersecurity Engineer, Kalmar. "Without a solid strategy for asset management, it will be very difficult to keep your systems secure."

"We always need to stay flexible and adapt to the cybersecurity needs of the customer," concludes Henri Kettunen. "Generally, we advise our customers not to worry too much about the security of major cloud providers, but if their site specifically requires that everything be hosted locally, we can of course accommodate this. It's all about identifying what's most important and focusing on that aspect of cybersecurity first."

It's all about identifying what's most important and focusing on that aspect of cybersecurity first