From system hardening and network zoning to active security monitoring
This blog article reproduces the presentation by Ralf Kempf at the event “Cybersecurity for Maritime Infrastructures” organized by Maritimes Cluster Norddeutschland e.V. (“Northern German Maritime Cluster”, held October 30, 2019, in Bremerhaven).
Today, cyberattacks on companies can easily cause damage in eight or even nine figures. Such attacks often take the form of spam e-mail, written with perfect spelling and grammar, that appears to have been sent by a colleague or a friend. The recipient is usually instructed to click a link or enter a password. And then it’s already too late: The malware spreads throughout the company.
Yet companies can protect themselves even against such professionally prepared attacks. I repeatedly encounter cases where companies spend lots of money on physical access protection, but leave all doors wide open when it comes to e-mail. If someone wants to enter the building, they have to show their ID – but anyone can gain access via e-mail or USB stick. There will always be an employee who clicks an enticing link – that’s just human nature – but it’s negligent for companies to give them the opportunity to do so in the first place. IT security can be vastly improved with just a few, very simple security precautions. You could prevent e-mails with Office attachments from being delivered right away, for example. Instead, these e-mails could initially be placed in quarantine for review. Another simple step is the deactivation of macros. In short, companies should always ask the following key question:
Could blockchain technology be an effective approach to protecting systems?
When it comes to safety and security in maritime logistics, cybersecurity is the central focus. Incidents like the NotPetya attack on Maersk are impressive signs that we can’t let our guard down. To the contrary: sustained efforts will be needed to defend against cyberattacks. In a current position paper, the Institute of Shipping Economics and Logistics (ISL) in Bremen tackles this subject and describes the measures needed to mitigate the risks from cyberspace.
The terms “safety” and “security” represent two sides of the same coin:
- Safety for aspects within the organization (such as occupational safety
- Security for protecting against external factors that can have an impact on the organization
Bremerhaven University began offering its master’s degree program in “Integrated Safety & Security Management” in 2009. In this degree program, students learn the skills they need to maintain and improve the safety and security of an organizational unit at the management level. Prof. Holger Schütt, Managing Director of AKQUINET PORT CONSULTING, lectures here on the subjects “Risk identification in logistics processes and facilities” and “Mathematical methods in risk analysis”.
Inside view at the HSBA study programme Logistics Management
The Hamburg School of Business Administration (HSBA) offers the dual study programme logistics management with a special focus on the logistics sector. In the lecture “Transport & Logistics IT” Prof. Dr. Jan Ninnemann, Academic Head BSc Logistics Management at HSBA, focuses on the IT and IT solutions for ports and terminals as a vital part of the supply chain. I was invited to present and discuss a case study on actual port and terminal IT solutions in a workshop. The participants of the course in the winter semester 18/19 were about twenty students, most of them in the fifth semester and in preparation of their bachelor thesis. They were studying in a dual approach with lectures at HSBA and working at Hapag Lloyd, the HHLA, Hermes or others.
After my introduction into the subject of the world trade, supply chain and the role of ports & terminals in this part, the course focused on particular solutions such as port community systems (PCS), terminals operating systems (TOS) and virtual terminal simulations to drive efficiency in today environment. The course was setup by Prof. Ninnemann in a workshop style, so during the case study the students developed a general view on the process from a terminal perspective and worked on the data requirements, IT systems used and the stakeholders in the process.