From system hardening and network zoning to active security monitoring
This blog article reproduces the presentation by Ralf Kempf at the event “Cybersecurity for Maritime Infrastructures” organized by Maritimes Cluster Norddeutschland e.V. (“Northern German Maritime Cluster”, held October 30, 2019, in Bremerhaven).
Today, cyberattacks on companies can easily cause damage in eight or even nine figures. Such attacks often take the form of spam e-mail, written with perfect spelling and grammar, that appears to have been sent by a colleague or a friend. The recipient is usually instructed to click a link or enter a password. And then it’s already too late: The malware spreads throughout the company.
Yet companies can protect themselves even against such professionally prepared attacks. I repeatedly encounter cases where companies spend lots of money on physical access protection, but leave all doors wide open when it comes to e-mail. If someone wants to enter the building, they have to show their ID – but anyone can gain access via e-mail or USB stick. There will always be an employee who clicks an enticing link – that’s just human nature – but it’s negligent for companies to give them the opportunity to do so in the first place. IT security can be vastly improved with just a few, very simple security precautions. You could prevent e-mails with Office attachments from being delivered right away, for example. Instead, these e-mails could initially be placed in quarantine for review. Another simple step is the deactivation of macros. In short, companies should always ask the following key question:
In Rotterdam 4th – 6th Nov 2019
Last week’s #SDP conference in Rotterdam has been packed with loads of content into two days with quite some takeaway for the more than 250 visitors. As a kick-off for the conference Port of Rotterdam presented their way forward and how they are one of the leading ports when it comes to digitization and smart port approaches.
So what are the learnings or is the takeaway from this conference?
1. The market around the ports and terminals is not waiting!
The global forwarders and customers of the shipping lines are not waiting until the port industry has made their way towards integrated, smart and data driven solutions. Things everybody is already used to in the day-to-day online shop, are expected to become normal in the logistics chain on a business level as well. So everybody ordering things on Amazon or other platforms expects to get the tracking ID immediately after ordering automatically. This is what is expected at the business level in the supply chain as well by the forwarders. Also the liners (and their vessels) as the main customers of ports are moving ahead. They start optimizing the routing using data analytics and connected data to minimize e.g. fuel consumption or waiting time (or both). This also requires more interactive and connected approach for ports towards the vessels. Connectivity and data exchange across the borders of the different parts of the supply chain are necessary.
Could blockchain technology be an effective approach to protecting systems?
When it comes to safety and security in maritime logistics, cybersecurity is the central focus. Incidents like the NotPetya attack on Maersk are impressive signs that we can’t let our guard down. To the contrary: sustained efforts will be needed to defend against cyberattacks. In a current position paper, the Institute of Shipping Economics and Logistics (ISL) in Bremen tackles this subject and describes the measures needed to mitigate the risks from cyberspace.
14th SPC evening event focusing on digitalization – September 12, 2019
The latest software tools are essential to managing the flows of goods at sea ports and hinterland hubs – that was the general agreement among the speakers and 60 trade visitors at the evening event on September 12, “The Port of Today”, organized by the ShortSeaShipping Inland Waterway Promotion Center (SPC) at the Pegelbar in the Port of Neuss.
Marcus Nölle (SPC) about the port of today
“The demands on sea ports, which are no longer merely transshipping sites, but also offer value-added services, continue to increase relentlessly: digitalization, port safety and security, and growing ship sizes – those are the main topics,”
said SPC Managing Director Markus Nölke.
“The better and more modern a port is, the greater the likelihood that it will actually be used.”
Port digitization provides more and more data about the past processes as well as about the current state at the terminal from various sources and stakeholders.
Terminal operators have to accept this mind change: Analysing the data from the previous shifts/weeks and connecting them with the current state of the process planning on the terminal enhances the staff in the control room to predict what will happen next on the terminal.
As a result the existing equipment fleet will be used in a much more efficient way, instead of spending thousands of Euro for new equipment. In the current stable economic situation (+/- throughout growth rate) terminal processes have to be analysed and optimised. With forecasting the operations, it can become smarter to fulfil the demands of the shipping lines and the efficiency of the port will increase. Become pro-active instead of re-act only on bottlenecks.