- People are one of the weakest links in the cybersecurity chain.
- Risk analysis is a key tool for identification and prior action.
- One of the main risks in the sector is to focus on medium- to long-term threats, forgetting about those that exist on a day-to-day basis.
The Logistop Webinar “Logistics-port security: trends and applications in cybersecurity in ports” presented and analysed the context and current situation of cybersecurity, as well as the risks facing logistics companies today, presented examples and success stories applied to the logistics sector to improve their cybersecurity capabilities and share experiences of innovation in the field of cybersecurity and identify the future challenges facing the logistics-port industry.
Port security and, in particular, the cybersecurity of digital systems and platforms associated with logistics chains is becoming increasingly relevant as companies advance in their digital transformation. Likewise, the vulnerability of these systems has been highlighted in the current context of geopolitical uncertainty and major disruptions generated by the Covid19 pandemic.
To analyse these issues we have had the participation of Maite Álvarez, Cybersecurity Project Manager, Tecnalia, Diego Fernández González, Cybersecurity Manager, Centum Digital, Javier Prieto Vilas, Security Innovation Architect, Axians – Vinci Energies, and Ángel Laguna Argente, R&D&I-ICT Project Technician, Fundación Valenciaport, as well as the introduction by Tomás de la Vega, Managing Director, Logistop, and the presentation by Alicia Enríquez Manilla, Innovation and Development Team of the Port Cluster, Fundación Valenciaport.
Cybersecurity in a complex multi-actor context
Maite Álvarez reviewed the current context of the port environment and its implications in terms of cybersecurity, and also mentioned the technologies that can be used to confront and prevent possible cyber-attacks. All of this, emphasising the importance of defining and planning strategies that favour the protection of the cyberspace that the port considers as its own.
The threats that the agents in the port environment must face are many, but, as Álvarez points out, one of the weakest links in the whole chain are the people, as in many cases they are the entry point for malicious software. In order to deal with existing threats, it is necessary to establish a defence in depth under the premise of protecting all the layers of the organisation with specific elements. Bearing in mind that not only the incorporation of technology is the solution, but that if people are not aware of the importance of security, the problem cannot be solved.
“The port is considered a critical infrastructure and can suffer strategic attacks with the intention of destabilising the region. Therefore, when we talk about cybersecurity, we are talking about planning strategies to protect the cyberspace that we consider our own and, in addition, the processes must accompany the security policy that has been defined by the organisation”
Maite Álvarez, Cybersecurity Project Manager, Tecnalia
Risks and recommendations to avoid incidents
Among the main risks that the port environment must face, Diego Fernández highlights the following: espionage, accidental damage, power outages, environmental or natural disasters, physical attacks, activities and abuses, operation… Therefore, a good risk analysis is considered a key tool to be able to identify and detect them in advance and to be able to implement resilient measures.
In terms of recommendations to avoid, as far as possible, risks in the field of cybersecurity, Fernández highlights, in addition to the aforementioned risk analysis, the importance of establishing good security policies and applying existing regulations that, in addition to complying with established procedures, serve as a guide for monitoring steps and deadlines for security implementations, among others.
“The port sector has to face and manage a large number of services, each of them with its own casuistry, so its protection against cyber-attacks poses multiple challenges which, in order to face, the establishment of good security policies and a good risk analysis are key tools”
Diego Fernández González, Cybersecurity Manager, Centum Digital
Zero trust, security for smart ports
For his part, Javier Prieto stressed the importance of focusing on two fronts: on the one hand, in the medium to long term, in which cybersecurity must accompany all the digitalisation processes that are being developed and implemented; and, on the other hand, on the threats that must be faced on a day-to-day basis. Therefore, one of the main concerns that should be analysed is whether there is sufficient control over identities, as credential theft is one of the main cyber threats today.
Therefore, as Prieto highlighted, identity is one of the main keys in Zero trust models, an integral security model that helps to guarantee cybersecurity on any type of infrastructure, whose potential lies in the way in which the organisations themselves, their data and their employees are protected using technologies such as multifactor authentication, IAM, orchestration, analysis and visibility, encryption, PAM and system permissions.
“The digitisation of the port sector is taking place according to dates and timetables that, in the case of cybersecurity, are not compatible with the progress being made by cybercriminals”
Javier Prieto Vilas, Security Innovation Architect, Axians – Vinci Energies
Innovation projects in the area of port cybersecurity
Finally, Ángel Laguna presented different European innovation projects in the framework of critical infrastructure protection against cyber-attacks in which the Valenciaport Foundation is currently participating, focusing on Sauron, Praetorian, Cybersane, Cyrene and CyberMAR, pilots carried out in relation to port security and logistics chains.
“Cybersecurity innovation projects are fundamental to the analysis of possible tools and solutions that allow us to face the challenges that cybersecurity poses in the port sector”
Ángel Laguna Argente, R&D&I-ICT Project Technician, Fundación Valenciaport
Logistop is the benchmark workspace for collective innovation through the realisation of projects hand in hand with our members. Transforming the entire supply chain into a more efficient and sustainable one. All this with the aim of articulating and carrying out innovation projects among the members, without excluding the possibility of collaborating with or receiving support from certain organisations outside Logistop.