Cyber-physical security for ports infrastructure

Abstract

Taking advantage of the benefits associated with digital means has become a main priority for ports globally. The effective and smooth integration of Information Technology (IT)applications and those systems that support the conduct of operations(Operational Technology (OT)systems), along with the accurate“adjustment” of the human factor elements should be viewed as a very critical pillar for optimized, safe and efficient operations in ports.The aforementioned assimilationcharacterizes cyber-physical systems and entails an extended number of IT and OT modules, systems andtasks involving various data transmission routes that are advancing in technological and operational level alongside plausible cybersecurity threats. These cybersecurity risks, threats and vulnerabilities are depicted in this article to emphasize the progression of cyber-physical systems in the wider maritime industry and port domains, along with their rising cybersecurity vulnerabilities.Existing and applicable industry and government standards and mandates associated with cybersecurity attempt to impose regulatory compliance and increase asset cybersecurity integrity with reduced emphasis, however, in the existing OT (Operational Technology) components and systems. The use of security risk assessment tools and processes used in other industrial sectors, such as the Security Risk Assessment(SRA) and the Bow Tie Analysis methods, can support the evaluation of IT/OT infrastructure for cyber-physical security susceptibilities and then assign suitable reactive measures. The cybersecurity safeguards that arise through the implementation of the MITRE ATT&CKThreat Model can enhance the cybersecurity posture of those assets that support the logistics chain, assuming that they are intermittently adapted following evaluations for their effectiveness and suitability. Finally, the improvement of stakeholder communication and cyber-awareness, along with the increase in cyber-physical security resiliency, can further be aided by the effective convergence of the segregated cyber and physical security elements of waterside or landside-based IT/OT infrastructure.