Coordination among port police and technology personnel is critical for physical and cybersecurity, and partnerships between ports, terminal operators and others are necessary for successful security.
By Barry Parker
Security continues to be an important concern throughout the maritime world, with the challenges steadily broadening throughout all touchpoints for industrial supply chains or passenger movements through ports. The security scope is broadening as well, as it is not just physical security that is top of mind; it is cyber security as well.
It is not a small task to keep ports safe, and it is not a task that is limited to just security personnel. Coordination among port police and technology personnel is critical for physical and cyber security, and partnerships between ports, terminal operators and others are necessary for success.
With electronic digital controls replacing analog mechanical controls on all manner of industrial equipment, the exponential growth in the number of interfaces has been a hot-button item for security industry professionals. As people, devices and systems become more interconnected, port professionals must look not only at traditional security to keep individual facilities safe and secure, but they must consider impacts of cyber security that come with all this connectivity. Physical security is paramount, but throughout the maritime and supply chain worlds, the cyber component – which is also dynamic (meaning that threats can change on a daily basis) – is now receiving equal amounts of attention.
April Danos, director of information technology for the Greater Lafourche Port Commission and chair of the AAPA Cybersecurity Subcommittee, part of the AAPA’s Information Technology Committee (see sidebar), explained, “Operational technology, or OT, is all about industrial controls, things like automated cranes, or a card reader that controls a gate. Information technology, or IT, is needed to secure those systems. In the example of the card reader, a cyber breach – where someone tampers with the data – could enable unauthorized people to enter a secure area.” Other examples of what might happen, cited by Danos, include a situation where firmware controlling a port’s security camera is not updated, creating a vulnerability where a hacker, or worse, someone planning a physical attack, could gain control of the camera. She said, “Our job is to think it through….to envision the worst case scenarios and come up with the worst nightmare. Then we can begin to plan properly.”