U.S. Seaports Move Against Cyber-Attacks

Port information technology leaders – along with their counterparts in private industry and other critical infrastructure (CI) – have been confronting the threat of cybersecurity for some time.

According to the American Association of Port Authorities (AAPA), cyber threats continue to grow in prominence and are evolving rapidly. As a consequence, there is a need for clarity in communication about goals, strategies, objectives and tactics.

“Several ports have participated in the General Accountability Office's cyber-security review of ports, and others are working with local and federal law enforcement, as well as academic institutions, to identify and develop best practices on cyber-security,” says Kurt Nagle, AAPA president and CEO. “At the federal agency level, there is a need for common standards and a clear delineation of roles and responsibilities for CI, including ports.”

While AAPA acknowledges that creating systems to prevent cyber breaches is not easy or intuitive, it has given its member ports a framework comprising “tiers” of risk-based implementation

“Just as annual physical security exercises are conducted to ensure good working processes, annual cyber-security drills are recommended,” says Nagle.

He adds that include a port's law enforcement partners to ensure appropriate notifications, forensics preservation, and investigation processes meet their needs defining the U.S. Coast Guard's role and providing federal funds through the Port Security Grant Program.

Another challenge, says Nagle, is to see that the USCG can meet the demands of cyber-security while not compromising its own limited resources.

“Tasking the USCG with responsibilities for cybersecurity within ports is logical but will strain an agency that has already seen its mission and responsibilities expand greatly since 9/11,” he says.

SC
MR