To a growing extent, modern seaports and inland ports are controlled by IT systems. In this context the smooth exchange of information between port stakeholders is crucial from a business perspective. Even the briefest system downtimes can give rise to substantial financial losses. Within the framework of a new project codenamed SecProPort, which has attracted a subsidy of around 2.8 million euros from the Federal Ministry of Transport and Digital Infrastructure (BMVI), an industry and research consortium is developing a security architecture to comprehensively protect port logistics against cyber attacks.
All traffic in the north of Germany brought to a standstill by an attack on the IT structure of the Bremen ports – a nightmare scenario, or science fiction? Not at all. A similar situation actually occurred in summer 2017 after a cyber attack on IT systems belonging to one of the world’s largest shipping lines. The economic consequences were significant. One reason for the far-reaching impact of such incidents lies in the interconnections that exist in a complex alliance of port communication systems. All the actors that play a role in port transport – such as terminal operators, shippers, forwarders, port IT and railway operators, and port and customs authorities – depend on their own IT systems, which have developed over time. If an attacker successfully intervenes in this alliance – either by hacking a port actor’s IT system or gaining unauthorized access from the inside – he can feed manipulated messages into the system and, for example, corrupt container information, steal confidential data, or block customs clearances. In the worst case, such action can trigger a complete shutdown of all port operations, including the associated transport infrastructure.
Project aiming to provide comprehensive IT security architecture for port communication alliance
Despite the substantial security risks, a comprehensive security architecture capable of protecting the entire port communication alliance against such attacks is thus far lacking. This deficit provides the touch point for the collaborative SecProPort project that was launched on November 1, 2018. It is being sponsored for a three-year term by the Federal Ministry of Transport and Digital Infrastructure (BMVI), within the framework of a funding program entitled Innovative Port Technologies (IHATEC). Its aim is to develop a general and comprehensive IT security architecture for the communication network that operates within port facilities. The innovative architecture is to support the diverse security requirements of the operating procedures that take place in the network, protect them against sabotage, and prevent third parties from illicitly gathering sensitive data. The architecture is also to provide resilience measures for minimizing the impact on other actors in the alliance in case of an incident, and returning the affected network to normal operation in a controlled manner.
Eight consortium partners pooling expertise in port operations and IT security
The desired architecture is to be implemented by first analyzing typical attack scenarios targeted at the data processed in the port communication alliance. The next step entails designing the actual security architecture for the alliance and installing a prototype in collaboration with the application partners. From a broader perspective, the project is adopting a preventive approach. Security aspects are high on the agenda from the outset of the development process, with a view to preventing significant losses in case of a later incident. Success in this respect is to be ensured by the pooling of expertise by eight project partners. Under the coordination of dbh Logistics IT AG, the actors belong to the port sector – BLG LOGISTICS GROUP AG & Co. KG, Duisburger Hafen AG and Hapag-Lloyd AG; research institutions – DFKI GmbH, the Institute of Shipping Economics and Logistics (ISL), and Bremen University; and, in one case, the IT security service segment – datenschutz cert GmbH.