- UK issues updated code of practice for ports’ cybersecurity.
- Amended codes concern those with responsibility for protecting the technical systems of port facilities and vessels docked in ports.
- Cyber security assessment includes the identification of assets and infrastructures.
- The report recommends following a holistic approach, when developing a cyber security plan.
- The policies that set out the security-related business rules derived from the relevant PSP or PFSP should be included in the plan.
Following the frequency of cyber attacks in the last years, the UK has published an amended Cyber Security Code of Practise, reports Safety4Sea.
Amended cyber security code of practice
The UK published an amended cyber security code of practice following the frequency of cyber attacks in the last years. These amended codes concern those with responsibility for
- protecting the technical systems of port facilities and
- vessels docked in ports.
Guide for good practice in ports
The Good Practice Guide uses principles, in comparison to national legislation or specific standards to promote good practice in ports and boost the cyber security measures already implemented.
The Guide mostly concerns those responsible for protecting the
- port/port facility,
- ships (when docked or berthed),
- persons,
- cargo,
- cargo transport units and
- ships’ stores within the port from the risks of a security incident.
It is highlighted that the loss or compromise of one or more of these assets can affect:
- the speed and efficiency at which the port can operate;
- the ability of the port to be able to safely carry out particular operations;
- the health and safety of staff and other people affected by the work activities being undertaken and to whom a duty of care is owed.
Cyber security assessment
It is reported that some steps to develop a cyber security assessment include the identification of assets and infrastructures, such as facilities, systems and data, that are crucial for protecting external infrastructure systems.
Identification of the port business processes
Another step is the identification of the port business processes using the assets and infrastructure, to assess criticality of assets and understand any internal and external dependencies.
Risk identification
Moreover, it is crucial to identify any risks that can arise from potential threats
- to the assets and infrastructure,
- to assess criticality of assets and
- understand any internal and external dependencies.
Cyber Security Plan
Holistic approach
The report recommends following a holistic approach, when developing a cyber security plan. It recommends including –
- people,
- process,
- physical and
- technological aspects of the port assets.
Security-related business rules
Additionally, the plan should include
- the policies that set out the security-related business rules derived from the relevant PSP or PFSP;
- the processes that are derived from the security policies and that provide guidance on their consistent implementation throughout the lifecycle and use of the port assets;
- the procedures that comprise the detailed work instructions relating to repeatable and
- consistent mechanisms for the implementation and operational delivery of the processes.
To learn more click here
Did you subscribe to our daily newsletter?
It’s Free! Click here to Subscribe!
Source: Safety4Sea
