UK Amends Cyber Security Code of Practise for Ports

1529

  • UK issues updated code of practice for ports’ cybersecurity.
  • Amended codes concern those with responsibility for protecting the technical systems of port facilities and vessels docked in ports. 
  • Cyber security assessment includes the identification of assets and infrastructures.
  • The report recommends following a holistic approach, when developing a cyber security plan.
  • The policies that set out the security-related business rules derived from the relevant PSP or PFSP should be included in the plan. 

Following the frequency of cyber attacks in the last years, the UK has published an amended Cyber Security Code of Practise, reports Safety4Sea.

Amended cyber security code of practice 

The UK published an amended cyber security code of practice following the frequency of cyber attacks in the last years. These amended codes concern those with responsibility for 

  • protecting the technical systems of port facilities and 
  • vessels docked in ports. 

Guide for good practice in ports 

The Good Practice Guide uses principles, in comparison to national legislation or specific standards to promote good practice in ports and boost the cyber security measures already implemented.

The Guide mostly concerns those responsible for protecting the 

  • port/port facility, 
  • ships (when docked or berthed), 
  • persons, 
  • cargo, 
  • cargo transport units and 
  • ships’ stores within the port from the risks of a security incident.

It is highlighted that the loss or compromise of one or more of these assets can affect:

  1. the speed and efficiency at which the port can operate;
  2. the ability of the port to be able to safely carry out particular operations;
  3. the health and safety of staff and other people affected by the work activities being undertaken and to whom a duty of care is owed.

Cyber security assessment 

It is reported that some steps to develop a cyber security assessment include the identification of assets and infrastructures, such as facilities, systems and data, that are crucial for protecting external infrastructure systems.

Identification of the port business processes 

Another step is the identification of the port business processes using the assets and infrastructure, to assess criticality of assets and understand any internal and external dependencies.

Risk identification

Moreover, it is crucial to identify any risks that can arise from potential threats 

  • to the assets and infrastructure, 
  • to assess criticality of assets and 
  • understand any internal and external dependencies.

Cyber Security Plan

Holistic approach

The report recommends following a holistic approach, when developing a cyber security plan. It recommends including –

  • people, 
  • process, 
  • physical and 
  • technological aspects of the port assets.

Security-related business rules 

Additionally, the plan should include 

  • the policies that set out the security-related business rules derived from the relevant PSP or PFSP; 
  • the processes that are derived from the security policies and that provide guidance on their consistent implementation throughout the lifecycle and use of the port assets; 
  • the procedures that comprise the detailed work instructions relating to repeatable and 
  • consistent mechanisms for the implementation and operational delivery of the processes.

To learn more click here

Did you subscribe to our daily newsletter?

It’s Free! Click here to Subscribe!

Source: Safety4Sea