Breaches at your port can affect the entire supply chain

By Frances Yeo*

Ports around the planet, are ramping up their operational and infrastructural capabilities, with digital transformation the main driving force behind these developments. And  the increased level of integration and interconnectivity between ports presents new challenges and risks. This includes increased opportunities for cyber-criminals to attack the entire supply chain.

Data safety and information security are therefore of critical importance. Cybersecurity is considered one of the three top risks of ports along with piracy and terrorism. Yet many ports are not fully prepared to manage these risks. Greater awareness on cyber-risks and vulnerabilities are necessary in order to promote and advance safe and secure shipping. In this regard here are five critical steps that port and terminal managers and operators and administrators should take to ensure that computer data and system integrity are secure.

  1. KNOW KEY SYSTEMS: Identify (a) key systems (hardware and software) and data that, if breached, could compromise or otherwise affect the port’s safe operation; and, (b) the steps required to nullify or minimize such risks or downtime.
  2. POLICY & PROCEDURES: To ensure business continuity, implement policies and procedures to safeguard against cyber incidents and threats. These policies should also identify and define the roles and responsibilities of key personnel, users and management. When there are changes to operations (as systems and functions are upgraded), the new policies and procedures should be reviewed and updated.
  3. ACCESS CONTROL: Implement stringent access and user control. Passwords and user access credentials should never be shared with unauthorized personnel. Real time tracking of changes to user controls (g., passwords) should be automated across key IT systems.
  4. PERIODIC CHECKS: Schedule periodic scanning and vulnerability tests on key systems and applications. Ensure that patching and updates are applied on a regular basis. As new threats are detected, improved mechanisms must immediately be put in place to defend against them. Your current system and applications may be in good working order but skipping an update or patch places your entire port operations at risk.
  5. TRAIN STAFF: Constantly train staff on current risks how to identify potential threats and how to report them. Staff should also be made familiar with the procedures to precisely identify when it is their own security team at work on the system, as against a malicious imposter.

Cybersecurity is not just an IT or Security team function It is everyone’s responsibility. All staff must be made aware of this fact: breaches at your port can affect the entire supply chain. []

  • First Published: December 2, 2021

Frances Yeo

* Frances Yeo has a 20-year career in the fields of management and logistics, and is CEO of ADVANTUM PCS Ltd, port and logistics software developers and network managed services providers. Visit —