Maritime cybersecurity & Data sharing: staying agile while keeping data secure

November 4, 2021

Digitalizing the maritime industry is an ambitious goal, and while we are busy bringing innovative products to help our clients and partners achieve it, it is just as important to look into the process.

In this article, we would like to share some insights on one very important but often neglected topic, cybersecurity. 

What makes cybersecurity increasingly important in the maritime industry?

One core problem with the maritime industry was always the fact that it is slow to change, and when we speak of digitalizing the industry, we almost forget about the fact that information security comes hand in hand with digitalization. 

More often than not, when we speak of digitalization, information security is left behind and comes as a separate requirement long after the implementation of a new system. And that is one of the key problems. 

With the industry finally kicking into first gear to implement modern solutions in the forms of SaaS applications, smart IoT devices, and prediction systems to make daily operations more efficient, it is more important than ever to make sure good information security practices are in place and streamlined with the digitalization and implementation processes. 

What are the risks that the maritime industry might encounter while sharing data?

Speaking from experience at PortXchange, it is still challenging to convince a partner to share their data with us, and we urge the entire industry to be more open-minded about sharing their data, from a small agent to major port authority. 

With that said, the underlying concerns of data sharing should not be easily dismissed, what happens to the data once shared, how is it stored, and what are the measures taken to protect it? 

As an example, In September, the French shipping giant CMA CGM informed the public about a major data breach, and a year prior to that CMA CGM was hit with a ransomware attack.

While such breaches and attacks are certainly not unique to the shipping industry, we do believe that the industry is more susceptible to them, as it tends to be slower to implement changes, and even slower to implement security measures.

Lack of asset visibility, perimeter security, and weak security practices while developing data-sharing solutions such as APIs, are all recurring themes in these breaches. 

How to minimize security risks without hindering collaboration and data sharing?

The last thing a company in the maritime industry wants is to lengthen the already excruciating long processes it has. When we think of information security we often imagine robust policies and procedures to be put in place, and while that can absolutely improve the maturity of the organization, it can also greatly hinder agility and flexibility of operation if followed strictly, often bringing minuscule security benefits to the actual security posture of the organization. 

An alternative is to think proactively about security, it can greatly reduce risks while remaining agile and swift to implement new technologies or developing new data-sharing platforms, APIs, and systems

It is crucial to make sure that the endpoints that expose data are cataloged, and have restricted access only to the relevant parties using modern means of authentication and authorization. This should be easily manageable and not as time-consuming as it sounds, with identity providers such Auth0 and built-in security controls of cloud giants such as AWS and Azure being a click away.

How PortXchange ensures secure information exchange?

Since we know all about the struggle of bringing our partners to share their data with us, we have developed an in-house data authorization system to ensure the confidentiality and overall security of what is being shared. 

In practical terms, this means that we have tight control over who has access and visibility to any piece of information displayed in products. 

To make sure this system actually works, we have undergone an extensive security audit by an external independent information security consultancy. We plan to repeat these audits twice a year. 

But data security does not end at the front-end of the application, on top of existing controls and security frameworks we put in place, we make sure our developers are on top of their game when it comes to information security, and our staff is being trained quarterly by our Information Security Officer.

Share this blog

Share on facebook
Share on linkedin
Share on twitter
Share on email

About the author

Vladislav Gust
Information Security Officer

Vladislav is our Information Security Officer, he is responsible for delivering a robust security program to achieve product security goals and organizational information security milestones.

Related articles

How to get reliable vessel ETA when the schedule predictability drops to a historic low?

How to get reliable vessel ETA when the schedule predictability drops to a historic low?

Container shipping demand is expected to grow in the fourth quarter of 2021, thanks to China’s October Golden Week, and Christmas. And high demand in…
The clear benefits of transparent exchange of information

The clear benefits of transparent exchange of information

There are multiple ways to optimize shipping and make it more sustainable. One worthy approach is by investing in new fuel alternatives. Although the technological…
Just-in-Time Arrivals: Cutting Emissions Today

Just-in-Time Arrivals: Cutting Emissions Today

While other solutions do show promise in the longer term, just-in-time arrivals can rapidly reduce bunker fuel consumption and greenhouse gas emissions, writes PortXchange Director…
Digitalización del comercio exterior y el negocio naviero en Perú

Digitalización del comercio exterior y el negocio naviero en Perú

La pandemia nos hizo ver que la digitalización de nuestros procesos pasaría de  “es algo que me gustaría tener” a “tengo que tenerlo” o “me…