Maritime cybersecurity & Data sharing: staying agile while keeping data secure

DataDigitalization
04-11-2021

Digitalizing the maritime industry is an ambitious goal, and while we are busy bringing innovative products to help our clients and partners achieve it, it is just as important to look into the process.

In this article, we would like to share some insights on one very important but often neglected topic, cybersecurity. 

What makes cybersecurity increasingly important in the maritime industry?

One core problem with the maritime industry was always the fact that it is slow to change, and when we speak of digitalizing the industry, we almost forget about the fact that information security comes hand in hand with digitalization. 

More often than not, when we speak of digitalization, information security is left behind and comes as a separate requirement long after the implementation of a new system. And that is one of the key problems. 

With the industry finally kicking into first gear to implement modern solutions in the forms of SaaS applications, smart IoT devices, and prediction systems to make daily operations more efficient, it is more important than ever to make sure good information security practices are in place and streamlined with the digitalization and implementation processes. 

What are the risks that the maritime industry might encounter while sharing data?

Speaking from experience at PortXchange, it is still challenging to convince a partner to share their data with us, and we urge the entire industry to be more open-minded about sharing their data, from a small agent to a major port authority. 

With that said, the underlying concerns of data sharing should not be easily dismissed, what happens to the data once shared, how is it stored, and what are the measures taken to protect it? 

As an example, In September, the French shipping giant CMA CGM informed the public about a major data breach, and a year prior to that CMA CGM was hit with a ransomware attack.

While such breaches and attacks are certainly not unique to the shipping industry, we do believe that the industry is more susceptible to them, as it tends to be slower to implement changes, and even slower to implement security measures.

Lack of asset visibility, perimeter security, and weak security practices while developing data-sharing solutions such as APIs, are all recurring themes in these breaches. 

How to minimize security risks without hindering collaboration and data sharing?

The last thing a company in the maritime industry wants is to lengthen the already excruciating long processes it has. When we think of information security we often imagine robust policies and procedures to be put in place, and while that can absolutely improve the maturity of the organization, it can also greatly hinder agility and flexibility of operation if followed strictly, often bringing minuscule security benefits to the actual security posture of the organization. 

An alternative is to think proactively about security, it can greatly reduce risks while remaining agile and swift to implement new technologies or developing new data-sharing platforms, APIs, and systems

It is crucial to make sure that the endpoints that expose data are cataloged, and have restricted access only to the relevant parties using modern means of authentication and authorization. This should be easily manageable and not as time-consuming as it sounds, with identity providers such Auth0 and built-in security controls of cloud giants such as AWS and Azure being a click away.

How PortXchange ensures secure information exchange?

Since we know all about the struggle of bringing our partners to share their data with us, we have developed an in-house data authorization system to ensure the confidentiality and overall security of what is being shared. 

In practical terms, this means that we have tight control over who has access and visibility to any piece of information displayed in products. 

To make sure this system actually works, we have undergone an extensive security audit by an external independent information security consultancy. We plan to repeat these audits twice a year. 

But data security does not end at the front-end of the application, on top of existing controls and security frameworks we put in place, we make sure our developers are on top of their game when it comes to information security, and our staff is being trained quarterly by our Information Security Officer.

Share this blog

Share on facebook
Share on linkedin
Share on twitter
Share on email

About the author

Vladislav-Gust
Vladislav Gust
Information Security Officer

Vladislav is our Information Security Officer, he is responsible for delivering a robust security program to achieve product security goals and organizational information security milestones.

Join our newsletter

Discover how digital solutions can make a difference in the maritime industry

Related articles

Why pilot movement information is vital for port call optimization

Why pilot movement information is vital for port call optimization

er you are a ship operator planning an upcoming port call, a terminal operator planning the berth scheduling, or port agent arranging cargo and husbandry…
How to counter supply chain disruptions

How to counter supply chain disruptions

Ports globally, despite being severely affected by constant changes, need to be resilient in being able to cope up with a multitude of supply chain…
How can data sharing solutions help Port authorities in reducing idle time?

How can data sharing solutions help Port authorities in reducing idle time?

Maritime transport remains the main gateway to the global marketplace. Resourceful and well-connected ports are essential for reducing transportation costs, connecting supply chains, and supporting…
How to get accurate vessel ETA when the schedule predictability drops to a historic low?

How to get accurate vessel ETA when the schedule predictability drops to a historic low?

Container shipping demand is expected to grow in the fourth quarter of 2021, thanks to China’s October Golden Week, and Christmas. And high demand in…