Maritime cybersecurity & Data sharing: staying agile while keeping data secure

DataDigitalization
04-11-2021

Digitalizing the maritime industry is an ambitious goal, and while we are busy bringing innovative products to help our clients and partners achieve it, it is just as important to look into the process.

In this article, we would like to share some insights on one very important but often neglected topic, cybersecurity. 

What makes cybersecurity increasingly important in the maritime industry?

One core problem with the maritime industry was always the fact that it is slow to change, and when we speak of digitalizing the industry, we almost forget about the fact that information security comes hand in hand with digitalization. 

More often than not, when we speak of digitalization, information security is left behind and comes as a separate requirement long after the implementation of a new system. And that is one of the key problems. 

With the industry finally kicking into first gear to implement modern solutions in the forms of SaaS applications, smart IoT devices, and prediction systems to make daily operations more efficient, it is more important than ever to make sure good information security practices are in place and streamlined with the digitalization and implementation processes. 

What are the risks that the maritime industry might encounter while sharing data?

Speaking from experience at PortXchange, it is still challenging to convince a partner to share their data with us, and we urge the entire industry to be more open-minded about sharing their data, from a small agent to a major port authority. 

With that said, the underlying concerns of data sharing should not be easily dismissed, what happens to the data once shared, how is it stored, and what are the measures taken to protect it? 

As an example, In September, the French shipping giant CMA CGM informed the public about a major data breach, and a year prior to that CMA CGM was hit with a ransomware attack.

While such breaches and attacks are certainly not unique to the shipping industry, we do believe that the industry is more susceptible to them, as it tends to be slower to implement changes, and even slower to implement security measures.

Lack of asset visibility, perimeter security, and weak security practices while developing data-sharing solutions such as APIs, are all recurring themes in these breaches. 

How to minimize security risks without hindering collaboration and data sharing?

The last thing a company in the maritime industry wants is to lengthen the already excruciating long processes it has. When we think of information security we often imagine robust policies and procedures to be put in place, and while that can absolutely improve the maturity of the organization, it can also greatly hinder agility and flexibility of operation if followed strictly, often bringing minuscule security benefits to the actual security posture of the organization. 

An alternative is to think proactively about security, it can greatly reduce risks while remaining agile and swift to implement new technologies or developing new data-sharing platforms, APIs, and systems

It is crucial to make sure that the endpoints that expose data are cataloged, and have restricted access only to the relevant parties using modern means of authentication and authorization. This should be easily manageable and not as time-consuming as it sounds, with identity providers such Auth0 and built-in security controls of cloud giants such as AWS and Azure being a click away.

How PortXchange ensures secure information exchange?

Since we know all about the struggle of bringing our partners to share their data with us, we have developed an in-house data authorization system to ensure the confidentiality and overall security of what is being shared. 

In practical terms, this means that we have tight control over who has access and visibility to any piece of information displayed in products. 

To make sure this system actually works, we have undergone an extensive security audit by an external independent information security consultancy. We plan to repeat these audits twice a year. 

But data security does not end at the front-end of the application, on top of existing controls and security frameworks we put in place, we make sure our developers are on top of their game when it comes to information security, and our staff is being trained quarterly by our Information Security Officer.

Share this blog

About the author

Vladislav-Gust
Vladislav Gust
Information Security Officer

Vladislav is our Information Security Officer, he is responsible for delivering a robust security program to achieve product security goals and organizational information security milestones.

Join our newsletter

Discover how digital solutions can make a difference in the maritime industry

Related articles

AI Revolutionizes the Maritime Industry: Navigating the Future with Data and Technology

AI Revolutionizes the Maritime Industry: Navigating the Future with Data and Technology

The maritime industry has embarked on a journey of transformation, driven by the power of artificial intelligence (AI) and data analytics. This revolution is reshaping…
Optimizing Maritime Logistics: The Promise of Just-in-Time Port Arrivals

Optimizing Maritime Logistics: The Promise of Just-in-Time Port Arrivals

Introduction The shipping industry has seen significant growth in the last 50 years, now responsible for 80-90% of global cargo transport. However, it faces challenges…
Shaping a Sustainable Future: Key Milestones Achieved at MEPC 80 for Reducing Shipping Emissions

Shaping a Sustainable Future: Key Milestones Achieved at MEPC 80 for Reducing Shipping Emissions

The IMO has released its 2023 IMO Strategy on Reduction of GHG Emissions from ships building upon its ongoing efforts to address emissions from international…
Improving CII score through Just-in-Time Arrivals

Improving CII score through Just-in-Time Arrivals

According to a recent study, energy efficiency measures are a dormant potential for the shipping industry. The reason for this latent potential is due to…