> | ">Deutsch
|
|||||
SecProPort |
||||||
To a growing extent, modern seaports
and inland ports are controlled by IT systems. In this context the smooth
exchange of information between port stakeholders is crucial from a business
perspective. Even the briefest system downtimes can give rise to substantial
financial losses. Within the framework of a new project codenamed SecProPort,
which has attracted a subsidy of around 2.8 million euros from the Federal
Ministry of Transport and Digital Infrastructure (BMVI), an industry and
research consortium is developing a security architecture to comprehensively
protect port logistics against cyber attacks. All traffic in the north of
Germany brought to a standstill by an attack on the IT structure of the Bremen
ports – a nightmare scenario, or science fiction? Not at all. A similar
situation actually occurred in summer 2017 after a cyber attack on IT systems
belonging to one of the world’s largest shipping lines. The economic
consequences were significant. One reason for the far-reaching impact of such
incidents lies in the interconnections that exist in a complex alliance of port
communication systems. All the actors that play a role in port transport – such
as terminal operators, shippers, forwarders, port IT and railway operators, and
port and customs authorities – depend on their own IT systems, which have
developed over time. If an attacker successfully intervenes in this alliance –
either by hacking a port actor’s IT system or gaining unauthorized access from
the inside – he can feed manipulated messages into the system and, for example,
corrupt container information, steal confidential data, or block customs
clearances. In the worst case, such action can trigger a complete shutdown of
all port operations, including the associated transport infrastructure. Project aiming to provide
comprehensive IT security architecture for port communication alliance Despite the substantial security
risks, a comprehensive security architecture capable of protecting the entire
port communication alliance against such attacks is thus far lacking. This
deficit provides the touch point for the collaborative SecProPort project that
was launched on November 1, 2018. It is being sponsored for a three-year term
by the Federal Ministry of Transport and Digital Infrastructure (BMVI), within
the framework of a funding program entitled Innovative Port Technologies
(IHATEC). Its aim is to develop a general and comprehensive IT security
architecture for the communication network that operates within port
facilities. The innovative architecture is to support the diverse security
requirements of the operating procedures that take place in the network,
protect them against sabotage, and prevent third parties from illicitly
gathering sensitive data. The architecture is also to provide resilience
measures for minimizing the impact on other actors in the alliance in case of
an incident, and returning the affected network to normal operation in a
controlled manner. Eight consortium partners pooling
expertise in port operations and IT security The desired architecture is to be
implemented by first analyzing typical attack scenarios targeted at the data
processed in the port communication alliance. The next step entails designing
the actual security architecture for the alliance and installing a prototype in
collaboration with the application partners. From a broader perspective, the
project is adopting a preventive approach. Security aspects are high on the
agenda from the outset of the development process, with a view to preventing
significant losses in case of a later incident. Success in this respect is to
be ensured by the pooling of expertise by eight project partners. Under the
coordination of dbh Logistics IT AG, the actors belong to the port sector – BLG
LOGISTICS GROUP AG & Co. KG, Duisburger Hafen AG and Hapag-Lloyd AG;
research institutions – DFKI GmbH, the Institute of Shipping Economics and
Logistics (ISL), and Bremen University; and, in one case, the IT security
service segment – datenschutz cert GmbH. Period: 01/11/2018 -31/10/2021 Funding Body: BMVI |
||||||
Author: |
||||||
|