Source: Adapted from IAPH (2021) Cybersecurity Guidelines for Ports and Port Facilities, Version 1.0, International Association of Ports and Harbors, Tokyo.
The concept of cyber resilience relies on four dimensions supporting the integrity of the information system of an organization:
- Access control. The range of strategies controlling and regulating access to a specific information technology network of an organization. The most fundamental relates to how the network is accessed through the use of credentials, mainly user names and passwords. Further, the roles and what information users can access are subject to close management to ensure that privileges are removed if a user leaves the organization or is assigned another function. Stricter conventions are being imposed on the selection of passwords that need to be more complex and include special characters to avoid brute force password attacks. For highly sensitive information or if the user accesses the system from a new (remote) location, two-factor authentication is becoming the norm.
- Data security. The range of strategies used to regulate the integrity of the information stored by an organization. Encrypting data and its transmission has become the norm to avoid breaches. Further, corporate data needs to be classified by level of importance and sensitivity and stored accordingly. Key strategic information should be stored in systems only accessible through internal networks and through highly secure connections. Removable media, such as USB storage drives, but also laptops and portable devices, need to be restricted as they represent security risks if lost or stolen. Additionally, old IT equipment, such as computers (particularly their hard drives), needs to be properly disposed of. A common practice is to wipe or physically destroy any storage device subject to disposal. The software and hardware used to process the data can also be tampered with, implying that their integrity needs to be verified regularly.
- Network security. The range of strategies to protect the integrity of an organizational information technology network. An IT network can be segmented so that the administrative network is separated from the network supporting operations. Network redundancy can improve cyber resilience. Firewalls have become standard, enabling the monitoring of all inbound and outbound traffic between a network and the outside world, including the use of virtual private networks (VPN) for external access. IT systems also require a form of physical protection that can range from locked access for servers and network hubs, but this protection must also include a form of protection from hazards such as floods and power outages. The IT network must be protected from malware attacks, which can be used as a propagation tool within the organization’s IT infrastructure. Further, physical components of the network, such as cables and switch boxes, must be hardened against physical damage.
- Operational security. The range of strategies to ensure that daily IT operations do not contribute to risks. Software upgrades and patches must be monitored to ensure that each network component is up to date with the latest version. IT networks are constantly probed by hackers, implying that the network needs to be constantly monitored for vulnerabilities. Since the finances of organizations can be accessed online, there is a risk that unauthorized transactions can occur, as there are strong incentives for hackers to achieve these results. Furthermore, an organization’s IT must keep pace with changes in the sector’s culture and intelligence. This is how new risks can be identified and mitigated, and lessons can be learned from events taking place elsewhere.