Cyber security is a must in digitizing businesses
Cyber security is a must in digitizing businesses
Article

To be the trailblazer in digitalization, we must also master cybersecurity

New technologies and software offer better predictability and foresight, which in turn help businesses minimize interruptions and increase efficiency. However, they also bring new cybersecurity risks. This article discusses the overarching technology change in our industry, the opportunities of latest trends, and how we can manage the cyber risks they may bring.

Vice President of Technology at Konecranes Port Solutions Hannu Oja
"As ports become more and more connected and digitalized, ensuring secure connections and data transfer is crucial," says Hannu Oja.

In 2017, some of the world’s largest shipping and logistics companies were hit with a ransomware attack, which affected thousands of companies, employees, and consumers globally. Its costs were measured in hundreds of millions of dollars.

The NotPetya attack was the result of unpatched systems, which had a known vulnerability. Cyberattacks have only increased since. In 2020, attacks on maritime transport increased by 400%1. Still, cyber risks should not stop companies from enjoying the benefits of new software and technologies.

“Instead, organizations can build their cyber resilience by understanding the change happening in their field of business right now by knowing the common threats and managing cybersecurity risks in day-to-day operations,” says Hannu Oja, Vice President of Technology at Konecranes Port Solutions.

With new opportunities come new cybersecurity challenges

Over the past decade, the technology focus at ports has shifted from electricity and machinery toward software and data. Where we used to fix real-life faults, we now update software. Automation, image-recognizing camera-technologies, and data management bring a wealth of opportunities.

Improved monitoring and more detailed data help businesses minimize unplanned equipment downtime and optimize systems to the smallest detail. Our TRUCONNECT service is an excellent example. With it, clients can collect and analyze data about machine fuel-consumption or maintenance needs, for example. A variety of other equipment-related and operational data can also be collected and analyzed to improve performance and reduce maintenance needs.

But new opportunities also bring new risks. Phishing, malware, and ransomware attacks are among the most common attack vectors across industries. Physical devices at ports, like cameras and sensors, can also be vulnerable to attacks2. Third party related risks are characteristic to the maritime industry. There are several stakeholders involved and tens of different types of documents transferred every time a foreign ship docks to port. As ports become more and more connected and digitalized, ensuring secure connections and data transfer is crucial.

Konecranes helps businesses make the most of new technologies

Chief Information Security Officer Pasi Vilja
"Cybersecurity and related requirements are built into our development process instead of being a separate function," Pasi Vilja points out.

To answer the evolving threats, Konecranes has adopted a holistic security philosophy. It combines traditional physical security with cybersecurity.

“In our field, physical and digital security are intertwined: The physical equipment and the software on it need to be equally secure,” explains Chief Information Security Officer Pasi Vilja, who has been at the helm of Konecranes’ security for almost a decade. He believes the best security philosophy is built on high visibility. ”Without good visibility, you risk building just the illusion of good security which can at worst lead to catastrophes like the NotPetya attack.”

Konecranes’ product development is a good example of how this holistic security approach affects both hands-on work and company decision-making: Cybersecurity and related requirements are built into the development process instead of being a separate function. Product development teams are responsible for seeing that security requirements are met, for instance. Some are even equipped to make risk assessments independently.

“Our information security team is always available to support them, if necessary,” Vilja explains. “Our team also oversees that product and component security requirements are met, gathers data, and reports findings to management.” According to him, these findings then guide long-term security leadership – and help build better visibility and security for Konecranes and its customers.

Konecranes’ software development teams also follow Secure Software Development practices, which integrate security activities into software development processes. The teams assess risks, review code, do security testing and more to ensure all Konecranes software is secure from start to delivery.

Increasing customer awareness poses a welcome challenge

As ports and production facilities become more digitalized, awareness about cybersecurity increases. Global corporations are especially knowledgeable about digital threats, and most have dedicated resources for managing them.

“Rising knowledge levels have also brought a welcome challenge for us: We receive an increasing number of requests from customers regarding security,” Oja notes.

Certifications are an excellent way to answer those requests. The ISO/IEC 27001 is an international information security standard, which provides a framework and guidelines for establishing, implementing, and managing an information security management system (ISMS).

Konecranes’ security management system is based on the best practices outlined in the ISO27001 standard, and our digital services for customers hold the ISO/IEC 27001:2013 certification. In early 2023, the Port Solutions software development unit was granted the ISO 27001 certification. Apart from building trust, certifications also improve everyday practices, such as documentation. All risks, solutions, and outcomes are tracked and documented for future reference. 

Cybersecurity is also a key part of Konecranes’ own operations. We have an ongoing cybersecurity awareness program to build our own cyber resilience, for example. We work with world’s leading cybersecurity companies to ensure our systems are secure. Our defenses are tested with simulated attacks and we perform management crisis simulation exercises, to name some examples. This way, we can be a trustworthy partner and help our clients get the best from latest technology and software – in the most secure way possible.

“We want to be a trailblazer in digitalization, and that means we must be excellent in cybersecurity,” summarizes Vilja.

 

Sources:

  1. Maritime Executive, Report: Maritime Cyberattacks Up by 400 Percent, 2020
  2. Enisa, Risk Management in Ports
    TBA, Technologies that bring value to ports and terminals, 2019
Resource type: