Code of Practice - Cyber Security of Ports and Port Systems
This Code of Practice considers the cyber security requirement at both ports and port facilities, advocating a coherent, port-wide based approach. It is intended to complement the port security standards and their respective requirements by providing additional guidance on the cyber-related aspects of the security measures set out. It therefore makes extensive reference to, and assumes knowledge of, the definitions and concepts contained within those regulations. This Code of Practice uses principles rather than national legislation or specific standards to help promote good practice. However, the specific cyber security measures implemented should depend upon the profile of the port and its facilities, its use and the nature of the cargos handled. The rapid evolution in the use of, and reliance upon, information and communication technologies, as well as the advances in automation and the potential for integration of multiple electronic systems supporting management functions and business applications, increases the importance of addressing inherent vulnerabilities. It is therefore vital that port operators understand and implement appropriate and proportionate measures to address the resilience and cyber security issues that arise. Only by doing so can they fully meet their responsibilities for the secure operation of their facilities. While this Code of Practice is concerned solely with the cyber security of ports and port systems, it recognises that, with a large proportion of security breaches caused by people and poor processes, it is essential that personnel, process and physical aspects directly related to these technological systems are also considered and appropriate measures put in place. Recommendations relating to those aspects are therefore detailed throughout this Code of Practice where relevant. With the exception of any ship-to-shore interface, it is not the purpose of this Code of Practice to consider the cyber security of the ships to which the ISPS Code applies.