A major cybersecurity incident occurred at the port on November 2. Fortunately, it was a drill designed to train managers how to respond when a cyberattack cripples critical computer systems.
The Port of Rotterdam is arming itself against criminals who encrypt files and demand massive payments to undo the encryption, cyberterrorists who may target the port, foreign competitors on the prowl for trade secrets and hackers who attack the system just for kicks.
Cyberattacks occur on a daily basis. The Port of Rotterdam Authority’s senior executives regularly receive phishing emails that appear to be genuine. Clearly, the senders of such email messages have carefully studied the organisation’s operations and chain of command. In one case, for example, a senior executive received an email message that appeared to be from a fellow board member. He was asked to transfer money to a bank account. “I’ll explain why later,” the message stated. Phishing or scam email messages are also sent to the other 1,200 employees of the Port of Rotterdam Authority on a daily basis. Over 95% of these messages are blocked.
Security and awareness
Because of the high number of threats, six ICT specialists focus on cybersecurity every day at the Port of Rotterdam Authority. A programme aimed at increasing resilience against cyberattacks was launched in the middle of 2016. Harbour Master René de Vries, who was already responsible for physical security in the port, is now also the port’s Port Cyber Resilience Officer. The harbour master’s duties include raising security awareness. The Port of Rotterdam Authority, the municipality, Deltalinqs (employers’ association of port companies and industry) and the police are working together to do so. In this context, Deltalinqs held a conference in De Kuip stadium on November 30, 2016. The purpose of this conference was to make members of the business community aware of the importance of cybersecurity. The subjects discussed included cybercrime, drug trafficking, human trafficking, hacktivism and terrorism.
Marijn van Schoote, cybersecurity expert at the Port of Rotterdam Authority, stresses the importance of cooperation. Since less time and money is available at SMEs to deal with complex security issues, the Port of Rotterdam Authority’s experts specifically try to reach smaller businesses. ‘Those businesses are also connected to crucial networks that keep the port going, and a chain is only as strong as its weakest link.’ Easily accessible electronic teaching programmes have been developed for these businesses. Tools that enable businesses to identify weaknesses in their systems are also available.