Did you know that maritime cyberattacks increased 400% during the pandemic? Or that cyberattacks on maritime operational technology increased 900% in the last three years?
Numerous port facilities, major shipping lines and supply chain partners have suffered the consequences of cyberattacks in last few years. Furthermore, few weeks ago, fuel shortages were common in Virginia after a cyberattack by a ransomware-as-a-service group crippled a vital link of the fuel supply chain.
Recently, the Ïã¸ÛÁùºÏ²Ê×ÊÁÏ Maritime, Ports and Logistics Institute and the Strome College of Business partnered with The Port of Virginia to facilitate comprehensive virtual maritime cybersecurity training for a group of Port of Virginia employees who are part of the IMPACT Development Program, which capitalizes on professional growth and collaboration. The objective of the training was to deepen the understanding of the role of cybersecurity in port facilities.
Professors Ricardo Ungo and Charlie Kirkpatrick from Strome College led the training, along with Randy Plotkin, information security officer, and Rich Ceci, senior vice president of technology and projects, from The Port of Virginia.
"Cybersecurity is no longer just an issue of the information technology department," said Kirkpatrick, a faculty member in the IT and decision sciences department. "It is an organizational issue spanning from management to field workers."
During the first day, the training covered cybersecurity threats, notable maritime cybersecurity incidents (cases of Maersk, port of Antwerp, etc.) and an overview of the best practices and current cybersecurity frameworks. The second day was a deep dive into the risks associated with port terminal systems, strategic and tactical cybersecurity initiatives at The Port of Virginia and a desktop exercise in which participants organized the response to an external cyber incident.
"As we started the training session, the Ïã¸ÛÁùºÏ²Ê×ÊÁÏ professors asked how much cybersecurity training our typical colleagues have had," Ceci said. "I commented that we do extensive self-paced training and run phishing tests all the time. This, however, was the first in-depth, live session that we have held. There's a portion of our vision statement that says that our agile use of technology will help us set the pace and the standard for our industry. Based on our vision, and on the results and the feedback of this opportunity - we plan to do a lot more. Well done, Ïã¸ÛÁùºÏ²Ê×ÊÁÏ."
Stephen Edwards, CEO and executive director of The Port of Virginia, stressed the importance of the eight hours of training in introductory remarks.
"This is a great example of industry-university partnership," said Ungo, director of Ïã¸ÛÁùºÏ²Ê×ÊÁÏ's Maritime, Ports and Logistics Institute. "One of the best defenses against cyberattacks is to invest in human capital. Awareness and training are vital to prevention and to the organization of the response and recovery."