The Department for Transport and the Maritime and Coastguard Agency has today, 16 August 2016, released a new Cyber Security Code of Practice for Port and Port Systems.
The Code of Practice should be used by those with responsibility for protecting the port/port facility and ships (when docked or berthed), persons, cargo, cargo transport units and ship's stores within the port from the risks of a security incident. It will also be of interest and relevance to those individuals involved in:
- the financial and operational management of the port/port facility;
- contractual arrangements with third parties;
- determining policies relating to acceptable staff behaviour;
- the specification, design, construction and maintenance of ports;
- the specification, design, development, integration, commissioning, operation and maintenance of port systems, including associated software and technologies; and
- management of specific security tasks, including incident response and the handling of security breaches.
The code is intended for use as an integral part of an organisation’s overall risk management system and subsequent business planning. It considers the cyber security requirement at both ports and port facilities and advocates a coherent, port-wide based approach. It is intended to complement the port security standards and their respective requirements by providing additional guidance on the cyber-related aspects.
The 62 page code should be read and used by appropriate personnel within all relevant organisations. It provides specific advice on areas of:
- Developing a cyber security assessment and plan for important assets, processes and potential vulnerabilities
- Devising the most appropriate mitigation measures
- Having the correct governance structures, roles, responsibilities and processes
- Handling security breaches and incidents
- Highlighting national and international standards used and the relationship to existing regulation.
The full document: 'Code of Practice: Cyber Security for Ports and Port Systems' can be accessed here.