A major cybersecurity incident occurred at the port on 2 November 2016. Fortunately, it was a drill designed to train managers how to respond when a cyberattack cripples critical computer systems. Mayor Aboutaleb participated as well. The Port of Rotterdam is arming itself against criminals who encrypt files and demand massive payments to undo the encryption, cyberterrorists who may target the port, foreign competitors on the prowl for trade secrets and hackers who attack the system just for kicks. Cyberattacks occur on a daily basis. The Port of Rotterdam Authority’s senior executives regularly receive phishing emails that appear to be genuine. Clearly, the senders of such email messages have carefully studied the organisation’s operations and chain of command. In one case, for example, a senior executive received an email message that appeared to be from a fellow board member. He was asked to transfer money to a bank account. ‘I’ll explain why later,’ the message stated. Phishing or scam email messages are also sent to the other 1,200 employees of the Port of Rotterdam Authority on a daily basis. Over 95 percent of these messages are blocked.
Security and awareness
Because of the high number of threats, six ICT specialists focus on cybersecurity every day at the Port of Rotterdam Authority. A programme aimed at increasing resilience against cyberattacks was launched in the middle of 2016. Harbour Master René de Vries, who was already responsible for physical security in the port, is now also the port’s Port Cyber Resilience Officer. The harbour master’s duties include raising security awareness. The Port of Rotterdam Authority, the municipality, Deltalinqs (employers’ association of port companies and industry) and the police are working together to do so. In this context, Deltalinqs held a conference in De Kuip stadium on 30 November 2016. The purpose of this conference was to make members of the business community aware of the importance of cybersecurity. The subjects discussed included cybercrime, drug trafficking, human trafficking, hacktivism and terrorism.
Marijn van Schoote, cybersecurity expert at the Port of Rotterdam Authority, stresses the importance of cooperation. Since less time and money is available at SMEs to deal with complex security issues, the Port of Rotterdam Authority’s experts specifically try to reach smaller businesses. ‘Those businesses are also connected to crucial networks that keep the port going, and a chain is only as strong as its weakest link.’ Easily accessible electronic teaching programmes have been developed for these businesses. Tools that enable businesses to identify weaknesses in their systems are also available.
While cyberattacks rarely make the news, the following incidents did:
- In the night of 13 to 14 December 2011, business transactions in the Port of Rotterdam came to a halt. The computer system of the Tax and Customs Administration used for reporting import and export goods was down. Ships and trucks were unable to set out.
- In 2013, criminals successfully hacked the operating system of a large container terminal in the Port of Antwerp. Their aim was to divert containers that were used to transport drugs.
As Port Cyber Resilience Officer, Harbour Master René de Vries works to ensure that everyone in and around the port pays attention to cybersecurity. See the film in which Harbour Master René de Vries explains cyber resilience (dutch only).