THE International Association of Ports and Harbors (IAPH) has announced the launch of the IAPH Cybersecurity Guidelines for Ports and Port Facilities.

Written by foremost experts from IAPH member port authorities and associate member cybersecurity specialists as well as contributors from the World Bank, the 84-page document is the culmination of four months of intense work.

The IAPH said ports and port facility stakeholders from around the world are reporting measurable increases in cyber-threat activities, particularly since the outbreak of the COVID-19 pandemic.

“Between February and May of 2020 alone, the maritime industry overall suffered a fourfold increase in cyber-attacks and those attacks against OT systems specifically increased by 900% since 2017.

“The risk of a cyber-attack has become the top risk for port authorities and the wider port community,” the IAPH said.

The IAPH cybersecurity guidelines are developed to support the global port and port facility community in a manner consistent with IMO’s Guidelines on Maritime Cyber Risk Management (MSCFAL.1/Circ.3, 5 July 2017). It is intended for use by c-suite executives to recognise the importance of managing cyber risk and to instill an understanding that it is a responsibility that starts at the top of their organisation, despite the digital divide among the ports, worldwide.

The guidelines are mainly focused on developing the business case for the executive committee to determine “how much enough is enough?” as reasonable level of investment in cyber risk management and to gain insights into how a cyber event could impact a port or port facility’s ability to function.


The guidelines also address the need for executives to develop a cyber risk management strategy and plan to achieve and sustain a defense-in-depth posture, provide key insights into the 21st century cyber threat landscape, and include insights into the impacts of cyber-attacks against integrated port systems.

Insights are provided for executives in how to assess risk and vulnerabilities in their port operations and how to adopt a holistic approach that will enable them to organise and manage their cybersecurity program by implementing customised cybersecurity protection, detection, and mitigation measures.

Finally, the guidelines provide the designated cybersecurity lead with practical assistance in developing their port and port facility security assessment and plans.

The guidelines have been submitted to both the IMO Facilitation and Maritime Safety Committees for consideration and this first version will now be disseminated throughout the industry, with IAPH fully anticipating the guidelines to become an active, living document with regular updates and editions from the 22-strong editorial team.