b'16 Member News July 2020Knowledge sharingIET Standards helping the Departmentfor Transport (DfT) manage cyber security threats at UK portsThe problem Our process What was the outcome?We work collaboratively with our clientsThe initial Code of Practice was published A number of incidents atto identify their requirements, appoint ain July 2016 and has proved to be an ports across Europe havetechnical committee containing industryimportant briefing document for port significantly raised the profileexperts and stakeholders, and draftsecurity personnel. To keep the guidance of cyber security in this area.actionable, practical guidance. To ensureup to date with ever evolving security the result is robust, and fully meetsthreats, it was revised in 2019 to the Good The risks associated with thethe expectations of our clients and thePractice Guide: Cyber Security for Ports complex systems used bywider industry, we release a draft forand Port Systems. The Guide is of real value port owners and operatorspublic comment towards the end of theto all those responsible for security and need careful management. process. This provides valuable feedbackbusiness continuity in ports and can be from industry stakeholders, which isused as an integral part of an organisations The DfT and Defence, Sciencecarefully reviewed and consideredoverall risk management system.and Technology Laboratory (Dstl)before the final document is published. Jim Spooner, Head of Maritime Resilience contacted us to commission guidanceat the Department for Transport, was very to help those responsible for portsFor this guidance, the requirementspleased with the outcome:around the country manage the threatincluded creating a document to help from cyber-attacks. Having previouslyport owners, operators and security worked with us on similar cyberstaff to: It has enabled ports to stay security guidance for ships, DfT anddevelop a cyber securityDstl were confident that we couldassessment and plan, abreast of cyber security meet their requirements to a highdevise the most appropriateguidance thereby decreasing standard and to their timeline. mitigation measures, the likelihood of an unfortunatehave the correct structures, roles,event impacting on the port. This responsibilities and processes inimproves overall UK resilienceplace, andhandle security breaches and incidents. in the maritime sector.The document also needed to highlight the key national and international standardsWorking with IET Standardsand regulations to be reviewed and followed by anyone using the guidance. Our reach into the engineering industry, We involved stakeholders throughout theexpert members and contacts in specialist process from DfT, Dstl, the National Cyberareas, and experience publishing practical Security Centre, specialist cyber securityguidance makes us the natural choice consultants and security personnelfor creating engineering standards. Our from several major ports. The draftingrobust development and consultation panel, which includes our members Hughprocesses provide peace of mind to Boyes CEng FIET and Roy Isbell IEngour clients that the documents they FIET, also visited ports to gain a bettercommission will be of a high quality and understanding of the systems used andmeet their bespoke requirements.the risks encountered. From there, draftsJim concluded that he would happily work were produced, and a public consultationwith IET Standards again in the future: IET conducted before the finished documenthas a professional approach and valuable was published. expertise across the board.Good Practice Guide: Cyber Security for Ports and Port SystemsFind out more about our Standards and how you can get involved at:theiet.org/standards-involved-mn'