This post is also available in: heעברית (Hebrew)

By Or Shalom, security and cyber expert and adviser

Marine ports have strategic importance as critical infrastructure. The ports are vital to the economy, the creation of citizens’ income and occupation, external commerce between ports, civilian and military transportation of passengers, etc. As such, the ports constitute interest and target for attack by various players. These vary from terrorist groups looking for sabotage capabilities, through states interested in the capability to stop such vital installations from work to criminals trying to steal or change customs and goods registration.

The security task has become more and more complex due to the physical, technological, and the available operation methods of widespread deployment at the cyberspace, focusing on the resupply chain. If materialized, these threats could have an impact on the functioning of the naval port from the point of view of closure, insurance costs for future anchoring vessels and damage to incomes and economy. 

Responding to the challenge of port security is costly. It becomes even more complex when the whole defense envelope should stay in the background without causing any harm to operations, delaying deliveries and transportation processes. So security circles integrated into advanced technologies should be planned, alongside special regulations, methods, and work processes. 

The physical, technological and cyber dimensions must be fully synchronized for the preparation of a plan dealing with port security threats. The adversary’s way of thinking in searching for possible modes of action focuses on the detection of horizontal gaps in the weak links over the activity axis and opportunities over the resupply chain axis (on the physical and logical dimension). According to this method, if the security and physical defense level of a port are high the adversary will consider technological modes of action, e.g. the use of drones, or basing on cyber attacks, or vice versa.

Also, defense systems and the low voltage upon which security is based are computerized, and therefore vulnerable to cyber attacks.

At the close-range physical threats, the assailant will choose to perpetrate a physical noisy or stealth penetration. His mode of operation alternatives are multiple, as he can access from sea, air or ground. From underwater commando from the sea or the use of floating explosive devices, through ground infiltration to the use of drones. Tight defense planning, the use of HLS systems (e.g. radars, sonars, as well as cameras, detectors, etc.) are required, alongside the implementation of physical security such as electronic fences from the ground and naval perspectives. The integration of such systems requires the suitable calibration vis a vis possible mode of operation alternatives in order to detect the adversary and get a 360 situational awareness. Also, suitable security technologies should be integrated and screening at the ground level port entrances and exits should be intensified, focusing on the detection of explosives, anti-explosive screening processes, the detection of hidden explosives, etc. 

Systems for the effective and rapid inspection and release of trucks and vehicles are also required (e.g. and under-vehicle explosive charge inspection by dedicated technological screeners).

Alongside the daily routine threats, preparations for defense against kinetic threats should also be applied. Adversaries that face difficulties might choose this channel of action. A classical example for a kinetic attack preferred by the assailant is last year’s incident against Aramco’s oil installations, including the use of armed UAVs that caused heavy damages, including humiliation and harmed reputation. Especially as the Saudis found it hard to identify the dispatchers. Such operation required early organization based on intelligence capabilities and the use of navigation technologies, coupled with the ability to cause devastating damage. This capability demonstrates the need for physical defense against missiles and the integration of counterintelligence processes and controls (regarding the exact location of containers, hangars, hazardous materials storage, etc.).

The tactical drone arena also requires advanced anti-drone solutions. The integration of blocking or jamming technologies against drones may sometimes be complex due to the environment conditions (urban), security restrictions, human resource capabilities, etc, so it is imperative to also add drone operators detection capabilities in the short-range environment.

A research in this field, published by the Information Systems Dept. at the Ben-Gurion University of the Negev has proved the capability of detecting the operators, yet even here there are many challenges and restrictions, due to the massive quantity of signals – WiFi, Bluetooth and IoT, frequency hopping, data collection angel, etc.

The port’s network and computer assets cybersecurity is highly complex, due to the use of IT networks and internet connectivity, in addition to the use of OT compute systems that are usually isolated from other environments. This need is caused by constraints regarding global connectivity between ports, vessels, transportation companies, customs, etc.) An attack on the port’s computer systems might harm human lives, bring about the filtration or theft of sensitive information, operational damage, cargo and transport delays, advancement of illegal commerce, financial theft and fraud, damage to reputation and competitiveness, etc. Therefore, it is imperative to secure these networks in order to deploy horizontal technologies that provide a response to threats without delaying operational processes. 

It is also important to ruggedize computing systems and core processes by encryption, authentication, and user and asset management, monitoring and blocking attack signs, resource allocations for firewall technologies and adequate rules (supported by cyber intelligence, management and control of transportation and direction, mitigation of risks to time clocks synchronization and the consequences on servers and computers, designing a policy for wireless network security and operating systems ruggedization. In addition, resources should be allocated to ensuring rapid disaster recovery capabilities and survivability.


Ben Gurion University


Or Shalom – Security and cyber expert and adviser to government entities and defense industries. He holds a master’s degree, as well as civil and national qualifications in the realm of information security and cyber. He has experience in developing cyber risk mitigation plans for companies and organizations, as well as experience with business development in the cyber fields. Mr. Shalom has led various professional cyber programs to various entities in academia and the civilian and security industries.