A handbook by Turku University of Applied Sciences and Fintraffic helps maritime cluster operators to protect themselves against cyber threats

Published by Turku University of Applied Sciences, the book takes the reader to the heart of the maritime cluster’s operations and provides a comprehensive guide to managing information and cyber security in operational technology (OT) environments.

The broad field of the maritime cluster – shipping, shipyards, shipbuilding, port operations, logistics and maritime traffic management – is a critical element of national and international security. This publication, produced jointly by Turku University of Applied Sciences and Fintraffic, offers practical solutions to ensure this security. The handbook can be used both in Finland and internationally.

“The guide describes practical ways and measures to prepare for information and cybersecurity threats in operational technology (OT) environments”, says Pia Satopää, lecturer at Turku University of Applied Sciences, who was one of the authors.

Satopää is a member of the Wireless Communications and Cybersecurity research group at Turku University of Applied Sciences, whose main research areas are autonomous and intelligent systems and cybersecurity. The group is led by Jarkko Paavola, who is also one of the authors of the guide.

Preparing for cybersecurity threats is increasingly important

With digitalisation, information and cyber security has become increasingly important, and the handbook clearly explains how standards and regulations can be applied to OT environments in the maritime cluster. It provides detailed guidance on how to identify, assess and manage risks, through practical examples. The handbook also presents a governance model based on management commitment, covering security policy, access management, physical security and continuity management.

“NIS2 – The European Union’s cybersecurity directive obliges companies of a certain size to get their security right. The task is the responsibility of senior management and descends from there,” says Olli Soininen, Programme Manager at Fintraffic, one of the authors.

“The management models presented in the guide are applicable to all environments – they work in ports, ships and office environments alike. The key is to translate the management model into practical measures that everyone can apply in their own work. Examples are essential to understand the meaning and practical implications of the model. This approach ensures that everyone involved knows how the governance model will be seen and implemented in their specific work,” Soininen continues.

The publication is part of the CSG (Cybersecurity governance of operational technology in sector connected smart energy networks) project, coordinated by the University of Jyväskylä, which aims to increase the efficiency and capability of cybersecurity governance of smart energy networks and other operational technologies. At Turku University of Applied Sciences, the remote-controlled boat and its remote control centre at Turku University of Applied Sciences are the object of research and the basis for governance models in the OT environment.

Further information