CYBERSECURITY
turning point has come when IT and operations begin to collaborate instead of working in silos. Security is strong- est when it’s shared. Often, this means rethinking long- standing practices: limiting persistent remote access for vendors, setting clear credential policies, or building joint response plans that combine technical and operational expertise. These are small but meaningful changes that strengthen both safety and trust. When teams understand that cybersecurity supports uptime, not bureaucracy, the conversation shifts from compliance to continuity. “Security is strongest when it feels shared.” The speed of recovery Preparedness determines perform- ance. During the federal Cyber- Physical Exercise Pilot Initiative, which included participation from ports, municipalities, and private-sector partners, it became clear that clarity of roles can turn chaos into coordina- tion. Organizations that practiced their procedures recovered faster, not because they had more advanced tools, but because they had built trust and decision-making discipline through repetition. At the Nanaimo Port Authority, we’ve adopted a similar mindset. Regular tabletop exercises bring together leadership, operations, and IT to test response plans and communi- cation flow. The outcome isn’t perfec- tion — it’s awareness. Everyone learns where dependencies exist and what needs to improve before a real event occurs. That shared understanding turns theory into resilience. In a port control room, you can hear the hum of activity — radios, fork- lifts, cranes — all synced by unseen networks. When those networks falter, you realize just how physical digital risk has become.
The IT–OT divide is where vulner- ability often hides and where resilience must be built. In response, Transport Canada and the Canadian Centre for Cyber Security have launched national sensor programs to monitor threats across critical infrastructure, building a foun- dation for real-time insight and collab- oration across sectors. Most people think marine security means fences, gates, and patrols — but the most important defenses today live in code and connectivity. Canada continues to make mean- ingful progress. Through Transport Canada’s Maritime Security Strategic Framework (MSSF) and the Canadian Centre for Cyber Security’s infrastruc- ture initiatives, port authorities receive clearer guidance and more oppor- tunities to share intelligence. The challenge lies in consistent adoption — ensuring each organization invests in collaboration and preparedness before an incident, not after. Canada’s maritime sector is also entering a new era of cybersecurity governance. With Bill C-8 and the forthcoming Critical Cyber Systems Protection Act (CCSPA), federally
“When systems slow unexpectedly, it isn’t dramatic — it’s quiet urgency. Operators glance at screens, phones buzz, and leaders ask, ‘Is it local or system-wide?’ In those minutes, clarity matters more than control. Teams that have rehearsed know who calls whom and what to shut down first. That calm only comes from preparation.” “Recovery is a rhythm, not a re- action.” Lessons from the field The global picture reinforces what we’ve experienced locally. • Port of Nagoya, Japan (2023): Two- day terminal shutdown caused by ransomware encrypting operational systems. • DP World Australia (2023): Multi- terminal operations paused, leaving
thousands of containers idle. • Port of Long Beach (2024):
Investing in advanced cybersecurity and drone detection systems to pro- tect operations. These events highlight a common reality: ports are now front-line critical infrastructure. They are essential to national economies and global trade.
October/November 2025 — PACIFIC PORTS — 43
Made with FlippingBook Ebook Creator