The European Network and Information Security Agency (ENISA) said it has published its first report ever on maritime cyber security challenges and threats.
The report covers key insights, existing initiatives, precautions and recommendations, and a baseline for cyber security.
ENISA said all sectors that deploy information and communication technologies (ICT) are vulnerable to threats. The body noted there have been recent, deliberate disruptions to automation systems and critical infrastructure and such attacks on ICT can have “disastrous consequences for the EU Member States’ governments and social wellbeing.”
ICT is a more general term for information technology (IT), but also includes more traditional communication systems like telephone and fax lines as well as industry deployments like storage systems and audio-visual systems. As more data is transmitted on a single cabling or link system — such as A/V networks, telephone lines and Internet connectivity coming from a single cable or provider in a warehouse or office — threats to ICT grow.
Key findings from the report include:
- “Maritime cyber security awareness is currently low, to non-existent.” ENISA recommends member states undertake immediate awareness campaigns and offer training.
- The complexity of ICT makes security a problem and the industry needs to work to develop a series of best practices that work across standard, existing ICT systems.
- Current maritime regulations only cover physical aspects of security and safety, so governments need to add cyber security to these regulations and policies.
- ENISA recommends a “holistic, risk-based approach; assessment of maritime specific cyber risks, as well as identification of all critical assets within this sector.”
- Fragmentation of maritime governance is a hindrance to this security and needs to be addressed within the European Union and with bodies like the International Maritime Organization.
- To enhance security and protections, companies and governments need to be better at sharing statistics and practices dealing with cyber security protections and risks.
ENISA said 90 percent of the EU’s external trade and more than 40 percent of its internal trade use maritime routes, so securing this infrastructure is “a priority area for Europe.” – Geoff Whiting