ENISA has just released their first EU report on the cyber security challenges that the Maritime Sector face. The report highlights that maritime cyber security is low, to virtually non-existent, showing little difference between now and 8 years ago….
This report is extremely startling as 90% of the EU’s external trade, and more than 40% of the internal trade takes place via maritime routes. If this was to be disrupted by a cyber threat, then it would have disastrous consequences for the EU Member States’ governments and social wellbeing. Trade, resources and leisure would all be severely affected.
ENISA suggest there should be regulations and policies considering cyber security, on a risk-based approach. Better information exchange and statistics on cyber security is also needed to help people understand and improve their own actuarial models and help reduce risks.
The report shows that little has changed in the 8 years since the Port of Houston was crippled by a cyber attack, allegedly committed by a teenager back in 2003. As a result, data (tides, water depths and weather) to help pilots navigate through the harbour and by shipping companies became inaccessible. The UK teenager was accused of ‘electronic sabotage’, bringing down the Internet systems of the worlds 8th busiest maritime facility, whilst attempting to extract revenge on a fellow IRC user. The recent ENISA study has shown that the state of the Maritime Cyber Security infrastructure has not changed since the attack, leaving it vulnerable to further cyber attacks.
Modern containerships and oil tankers are highly automated and manned by a small number of crew relying on automated systems. Additional harbours and container ports are also highly automated, meaning that the whole maritime network would come to a standstill if disrupted by a cyber threat. The recent Stuxnet and Duqu attacks have shown that industrial systems as well as traditional computer systems are vulnerable to cyber attacks.
Considering how important the maritime trade is to the EU, and that attacks on critical infrastructure are increasingly becoming common, it just shows how serious cyber security in the maritime industry needs to be taken.
Protect your company from cyber threats with the complete cyber security toolkit: The No 3 ISO27001 Comprehensive ISMS Toolkit.
Use this toolkit to implement your very own ISO 27001 (the world’s only cyber security standard) project. Coming with complete documentation and books to guide you through the process, this all-inclusive toolkit will have your business’ cyber defences up in no time.