The Maritime Sector Maritime Information Systems Risks News About Services Contact FR

Contents

ENISA publishes a report on cybersecurity good practices for port systems

 included in  News
   441 words   3 minutes 
/images/wp-content/uploads/2019/11/hamburg-3021820_640.jpg

On November 26, 2019, ENISA (the European Union Agency for Cybersecurity) published a report titled “Port Cybersecurity – Good practices for cybersecurity in the maritime sector”.

Context

Like the rest of the maritime sector, ports are undergoing rapid digital transformation and increasingly evolving toward the concept of the smart port. The objective is to improve efficiency across logistics, safety, and financial performance.

Many technological trends are involved in this transformation, including IoT, blockchain (particularly for logistics), big data, cloud computing, automation, artificial intelligence, and 5G. While these technologies can improve operational capabilities, they also increase the potential exposure of port infrastructures to cyber threats.

At the same time, cyber incidents affecting ports are becoming more frequent. Globally, ports handle enormous volumes of goods that are critical to the functioning of the global economy. The financial value of these flows is equally significant (see, for example, Lloyd’s recent study on the subject). This naturally makes ports attractive targets for potential attackers.

However, beyond targeted attacks, it is important to remember that cybercrime often spreads opportunistically. Even if a port is not specifically targeted, it can still be affected by large-scale cyber incidents, as illustrated by the Maersk case.

Content of the report

The report, around sixty pages long, presents a series of security measures that port authorities and port operators can adopt in order to strengthen their cybersecurity posture. In particular, it can help organizations to:

  • define a clear organizational cybersecurity policy for port environments, covering all entities involved in port operations;
  • implement basic technical cybersecurity measures such as network segmentation, patch management, and stronger password and access control policies;
  • integrate cybersecurity considerations into the design of port applications and networks;
  • improve detection and response capabilities in order to react quickly to cyber incidents before they affect port operations, safety, or security.

Objectives of the report

The report was developed in collaboration with several European ports, including HAROPA Ports, Valencia, Trieste, Dublin, Antwerp, Saint-Nazaire, Tallinn, Piraeus, Bremen, Rotterdam, and Amsterdam.

The good practices described in the document aim to:

  • identify the main services and infrastructures within ports (cargo transport, passenger transport, vehicle transport, fishing activities) and map the different actors in the port ecosystem;
  • establish a high-level model describing port systems and the data flows between them and with external systems;
  • identify the main cybersecurity challenges that port stakeholders face today and may face in the future;
  • describe potential attack scenarios affecting port ecosystems, based in part on cyber incidents that have already occurred in the sector;
  • provide a set of security measures and best practices intended to improve the cybersecurity maturity of port ecosystems.

Source: ENISA press release and personal analysis.

Updated on 31/01/2020
 Smartport
Back | Home