France Cyber Maritime, France’s response to cyber threats affecting the maritime sector

A press release published today (24/11/2020) announced that the association France Cyber Maritime was created on 17 November 2020 to “help address the expectations of the maritime and port sectors regarding maritime cybersecurity, in a context of increasing digitalization of ships and ports, the development of drones and autonomous vessels, and the growing cyber threats affecting this strategic sector for France and Europe.”

I will quote large parts of the press release, as it is quite comprehensive:

“The objectives of FRANCE CYBER MARITIME are:

• to create in the coming months an operational team called the Maritime Computer Emergency Response Team (M-CERT). This sectoral CERT will aim to centralize and coordinate cybersecurity incidents affecting the maritime and port sectors, and to facilitate information sharing so that stakeholders can better anticipate emerging threats. This team will also contribute to promoting national expertise within the various European and international organizations active in this field.”

It is worth noting that the term ISAC (Information Sharing and Analysis Center) is also often used in English-speaking countries, particularly in the United States. In general, a CERT is more often the expertise center of a specific organization and less frequently sector-based, while an ISAC typically focuses on information sharing and analysis without including incident coordination and response. The main difference between the two is that ISACs usually do not include operational incident response functions.

• “to contribute to the development of the national maritime cybersecurity ecosystem by bringing together maritime and cybersecurity stakeholders and by strengthening the offer of cybersecurity services tailored to the sector: consulting and expertise, training and exercises, monitoring and alerting, security operations and maintenance, research and development, promotion and coordination.

FRANCE CYBER MARITIME was created following work that, since the end of 2019, brought together several voluntary stakeholders from the maritime and cybersecurity sectors under the leadership of the General Secretariat for the Sea (SGMer) and in coordination with the French National Cybersecurity Agency (ANSSI). These organizations jointly expressed their full support for the association from its creation.

The association already benefits from the support of around fifteen organizations, including industrial players from the civilian and defense maritime sectors, cybersecurity companies, higher education and research institutions, and professional associations (Bureau Veritas, Cluster Maritime Français, DIATEAM, Elengy, ENSM, ENSTA Bretagne, GICAN, HarfangLab, IMT Atlantique, Naval Group, Pôle Mer Bretagne Atlantique, SEKOIA, SYNACKTIV, Thales, Yes We Hack).”