The Agency arranged a Maritime Cyber Security Workshop in Brussels (28/09//11) to discuss national and European initiatives, standardisation and regulation initiatives, including various challenges.
Did you know that..?
- Ca 90% of the EU’s external trade and more than 43% of the internal trade take place via maritime routes.
- Industries and services in the maritime sector, contribute between 3-5% of EU Gross Domestic Product (GDP), and maritime regions produce more than 40 % of Europe’s GDP.
- 22 EU Member States with maritime borders manage more than 1.200 sea ports supporting the maritime sector activity; and three major European seaports (i.e. Rotterdam, Hamburg and Antwerp) accounted in 2010 for 8% of world traffic volume.
Context
Given the above figures, securing the maritime sector’s critical infrastructure and the movement of vital goods is a priority and area of concern for the key European stakeholders, including the European Commission, Member States and the private sector. Critical infrastructure in the maritime sector sustains essential services and the movement of vital goods. Adequate cyber security for maritime activities are thus so crucial that delays in the supply chain may even cause health problems in any Member State’s population.
The Agency workshop e.g. included topics;
- An overview of the current EU policy, focussed at mitigating IT security risks for Europe.
- The SafeSeaNet initiative (i.e. critical information on cargo/crew/passengers transmitted when ships arrive to EU ports, using e-messages, which must be done in a secure way.)
Recommendations on cyber security for the maritime sector
As a result of the workshop, legal and recommendations include;
- The level of ICT implementation maturity strongly varies from one port to another, while security is not always a priority. Therefore, to achieve cyber security at port level, the implementation of ICT systems that are secure by design is needed.
- Awareness. To raise awareness at a practical level, relevant ship crews should obtain basic cyber security skills and training, with possible certifications for ship captains. Accesses to systems could also be restricted, with proper access controls.
- Top-down approach to implement cyber security (from authorities to ports) clarifying that assets are at risk, and the possible impacts of a cyber-security incident.
- Clear economic drivers must also be identified in order to attract and motivate the private sector.
- Moreover, the lack of information exchange on cyber security incidents and on other cyber related threats (e.g. fraud, e-crime, etc.) facing the maritime sector was highlighted.
For full Summary, with more draft recommendations.
Next steps
The Agency will produce a full report, to be launched later during the autumn.