The maritime sector plays a key role in the EU economy and society, accounting for a large segment of Europe’s overall freight and passenger transport. However, as the sector has been steadily undergoing a digital transformation with the introduction of innovative solutions based on ICT and the convergence between IT and OT, the cyber risk profile has also changed. Combined with a significant increase in cyber-attacks against key maritime actors such as ports and shipping companies, this change highlights the need for maritime cybersecurity to be addressed in more detail.

The maritime sector comprises a complex ecosystem with many interdependencies and organisations of different size, operational scope, ICT complexity and cybersecurity maturity working in tandem to ensure the unhindered provisioning of freight and passenger transport services. Port authorities, terminal operators, other entities operating within ports, shipping companies, classification societies, shipbuilding companies and more each play a key role in this ecosystem and their individual cybersecurity posture is key for the maritime sector. The NIS Directive recognises this fact by identifying a plethora of maritime operators as Operators of Essential Services (OES).

The Role of ENISA

The EU Agency for Cybersecurity intends to keep playing its role in the continuous process of strengthening the cybersecurity of the EU maritime sector by:

  • Addressing key issues and recommendations
  • Supporting the development and implementation of the relevant policy and regulatory framework
  • Facilitating information sharing and the exchange of good practices between maritime stakeholders
  • Conducting awareness raising activities and organising physical and virtual events
  • Promoting discussions and validating activities through the maritime work stream in TRANSSEC

Cyber risk management for ports - ENISA web tool

This tool allows port operators to conduct cyber risk management with a four-phase approach which follows common principles of risk management. The approach is also compatible with the steps of the risk assessment methodology of the ISPS code. Port operators can navigate through this tool starting at any of the four phases, identify security measures based on their priorities and assess their maturity in the implementation of these measures.

We use cookies on our website to support technical features that enhance your user experience.
We also use analytics. To opt-out from analytics, click for more information.

I've read it More information