Europe’s maritime cyber security "non-existent"

Australia’s TISN highlighted as a case to follow.

The EU’s information security agency has labelled its maritime sector a cyber security blackspot that has almost no awareness of the threat.

"It was clearly noted that the awareness regarding cyber security aspects is either at a very low level or even non-existent in the maritime sector, this observation being applicable at all layers, including government bodies, port authorities and maritime companies," the European Network and Information Security Agency (ENISA) notes a report released Tuesday.

While attention has focussed on potential attacks against the energy sector, the maritime sector, responsible for 52 per cent of the EU’s goods traffic, appears to have sailed under the radar.

ENISA's report marks the first ever European investigation into its information security challenges, which have so far focussed solely on physical risks.

The three busiest ports in Europe - Rotterdam (the Netherlands), and Hamberg (Germany) and Antwerp (Belgium) - were all increasingly dependent on IT systems that were at risk of similar threats to Stuxnet and Duqu, ENISA argued.

Potential targets included cargo tracking, identification and handling systems, and customer databases.

The low awareness of cyber attacks and lack of response plans meant the an attack on its information systems could be more devastating than sectors where more attention had been paid.

Key weaknesses included fragmented maritime governance arrangements, inadequate consideration of cyber security in maritime regulation, an absence of economic incentives to implement security, and no "inspiring initiatives" that would help foster collaboration in the event of crisis.

The agency recommended creating clearly defined roles for the European Commission, Member states and the International Maritime Organisation, pointing to Australia's Trusted Information Sharing Network (TISN) guidance to CEOs for control system (SCADA) attacks as one example it should consider following.

TISN has historically been administered by Australia's former peak cyber security agency, the Attorney General's Department, however, that role has since been moved to the Department of Prime Minister and Cabinet after a major cabinet reshuffle Prime Minister Julia Gillard announced this month.

Under TISN Australia's maritime sector falls within transport and is one of nine critical infrastructure sectors that include banking and finance, communications, emergency services, energy, food chain, health, water services and mass gatherings.

Join the CSO newsletter!

Error: Please check your email address.

Tags securitymaritimecyber security

More about Attorney General's DepartmentetworkEUEuropean Commission

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Liam Tung

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts