Europe’s maritime cyber security "non-existent"

Australia’s TISN highlighted as a case to follow.

The EU’s information security agency has labelled its maritime sector a cyber security blackspot that has almost no awareness of the threat.

"It was clearly noted that the awareness regarding cyber security aspects is either at a very low level or even non-existent in the maritime sector, this observation being applicable at all layers, including government bodies, port authorities and maritime companies," the European Network and Information Security Agency (ENISA) notes a report released Tuesday.

While attention has focussed on potential attacks against the energy sector, the maritime sector, responsible for 52 per cent of the EU’s goods traffic, appears to have sailed under the radar.

ENISA's report marks the first ever European investigation into its information security challenges, which have so far focussed solely on physical risks.

The three busiest ports in Europe - Rotterdam (the Netherlands), and Hamberg (Germany) and Antwerp (Belgium) - were all increasingly dependent on IT systems that were at risk of similar threats to Stuxnet and Duqu, ENISA argued.

Potential targets included cargo tracking, identification and handling systems, and customer databases.

The low awareness of cyber attacks and lack of response plans meant the an attack on its information systems could be more devastating than sectors where more attention had been paid.

Key weaknesses included fragmented maritime governance arrangements, inadequate consideration of cyber security in maritime regulation, an absence of economic incentives to implement security, and no "inspiring initiatives" that would help foster collaboration in the event of crisis.

The agency recommended creating clearly defined roles for the European Commission, Member states and the International Maritime Organisation, pointing to Australia's Trusted Information Sharing Network (TISN) guidance to CEOs for control system (SCADA) attacks as one example it should consider following.

TISN has historically been administered by Australia's former peak cyber security agency, the Attorney General's Department, however, that role has since been moved to the Department of Prime Minister and Cabinet after a major cabinet reshuffle Prime Minister Julia Gillard announced this month.

Under TISN Australia's maritime sector falls within transport and is one of nine critical infrastructure sectors that include banking and finance, communications, emergency services, energy, food chain, health, water services and mass gatherings.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags cyber securitymaritime

More about Attorney General's DepartmentetworkEUEuropean Commission

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Liam Tung

Latest Videos

More videos

Blog Posts