ENISA releases cyber-safety guidelines for maritime sector

• Incidents of ransomware attacks targeting ports are common and have a significant impact on the economy.
• It is important to equip EU ports with all necessary tools and knowledge to address cybersecurity concerns as they undergo their digital transformation.

The report is developed in collaboration with several EU ports and offers a useful foundation to CIOs, CISOs, and other port authorities and terminal operators to build a robust cybersecurity strategy.

The threat landscape

With the emergence of new threats, regulations and increased digitalization, port stakeholders are facing all-time-high cybersecurity challenges.

Incidents of ransomware attacks targeting ports are common and have a significant impact on the economy. Due to this, the priority of securing ports is now among the top, demanding safety, security, compliance and commercial competitiveness.

ENISA report highlights

The European Union’s Agency for Cybersecurity (ENISA) published guidance for ports under the title “Port Cybersecurity - Good practices for cybersecurity in the maritime sector” to strengthen their cybersecurity, on 26 November.

The extensive report intends to:

• Delineate a clear governance around cybersecurity at port level, involving all stakeholders for port operations.
• Enforce the technical cybersecurity basics, like password hardening, network segregation, updates management, segregation of rights, etc.
• Implement security by design in applications, as ports especially use many systems, some of which are opened to third parties for data exchange.
• Add detection and response capabilities at the port level to respond swiftly to any threat or attack before operations hit.

The guide, besides discussing how stakeholders are involved in the port ecosystem, lists the main threats and challenges to them and describes key cyber-attack scenarios.

Under organizational practices, the guide layouts security measures for endpoint protection and lifecycle management, vulnerability management, human resource security, supply chain management, and more.