EU Shipping Sector Cyber Security Awareness "Non-Existent"

twoheadedboy writes "The European maritime sector has next to no idea about cyber security, according to a report released by the European Network and Information Security Agency (ENISA). The shipping industry, which carried 52 per cent of goods traffic in Europe in 2010, has 'currently low to non-existent' awareness of cyber security needs and challenges, the report said. ENISA claimed the lack of understanding was evident at every layer of the industry, from government bodies to port authorities and maritime companies."

Physical and Digital

[andersh]

After having read the full report in question it becomes somewhat clearer, they didn't just fill out forms, they interviewed people and held workshops with the key players.

To quote the report:
"awareness regarding cyber security aspects is either at a very low level or even non-existent in the maritime sector, this observation being applicable at all layers, including government bodies, port authorities and maritime companies.".

My understanding is that this report is focused on what governments and the EU specifically can do to help, build and support for better security. In recent years the EU and other bodies have created and implemented security related regulation including provisions relating to safety and physical security concepts.

Now, it's time to look at what the EU and its members should and can do to secure related information systems. Self-regulatory and co-regulatory organisational models around maritime cyber security aspects are virtually non-existent within the EU Member States, according to the report (page 19).

Re:More specifically?

[_Shad0w_]

They're talking about companies who run things like box carriers and the like, not couriers. A lot of ships have internet connections, via things like FleetBroadband from Inmarsat, so having an awareness of internet security, I would suggest, is actually pretty important.

They regularly take data sent to them via e-mail or direct internet connection and load it on to their ECDIS units (mostly that would be ENC updates or permit files). As to whether that's in some way exploitable, I couldn't say.