WWW.DISSERTATION.XLIBX.INFO
FREE ELECTRONIC LIBRARY - Dissertations, online materials
 
<< HOME
CONTACTS



Pages:   || 2 | 3 | 4 | 5 |

«ANALYSIS OF CYBER SECURITY ASPECTS IN THE MARITIME SECTOR November 2011 Analysis of cyber security aspects in the maritime sector I Contributors to ...»

-- [ Page 1 ] --

ANALYSIS OF CYBER SECURITY ASPECTS IN

THE MARITIME SECTOR

November 2011

Analysis of cyber security aspects in the maritime sector

I

Contributors to this report

ENISA would like to express its gratitude to all contributors of this analysis.

ENISA would also like to recognise the contribution of the Deloitte team members that

prepared this analysis in collaboration with and on behalf of ENISA:

- Mr. Dan Cimpean;

- Mr. Johan Meire;

- Mr. Vincent Bouckaert;

- Mr. Stijn Vande Casteele;

- Mrs. Aurore Pelle.

- Mr. Luc Hellebooge;

Acknowledgements ENISA would like to acknowledge the contribution to the maritime cyber security workshop

organised in the light of this project and the report, and in particular:

- Mr. Andrea Servida, from DG INFSO;

- Mr. Jean-Bernard Erhardt and from DG MOVE;

- Mr. Jukka Savo, from DG MOVE;

- Mr. Allard Kernkamp, from CPNI.NL;

- Assistant Professor Nineta Polemi, the University of Piraeus, Dept. of Informatics Analysis of cyber security aspects in the maritime sector II About ENISA The European Network and Information Security Agency (ENISA) is a centre of expertise for the European Union (EU), its Member States (MS), the private sector and Europe’s citizens. As an EU agency, ENISA’s role is to work with these groups to develop advice and recommendations on good practice in information security. The agency assists MS in implementing relevant EU legislation, and works to improve the resilience of Europe’s critical information infrastructure and networks. In carrying out its work programme, ENISA seeks to enhance existing expertise in MS by supporting the development of cross-border communities committed to improving network and information security throughout the EU.

Contact details For questions related to Cyber Security aspects in the maritime sector, please use the

following details:

 Mr. Wouter VLEGELS - Expert, Critical Information Infrastructure Protection E-mail: wouter.vlegels@enisa.europa.eu Legal notice Notice must be taken that this publication represents the views and interpretations of the authors and editors, unless stated otherwise. This publication should not be construed to be a legal action of ENISA or the ENISA bodies unless adopted pursuant to the ENISA Regulation (EC) No 460/2004 as lastly amended by Regulation (EU) No 580/2011. This publication does not necessarily represent state-of the-art and ENISA may update it from time to time.

Third-party sources are quoted as appropriate. ENISA is not responsible for the content of the external sources includi

–  –  –

Contents 1 Executive Summary

2 Introduction

2.1 The maritime sector as critical infrastructure

2.2 The policy context

2.3 Purpose and scope of the study

2.4 Target audience

2.5 Approach

2.5.1 Desk top research

2.5.2 Interviews and questionnaires

2.5.3 Workshop

3 Key findings and recommendations

3.1 Low awareness and focus on maritime cyber security

3.1.1 Impact

3.1.2 Recommendations

3.2 Complexity of the maritime ICT environment

3.2.1 Impact

3.2.2 Recommendations

3.3 Fragmented maritime governance context

3.3.1 Global level

3.3.2 European level

3.3.3 National/Regional level

3.4 Inadequate consideration of cyber security in maritime regulation

3.4.1 Impact

3.4.2 Recommendations

3.5 No holistic approach to maritime cyber risks

3.5.1 Impact

3.5.2 Recommendations

3.6 Overall lack of direct economic incentives to implement good cyber security in maritime sector

Analysis of cyber security aspects in the maritime sector IV 3.6.1 Impact

3.6.2 Recommendations

3.7 Inspiring initiatives, a call for collaboration

3.7.1 Results

3.7.2 Recommendations

4 Conclusions & suggested next steps

Short-term

Mid-term

Long-term

5 APPENDIX A Workshop report

5.1 List of keynote speakers

5.2 Keynote summaries

5.2.1 EU Policy on network and information security and CIIP

5.2.2 SafeSeaNet

5.2.3 Management of public-private partnerships and information sharing for the protection of critical infrastructures

5.2.4 Open issues and proposals in the security management of PIT systems – The SPort national case

5.3 Group discussions

6 APPENDIX B Summary of key findings and recommendations

Analysis of cyber security aspects in the maritime sector Executive Summary The maritime sector is critical for the European society. Recent statistics show that within Europe, 52%1 of the goods traffic in 2010 was carried by maritime transport, while only one decade ago this was only 45%. This continuous increase in dependency upon the maritime transport underlines its vital importance to our society and economy. As it can be observed in other economic sectors, maritime activity increasingly relies on Information Communication and Technology (ICT) in order to optimize its operations. ICT is increasingly used to enable essential maritime operations, from navigation to propulsion, from freight management to traffic control communications, etc.





These last years have also shown that cyber threats are a growing menace, spreading in all industry sectors that progressively rely on ICT systems. Recent examples of deliberate disruption of critical automation systems, such as Stuxnet 2, prove that cyber-attacks can have a significant impact on critical infrastructures. Disruption or unavailability of these ICT capabilities might have disastrous consequences for the European Member States’ governments and social wellbeing in general. The need to ensure dependability and the ICT’ robustness against cyber-attacks is a key challenge at national and pan-European level.

This first analysis of the cyber security aspects in the maritime sector identified key insights and considerations regarding this area. It also touches on the policy context at the European level and situates the topic of cyber security in the maritime sector as a logical next step in the global protection effort of ICT infrastructure. This document identifies essential problematic areas as well as initiatives being implemented, which could serve as a baseline towards helping the development of cyber security in this particular context. Finally, high-level recommendations are presented for each observation, suggesting the possible approaches that could be taken for addressing these risks.

High-level observations and recommendations

 The awareness on cyber security needs and challenges in the maritime sector is currently low to non-existent. Member States should consider developing and implementing awareness raising campaigns targeting the maritime actors. In particular the provision of appropriate cyber security training to relevant actors (e.g. shipping companies, port authorities, etc.) would be highly recommended.. Such awareness campaigns and training initiatives should target all relevant actors involved in the maritime sector, while their provision could be coordinated by relevant cyber security organisations (e.g. national cyber security offices, national CERTs, public-private partnerships, etc).

In terms of value in Euros. Source: Eurostat database: EXTRA EU27 Trade Since 2000 By Mode of Transport (HS6) http://www.enisa.europa.eu/media/press-releases/stuxnet-analysis Analysis of cyber security aspects in the maritime sector  Due to the high ICT complexity and the use of specific technologies, there are particular challenges to ensure adequate security provisions in maritime systems. It would be beneficial for all stakeholders to agree on a common strategy and development of good practices for the technology development and implementation of ICT systems in the maritime sector and ensuring “security by design” for all critical maritime ICT components.

 As current maritime regulations and policies consider only the physical aspects of security and safety, it is recommended that policy makers add cyber security aspects to them.

 We strongly recommend a holistic risk-based approach, which would require the assessment of existing cyber risks associated with the current ICT systems implementations relevant to the European maritime sector as well as the identification of all critical assets within this sector. For maritime economic operators and stakeholders, it is important to proactively apply sound cyber and information security risk management principles within their organisations and environments.

 With the maritime governance context being fragmented between different levels (i.e.

international, European, national), the International Maritime Organisation together with the European Commission and the Member States should consider aligning and harmonizing international and European policies related to this sector, particularly on its cybersecurity aspects. Member States should clearly specify the roles and responsibilities that should be endorsed for addressing cyber security matters at those various levels.

 Proper coordination and cooperation between the relevant stakeholders should also be defined (e.g. CERTs and port authorities, shipping companies, etc.) through publicprivate sector interaction. We would recommend Member States to stimulate dialogue and public-private partnerships between the key stakeholders in the maritime sector (e.g. shipping companies, port authorities, etc.) and connected stakeholders (e.g. insurance companies / brokers).

 From a different perspective, better information exchange and statistics on cyber security may help insurers to improve their actuarial models, reduce own risks, and therefore offering better contractual insurance conditions to the involved maritime stakeholders. Information exchange platforms, as for instance the ones implemented by CPNI.NL, should be also considered and developed by Member States in order to foster and facilitate communication on cyber security for the relevant maritime actors.

For further details and additional observations, please refer to chapter 3 (‘Key findings and recommendations’) and chapter 4 (‘Conclusions & suggested next steps’) of this document.

Analysis of cyber security aspects in the maritime sector

1 Introduction

1.1 The maritime sector as critical infrastructure The maritime sector sustains society and the economy through the movement of people and vital goods, such as energy (transportation of oil and gas), food 3, etc. The criticality of the maritime sector for the European Member States and economies is clearly illustrated by

available data:

 In Europe, 52% 4 of the goods traffic in 2010 was carried by maritime transport, where only one decade ago this was only 45%. This increase in maritime transport dependency underlines its vital importance to our society and economy. Based on data from the European Commission5, around 90% of EU external trade and more than 43% of the internal trade take place via maritime routes. Industries and services belonging to the maritime sector, contribute between 3 and 5 % of EU Gross Domestic Product (GDP), and maritime regions produce more than 40 % of Europe’s GDP. 22 Member States with maritime border manage more than 1.200 sea ports supporting the maritime sector activity.

 Three major European seaports (i.e. Rotterdam, Hamburg and Antwerp 6) accounted in 20107 for 8% of overall world traffic volume, representing over 27,52 Million-TEUs.

Additionally, these seaports handled more than 50% of the entire European waterborne foreign container trade. The main European seaports carried in 2009 17,2% of the international exports and 18% of the imports 8.

The European economy is therefore critically dependent upon the maritime movement of cargo and passengers. On the other hand, the maritime activity increasingly relies on Information Communication and Technology (ICT) to optimize its operations, like in all other sectors. ICT is used to enable essential maritime operations, from navigation to propulsion, from freight management to traffic control communications, etc. These last years have also shown that cyber threats are a growing menace, spreading in all sectors. Disruption or unavailability of these ICT capabilities might have disastrous consequences - therefore there is an increased need to ensure the ICT robustness against cyber-attacks and dependability is a key challenge at national and pan-European level.

Securing the critical infrastructure of the maritime sector is increasingly becoming a priority for the key European stakeholders, including the European Commission, Member State governments and the main actors from the private sector.

See EICAR Conference Best Paper Proceedings 2003 In terms of value in Euros. Source: Eurostat database: EXTRA EU27 Trade Since 2000 By Mode of Transport (HS6) (DS_043328), accessed on 02/08/2011.

http://ec.europa.eu/maritimeaffairs/maritimeday/pdf/proceedings_en.pdf In terms of goods’ transhipments in 2008, Rotterdam, Antwerp, Hamburg ports were the most important in Europe.

http://www.worldshipping.org/about-the-industry/global-trade/top-50-world-container-ports Eurostat database: Trade in goods, by main world traders (tet00018), accessed on 02/08/2011.

Analysis of cyber security aspects in the maritime sector

1.2 The policy context Critical information infrastructures support vital services and goods such as energy, transport, telecommunications, financial services, etc., that are so essential that their unavailability may adversely affect the well-being of a nation. Due to their significant importance, the protection of critical information infrastructures is required to sustain and further enhance the wellbeing of the European society, the European Union economy, and the European citizens.

Therefore, this subject has also become an attention area for the policy makers in the European Union (EU).



Pages:   || 2 | 3 | 4 | 5 |


Similar works:

«The First-Year Experience Monograph Series No. 7 Supplemental Instruction: Improving First-Year Student Success in High-Risk Courses 3rd edition Marion E. Stone and Glen Jacobs, Editors Co-sponsor International Center for SI University of Missouri-Kansas City Cite as: Stone, M. E., & Jacobs, G. (Eds.). (2008). Supplemental instruction: Improving first-year student success in high-risk courses (Monograph No. 7, 3rd ed.). Columbia, SC: University of South Carolina, National Resource Center for...»

«Q–Chem User’s Manual Version 3.2 January 2009 Version 3.2 January 2009 Q-Chem User’s Guide This version is edited by: Dr Yihan Shao with contributions from: Dr Nick Besley (Partial Hessian) Dr Jeng-Da Chai (Variations of ωB97 functional) Dr Deborah Crittenden (Wigner intracule) Dr Evgeny Epifanovsky (Coupled-cluster parallelization) Prof. Steve Gwaltney (Onsager) Prof. John Herbert (LRC-DFT) Prof. Cherri Hsu (Electron transfer analysis) Dr Rustam Khaliullin (ALMO, EDA, CTA) Dr Ester...»

«Biohacking 101 with Andrew Clark Q&A Session Dave Asprey: Hi! Today’s cool fact of the day is that your body is less than 1% carbohydrate on average. [Podcast Music] Dave Asprey: Hi, this is episode 1 of Upgraded Self radio. This is Dave Asprey and Armi Legge here from the Bulletproof Executive talking about Biohacking with Andrew Clark. Andrew Clark is the first fully certified Bulletproof Executive practitioner and then we’ve got a great listener Q&A, questions about vitamin D, immune...»

«Curriculum vitae: Professor Steve Walton Personal details Name (The Revd Professor) Stephen John WALTON (known as Steve) Office address London School of Theology, Green Lane, Northwood, Middlesex, HA6 2UW Home address 8 Barrons Way, Comberton, Cambridge, CB23 7EQ Telephone 01923 456326 (office) 01223 264198 (home) 07897 630462 (mobile) Fax 01923 456001 Email s.walton@lst.ac.uk (work) steve.walton@cantab.net (personal) Nationality British citizen Qualifications 1997 PhD, University of Sheffield;...»

«H.264 Network Digital Video Recorder User Manual 1 H.264 Network Digital Video Recorder User Manual Merci d'avoir acheté notre DVR! Ce manuel est conçu pour être un outil de référence pour l'installation et le fonctionnement de votre système. Ce document vous permet de trouver des informations sur les caractéristiques et les fonctions du DVR. Consignes de securité et avertissement Ne placez pas d'objet lourd sur le DVR. Ne laissez pas tomber d’objet ou de liquide dans le DVR. Retirer...»

«Please feel free to print out or Save as. Text this article to your hard drive. (Microsoft Explorer browsers may lose spacing between paragraphs.) STARTLING DISCOVERIES ABOUT CHILDREN WHO HAVE NEAR-DEATH EXPERIENCES From the June 2000 issue of FATE MAGAZINE P.M.H.Atwater, L.H.D., Ph.D. (Hon.) P. O. Box 7691 Charlottesville, VA 22906-7691 © 2000 P.M.H.Atwater, L.H.D., Ph.D. (Hon.) Children of any age can have a near-death experience. That includes newborns and infants. What they tell once...»

«Annual Review 2014-15 December 2015 Page 2 of 52 Contents Opening Words by the Rt Hon Anna Soubry MP 4 The Shareholder Executive 6 Foreword to the Annual Review by Robert Swannell 10 1. Chief Executive’s Report 12 1.1 Introduction 12 1.2 Major achievements, 2014-15 13 1.3 Changes in the portfolio 23 1.4 Organisational structure, people and teams 23 1.5 Outlook 24 2. Portfolio performance in financial year 2014-15 26 2.1 Portfolio composition 26 2.2 Brief descriptions of the 28 Portfolio...»

«Proceedings of the 20th North American Conference on Chinese Linguistics (NACCL-20). 2008. Volume 1. Edited by Marjorie K.M. Chan and Hana Kang. Columbus, Ohio: The Ohio State University. Pages 361-377.Language Change in Progress: Evidence from Computer-Mediated Communication Liwei Gao Defense Language Institute With its ever increasing popularization, computer-mediated communication (CMC) has become a progressively well documented research area (e.g., Baron 1984, 1998a, 1998b, 2000; Crystal...»

«Keynote Speech to the 3rd Global Competitiveness Forum January 27, 2009 Shinzo Abe, former Prime Minister of Japan Opening greetings 】 【 Ladies and gentlemen, it is a great pleasure for me to be present and deliver a keynote speech at this 3rd Global Competitiveness Forum held under the auspices of the Custodian of the Two Holy Mosques King Abdullah bin Abdulaziz Al Saud of Saudi Arabia. First of all, I would like to express my deep respect to Governor H.E. Mr. Amr Abdullah Dabbagh of the...»

«Christ’s Redemption Sandy Willson The Gospel Coalition Booklets Edited by D. A. Carson & Timothy Keller Christ’s Redemption The Gospel Coalition Booklets Edited by D. A. Carson & Timothy Keller Gospel-Centered Ministry by D. A. Carson and Timothy Keller The Restoration of All Things by Sam Storms The Church: God’s New People by Tim Savage Creation by Andrew M. Davis The Holy Spirit by Kevin L. DeYoung What Is the Gospel? by Bryan Chapell The Plan by Colin S. Smith Can We Know the Truth?...»

«Underwater setting methods to minimise the accidental and incidental capture of seabirds by surface longliners Report on a prototype device developed by Akroyd Walshe Ltd SCIENCE FOR CONSERVATION: 66 P. Barnes and K.A.R. Walshe Published by Department of Conservation P.O. Box 10-420 Wellington, New Zealand 1 Science for Conservation presents the results of investigations by DoC staff, and by contracted science providers outside the Department of Conservation. Publications in this series are...»

«The Sorcerer’s Apprentice The Sorcerer’s Apprentice was first presented by Seattle Children’s Theatre for the 2006-2007 season. The license issued in connection with PYA perusal scripts is a limited license, and is issued for the sole purpose of reviewing the script for a potential future performance. All other rights regarding perusal scripts are expressly reserved by Plays for Young Audiences, including, but not limited to, the rights to distribute, perform, copy or alter scripts. This...»





 
<<  HOME   |    CONTACTS
2016 www.dissertation.xlibx.info - Dissertations, online materials

Materials of this site are available for review, all rights belong to their respective owners.
If you do not agree with the fact that your material is placed on this site, please, email us, we will within 1-2 business days delete him.