ENISA report on cybersecurity in ports
ENISA, the European Union Agency for Cybersecurity also conducts work on Cybersecurity in ports. On the 26th of November 2019, they published a report on said topic.
The report serves as a guidance for ports that want to strengthen their cybersecurity and has people working on cybersecurity issues for both Port Authorities as well as Terminal Operators as its audience.
The report discusses current cybersecurity threats and challenges and identifies a number of key cyberattack scenarios. Moreover, the report identifies the main port infrastructure and services and lists the main stakeholders in the port ecosystem. The report gives an overview of current cybersecurity measures that serve as best practices and recommends measures Port Authorities and Terminal Operators can take to improve cybersecurity.
The report recommends that cybersecurity should not only be viewed as paramount to be able to keep pace with the current technological evolutions, but should also be seen as an enabler of further developments and automation. Moreover, the report recommends Port Authorities and Terminal Operators to go beyond the described best practices and to also address additional topics, such as:
- Awareness raising about cybersecurity at board and staff level.
- Improved information sharing amongst port operators and between port operators and other maritime stakeholders.
- Good practices can be adopted or investigated to address cybersecurity in the supply chain.
- Interdependencies cybersecurity risks can be integrated in the overall cyber risk management process.
Security in ports: Port security software supports operators
A European Commission-supported port security system has been launched to give ports the ability to self-assess corporate security. The Port Security Management System is an interactive real time dynamic web-based dashboard designed to help assess and improve overall port security. Developed as part of SUPPORT (Security UPgrade for PORTs) and part-funded by the EC's FP7 Security Research Programme, the PSMS is made up of five modules. These are comprised of a maturity module to address terrorist threats; a corporate security module to addresses crime risks; an e-learning education and examination module including drills and exercises; a sharing and decision support module to supervise facilities via the internet; and an Authorised Economic Operator (AEO) security self-assessment module. Project lead Henk van Unnik, of Netherlands-based Tosepo BV, described the PSMS as “unique”. “It is the first tool of its kind which incorporates an up-to-date, self-assessment guide to enable maritime security practitioners to successfully upgrade their corporate security.” The PSMS will be available through SaaS (Software as a Service) and will be available for sale from early 2014.
Since 2001, terrorist attacks have highlighted the need to integrate security in the Commission’s transport policy. In response to the request of the EU Heads of State (25 March 2004) and as an addition to legislation on air, maritime and port security, the European Commission issued an Communication and proposed a Regulation on enhancing supply chain security to the Council and Parliament in 2006 (27 February 2006).
Communication and Proposal on enhancing supply chain security.
Download more info
Based on the reactions to the consultation paper - from May 2004 onwards – the European Commission:
- Started to define the scope of its surface freight transport security policy; Definition, concept and framework for intermodal security policy: Download more info
- Continued and increased co-operation with all interested parties and encouraged initiatives by these parties, i.e. asking them to develop concrete proposals for increasing the security performance of all parties in the intermodal supply chain.
- Wrote an impact assessment (working document) covering i.e. the major results of the consultation process, a cost benefit analysis of policy options and advice on the most appropriate policy approach.
- Drafted a Communication and proposal for a Regulation to enhance supply chain security, to be discussed in the Council and Parliament in 2006, issued on 27 February 2006
- Enabled further research on supply chain security issues, i.e. establishing a CEN expert group on supply chain security to identify a possible need for a European standard and the Counteract project and the Counteract project.
The overall objective of the EU's maritime security policy is to protect the citizens and our economies from the consequences of unlawful intentional acts against shipping and port operations.
The EU legislation consists in the combination of preventive measures contained in the Regulation on enhancing ship and port facility security, on the one hand, and the Directive on port security on the other hand. This provides a regulatory framework for the protection of the maritime link in the transport logistics chain against the risk of an attack and threats of this type. This framework, which goes beyond international obligations, is designed to ensure the best level of preventive security possible for maritime transport, whilst ensuring that the ability to promote and pursue world trade can continue.
The Commission has been given the obligation by the European Parliament and the Council to monitor the application by Member States of the Maritime Security legislation and to verify the effectiveness of national maritime security measures, procedures and structures. In order to fulfill this task, the Commission adopted a Regulation on procedures for conducting Commission inspections in the field of maritime security.
The Commission is willing to help address the practical problem of combating piracy and armed robbery. Piracy has always been one of its concerns, and in accordance with recital (2) of Regulation (EC) No 725/2004: "The security of European Community shipping and of the citizens using it and of the environment in the face of threats of intentional unlawful acts such as acts of terrorism, acts of piracy or similar, should be ensured at all time", the Regulatory Committee for Maritime Security (MARSEC) has dealt with this topic.
Source: European Commission