Maritime cybersecurity includes securing information technologies used for navigation, propulsion, freight management, traffic control communications, and many other maritime transport activities. ENISA said that a majority of goods within the EU travel by water.
In its report, ENISA concluded that the EU maritime sector lacks an understanding of cybersecuirty risk and good practices; current maritime regulation and policies only consider physical security threats; and maritime governance is fragmented among local, national, European, and international levels.
ENISA recommended that EU countries undertake targeted maritime sector awareness-raising campaigns and cybersecurity training of shipping companies, port authorities, national cyber security offices, and others engaged in maritime transport. The agency also recommended the adoption of a common strategy and good practices to ensure “security by design” for all critical maritime IT components.
In addition, EU policy makers should add cybersecurity to current maritime regulations and policies and work to align European and international policies, ENISA said. It strongly recommended a holistic risk-based approach to cybersecurity to include assessment of maritime specific cyber risks, as well as identification of all critical assets within this sector.
ENISA said that better information exchange and statistics on cybersecurity could help insurers improve their actuarial models, reduce their own risks, and thus offer better contractual insurance conditions for the maritime sector.