ENISA works towards strengthening cybersecurity in the Maritime Sector
Maritime sector
The Maritime Sector plays a key role in the EU economy and society, accounting for a large segment of Europe’s overall freight and passenger transport. However, as the sector has been steadily undergoing a digital transformation with the introduction of innovative solutions based on ICT and the convergence between IT and OT, the cyber risk profile has also changed. Combined with a significant increase in cyberattacks against key maritime infrastructure such as ports and shipping companies, this change highlights the need for maritime cybersecurity to be addressed in more detail.
The Maritime Sector comprises a complex ecosystem with many interdependencies and organisations of different sizes, operational scope, ICT complexity and cybersecurity maturity working in tandem to ensure the unhindered delivery of freight and passenger transport services. Port authorities, terminal operators, other entities operating within ports, shipping companies, classification societies, shipbuilding companies and more each play a key role in this ecosystem and their individual cybersecurity posture is key for the Maritime Sector. The NIS Directive recognises this fact by identifying a plethora of maritime operators as Operators of Essential Services (OES).
The EU Agency for Cybersecurity intends to keep playing its role in the continuous process of strengthening the cybersecurity of the EU Maritime Sector by:
- Addressing key issues and recommendations;
- Supporting the development and implementation of the relevant policy and regulatory framework;
- Facilitating information sharing and the exchange of good practices between maritime stakeholders;
- Conducting awareness raising activities and organising physical and virtual events;
- Promoting discussions and validating activities through the maritime work stream in TRANSSEC.