Current Port Security Situation

The first ENISA (European Union Agency for Network and Information Security) report on cyber maritime security (2011) report (4,3 Mb) concludes that awareness on cyber security needs in the maritime sector is currently low to non-existent and highlights the challenges of managing the interdependencies between information and communication technology (ICT) systems and other port assets. As a result, most of the actors involved in the maritime supply chain use varied and nonstandard practices to guarantee the credibility and the effectiveness of the full system development life cycle including design/development, acquisition of custom or commercial off-the-shelf products, delivery, integration, operations, and disposal/retirement.

Most of the adopted components present significant vulnerabilities and weaknesses and might be flawed or counterfeit, or might contain malicious elements thereby jeopardizing the operation of the whole maritime supply chain. In this context, the lack of visibility and traceability in the often opaque processes and practices used to develop and acquire ICT related products and services from each maritime actor increases the risk of not being able to detect and remedy intentional and unintentional compromises that may be introduced through a variety of means, including counterfeit materials and malicious software.