Panel: Cyber Security Implications for Port Infrastructure and Maritime Systems

EU CyberNet hosted a panel discussion at NATO CCD COE conference CyCon2024 “Over the Horizon” focusing on critical sector service provider’s resilience building.

“The idea for the session stems from today’s increasingly interconnected world, where the maritime sector is vital pillar, handling over 90% of global trade, meaning that any disruptions can severely impact global supply chains,” explained moderator and EU CyberNet Community Lead Silja-Madli Ossip. “Enhancing maritime cybersecurity is essential for safeguarding global trade, economic stability, and international security, requiring coordinated efforts from governments, international organizations, and the private sector to address increasing cyber threats. In this session, we wanted to understand the challenges of implementing robust and comprehensive cybersecurity measures in ports globally,” she added.

The panelists shared their perspectives on these challenges and possible mitigation measures from the points of view of development aid providers, academia, and military planning:

Christophe Van Maele from UNITAR on ports’ cyber capacity:

The maritime sector’s cybersecurity varies widely – it’s like a marathon with runners in the front and runners in the back – with many regions lacking robust guidelines and security standards and until recently, ports’ focus has been on a physical security.

Complex systems with potentially outdated hardware and a mix of new and legacy software in ports are root cause for poor cybersecurity and ports face increasing cyberattacks like ransomware. These vulnerabilities highlight the urgent need for improved cybersecurity measures in the maritime industry.

Lisbeth Laurie from CICTE shared insight from Latin America and the Caribbean region:

Cybersecurity challenges in ports increase because foreign trade increases and the port infrastructure is not able to follow. Additionally, in LAC and other regions, funding for ports is a challenge, causing a domino effect where insufficient money leads to inadequate training and other vulnerabilities, and the OAS is helping to develop national maritime cybersecurity strategies.

Gabriel Raicu from the Maritime University of Constanta offered the European perspective on ports’ cybersecurity and discussed challenges in Africa:

The ports are the most diverse areas, functioning as systems of systems, and pose significant challenges from a cybersecurity standpoint. While Europe may be better prepared to deal with cybersecurity, even here, security by design is not ideal.

Michael Widmann from NATO Maritime Command offered military point-of-view on port security:

Cybersecurity is a universal risk, presenting common challenges for both the civilian and military sectors. Ports play a vital role in military success from the sustainment aspect. If an adversary wanted to significantly impact Allied capabilities, attacking ports would be effective, as the longer vessels are unable to move, the greater the damage.

Marie Haugli-Sandvik from Norwegian University of Sciene and Technology explained ports’ staff perspective to cybersecurity:

The human factor is crucial—staff who facilitate maritime operations must be able to react adequately to incidents. People need to understand cyber risks, which are often related to operational technology rather than just IT. Employees in ports are also concerned about the increased use of digital technologies to monitor productivity, which can affect their use of technology and equipment. While we understand the need for fire drills on ships, the need for cyber training and awareness in ports is not yet fully recognized, although we are improving.

The session was moderated by the EU CyberNet Community Lead Silja-Madli Ossip and the panelists were Dr Marie Haugli-Sandvik (Associate Professor at the Norwegian University of Science and Technology), Lisbeth Laurie (Program Manager of the Maritime and Port Security Program of the Inter-American Committee against Terrorism), Prof. Dr Gabriel Raicu (Rector of Maritime University of Constanta and the Director of Maritime Cybersecurity Center of Excellence), Christophe Van Maele (Maritime Governance Unit within the Peacekeeping Division of UNITAR) and Cmdr. Michael Widmann (Cyber Operations Branch Chief at NATO’s Maritime Command).

This panel discussion was part of CyCon 2024 programme.


Keep reading similar articles
Panel: Cyber Resilience Builds on Situational Awareness, Trainings and Exercising

On 18 June the EU CyberNet’s Training and Services Lead Lauri Aasmann took part of the EuRepoC Conference 2024 “Promises & Pitfalls for the EU’s Cyber Foreign and Security Policy” which focused on the attribution capacities of EU and private actors; emerging hybrid threats; the EU’s role in capacity building; and the intricate relation between critical infrastructure protection and conflict resolution in Europe.

Panel: Awareness-raising is a Complex, Non-linear Process Requiring Sustained and Multi-faceted Efforts, and International Cooperation

Liina Areng, Director of EU CyberNet and LAC4, participated in a panel at the Seminar on Security in the Digital Economy, hosted by Brazil under its G20 presidency in São Luís. The panel focused on raising public awareness about digital security.

Sille Arikas: “What it is often missed is that it’s your own paycheck that is on the line in case of falling victim to a cyber-attack that hinders provision of the services””

Mini-interviews with EU CyberNet experts. Sille Arikas has been part of the Expert Pool for 3 years and has contributed to the work of EU CyberNet.

EU CyberNet Participated in International Discussions on Cyber Capacity Building at UNHQ

This month, Silja-Madli Ossip, the Community Lead of EU CyberNet participated in multiple discussions at the United Nations Headquarters (UNHQ) – Global Roundtable on ICT Security Capacity-Building, OEWG Inter-sessional meeting on cyber threats posed by emerging technologies and a Side-Event on the future of responsible state behaviour in an evolving cyber capacity ecosystem.  

Annual Cyber Project Community Meeting Concluded in Brussels

On 15th May, EU CyberNet hosted the annual Cyber Project Community (CPC) meeting in cooperation with the European Commission’s Service for Foreign Policy Instruments and the European External Action Service (EEAS) to provide for a fora to the EU funded external cyber capacity building projects’ implementers to share information, facilitate cooperation and learn from each other’s best practices.   

Jorge Mora-Flores: “I propose the 5 C’s for cybersecurity success – Creativity, Communication, Confidence, Collaboration and Commitment. “

Mini-interviews with EU CyberNet experts. Jorge Mora-Flores has been part of the expert pool for over two years and has contributed to the work of EU CyberNet