Boosting cybersecurity awareness in inland navigation and especially for ports

The European Committee for drawing up Standards in the field of Inland Navigation (CESNI) has published a good practice guide on cybersecurity in inland navigation, focusing on ports. The good practice guide was developed in partnership with the European Federation of Inland Ports (EFIP) and aims to be an accessible framework for all inland ports, regardless of their size or location in Europe. Here is an insight into the new publication and its key takeaways.

As the world continues to become more interconnected and more reliant on digital services, cybersecurity attacks are continually increasing. Several ports have been victims of cyberattacks in the past few years, demonstrating that this sector is not an exception to the rule. Indeed, one of the strategic subjects for the future of inland navigation is digitalisation. But this evolution is also accompanied by new challenges and risks such as cybersecurity.

The good practice guide is intended to provide an overview of cybersecurity risks, threats, and mitigation measures, primarily within the scope of inland navigation ports. The main objectives are for port stakeholders to understand the motivations and actors behind cyberattacks, as well as the assets of ports to be considered when evaluating cybersecurity threats and risks. This guide also gives an overview of good practices for the implementation of cybersecurity risk mitigation measures.

The guide is divided into three parts:

1. Cybersecurity threat landscape of inland navigation ports: this part describes the port threat landscape, including threat actors, port assets, threat taxonomy, guide and attack scenarios.
2. Mitigating cybersecurity risks for inland navigation ports: this part details the portfolio of mitigation actions that should be taken to reduce cybersecurity risks for ports. It constitutes the core of this guide, with about 120 measures tailored to the inland navigation port situation.
3. Tips for the implementation of risk mitigation measures: this part outlines actionable security hygiene measures to be taken as a first step by IT and non-IT stakeholders.

Although this good practice guide is focused on inland ports, some aspects and mitigating measures are also relevant for other actors of inland navigation like waterway authorities or barge operators.

Download the guide: Cyber Security in Inland Navigation

Instagram Posts from the IIMS @iimsmarine