Numéro : 2712 - Year : 2017
Maritime cybersecurity - Harbour infrastructures and ships
Patrick HEBRARD, Responsable Recherche et innovation - Direction Cyber Sécurité
Fabien LACOSTE, Analyste Cyber - Direction Cyber Sécurité
Naval Group (Ollioules - France)
The ongoing digitization of maritime systems expands the potential surface attack of cyberattacks. Both vessels and ports’ digital systems are numerous, built with standard products (commercial off the shelf), and often designed without taking into account cyber risks. Cyber threats in the maritime domain can no longer be overlooked. Cyberattacks impact naval information systems and their effects can be as disruptive as totally interrupting their functioning.
Legal protection against cyberattacks is under construction and cannot be viewed yet as a satisfactory frame. At the national level, the ANSSI (National Agency for Security of Information Systems) ensures the protection of vital information systems with the OIV (Operators of Vital Importance) legal system. This legal frame has been extended to the European Union with the NIS directive (Network and Information Security directive) and constitutes so far the stronger element of a legal approach to prevent devastating cyberattacks.
However, legal tools are not sufficient. Public ports authorities, private ports operators and civil vessels shall implement relevant cyber security policies. The NIST cybersecurity framework best practices provide elementary steps of an efficient technical approach. The NIST promotes a methodology based on five stages - Identification, Protection, Surveillance, Detection, and Restauration - which is able to structure maritime domain actors’ cyber security approaches.