Forgot your password?
typodupeerror
EU Security Transportation IT

EU Shipping Sector Cyber Security Awareness "Non-Existent" 55

Posted by samzenpus
from the do-we-have-a-password? dept.
twoheadedboy writes "The European maritime sector has next to no idea about cyber security, according to a report released by the European Network and Information Security Agency (ENISA). The shipping industry, which carried 52 per cent of goods traffic in Europe in 2010, has 'currently low to non-existent' awareness of cyber security needs and challenges, the report said. ENISA claimed the lack of understanding was evident at every layer of the industry, from government bodies to port authorities and maritime companies."
This discussion has been archived. No new comments can be posted.

EU Shipping Sector Cyber Security Awareness "Non-Existent"

Comments Filter:
  • More specifically? (Score:2, Interesting)

    by sidthegeek (626567)
    Is it that they didn't know, or that they didn't really care?
    • Re: (Score:3, Insightful)

      by Tastecicles (1153671)

      It being mainly Government agencies we're talking about here, they subcontract most everything out to the private sector, which is also where they lump the burden of securing the data. So, it's more complacency than anything; unfortunately, they almost always award the contracts to the lowest bidder, which means that the quality of the work is not always up to scratch.

      • Really? (Score:4, Interesting)

        by andersh (229403) on Thursday December 22, 2011 @04:49AM (#38457412)

        Do you have any actual experience or knowledge of European governments in this area? This doesn't seem like an accurate description of how things are done in my part of Europe at least. Are you American, European or something else?

        I find it hard to believe the fact that you claim to know this is how it actually works, especially in all of the 27 different EU member countries. Never mind the 50 countries of Europe. Somehow I doubt you know them all.

        The report however is specifically focused on creating frameworks for all of the nations involved in cooperation with the industry.

        • Re: (Score:2, Insightful)

          by Kagetsuki (1620613)

          "Somehow I doubt you know them all."

          I can't even remember how old I am half the time let alone recollect the prefectures of my own country. Hell I can't even remember what countries surround German and I actually lived there for a while.

          Anyway, cyber-security of shipping companies is the least of the EU's problems right now. How about you work on finding a way to get the Greeks to do more than 3 hours of work a day?

          • Anyway, cyber-security of shipping companies is the least of the EU's problems right now. How about you work on finding a way to get the Greeks to do more than 3 hours of work a day?

            That's your contribution? The EU is a supra-national government, it is capable of handling any number of issues concurrently, like any other government. That's what all those employees are for. What you are "suggesting" is plainly absurd. What do you imagine the people working on food safety or road maintenance can do to fix a s

            • I'm betting your Greek.

              • *you're

              • Yeah, that shows how little you know, fail to understand Europe and Europeans in general.

                Actually I'm from a wealthy non-EU, Northern European country, one with low unemployment, no currency problems, no net national debt and a booming economy. The Eurozone crisis is not ours, and it has had no impact here. I do however work with clients in the EU, I know Europe quite well, and I don't approve of misinformation and lies.

                The Greeks screwed themselves, with help from large international banks, and now everyon

                • by bungo (50628)

                  The Eurozone crisis is not ours, and it has had no impact here.

                  Oh, ok. You have nothing to worry about.

                  So who are your major trading partners? In the EU? Or do these partners have the EU as a major trading partner?

                  • I'm referring to statistics from my government, the OECD and IMF (2008-2011).

                    Fortunately for us we have the cash to ward off the ill effects of the global downturn. Our internal economy is pretty insular and a lot of people work for state owned industries/public offices. Our banks were already well regulated because of a past housing boom and bust. So no collapsing banks or housing market here.

                    Our currency is solid and gaining due to the general European insecurity. Exports are getting more expensive of cou

                • It's not that I fail to it's that I don't care to. The stereotype of the Greek not working hard are from the international news, which continues to target that stereotype as a reason why Greece fell apart. The other faults that were pointed out were public employees with too many benefits and great pensions just as you mention, and fraudulent/unchecked government benefits. At least that I read about. That's all I know about the situation and seeing as to how so many news agencies were presenting the same in

                • by phayes (202222)

                  Yes, the Greeks screwed everyone by fraudulently juggling their budgets and indulging in an oversized public sector but the deeper problem is that the Greeks are a nation of tax dodgers. Even now, many of the translated headlines i see from Greece are more about cutting the public sector than about getting people to actually pay the taxes they use to justify the budget. You cannot have a first world public sector on a third world tax base without a windfall like oil.

            • Well, as one of those A-hole Americans I can state truthfully that our government is not capable of working even one issue at a time. Unless that issue is how to get more money into their personal bank accounts.

              And to the rest of the world reading this, America is full of A-holes. It was not always like this but common decency among these people has gone right out the window. So, if you see an American and you're not in America. That American is probably rich and even more of an A-hole than the rest o
          • by hughk (248126)

            Anyway, cyber-security of shipping companies is the least of the EU's problems right now. How about you work on finding a way to get the Greeks to do more than 3 hours of work a day?

            Funnily enough, the Greeks have about the largest merchant fleet in the EU. It is a major part of their problem because shipping is an area where you can get very creative as to where you make or lose money and avoiding inconvenient taxes.

      • by AmiMoJo (196126)

        And yet there have not been any major terror attacks on ports. The reason is that shipping containers are actually pretty robust and you would need a massive explosion to cause enough damage to sink a ship or badly damage the port. There are plenty of much easier targets that will cause a lot more deaths.

        Most security is a waste of time because terrorists fit into one of two groups: the competent and the incompetent. The former group has proper training, picks realistic targets, has professionally made bomb

        • I don't think an attack on a port is the biggest worry. More profitable is fraud by switching or making cargo disappear. Think of a container full of electronics, weapons, people, etc..
          A terrorist would rather move a lot of bombs through a loophole in logistics than blow it up with one.
    • Physical and Digital (Score:5, Interesting)

      by andersh (229403) on Thursday December 22, 2011 @04:40AM (#38457384)

      After having read the full report [europa.eu] in question it becomes somewhat clearer, they didn't just fill out forms, they interviewed people and held workshops with the key players.

      To quote the report:
      "awareness regarding cyber security aspects is either at a very low level or even non-existent in the maritime sector, this observation being applicable at all layers, including government bodies, port authorities and maritime companies.".

      My understanding is that this report is focused on what governments and the EU specifically can do to help, build and support for better security. In recent years the EU and other bodies have created and implemented security related regulation including provisions relating to safety and physical security concepts.

      Now, it's time to look at what the EU and its members should and can do to secure related information systems. Self-regulatory and co-regulatory organisational models around maritime cyber security aspects are virtually non-existent within the EU Member States, according to the report (page 19).

    • Or that the don't really need it? So someone finds out I ordered something from Amazon... ok? I mean unless someone was trying to intercept a specific package or something? Maybe? The box has your name, address, and sometimes phone number and e-mail address written right on it!

      • by _Shad0w_ (127912) on Thursday December 22, 2011 @05:05AM (#38457484)

        They're talking about companies who run things like box carriers and the like, not couriers. A lot of ships have internet connections, via things like FleetBroadband from Inmarsat, so having an awareness of internet security, I would suggest, is actually pretty important.

        They regularly take data sent to them via e-mail or direct internet connection and load it on to their ECDIS units (mostly that would be ENC updates or permit files). As to whether that's in some way exploitable, I couldn't say.

      • Larger Issues (Score:4, Informative)

        by andersh (229403) on Thursday December 22, 2011 @05:11AM (#38457508)

        We're talking about larger issues such as preventing whole tankers filled with toxic materials, oil or gas from becoming terrorist targets/weapons. They're not focused on consumer data protection in this report.

        We've recently improved our physical port security, now we need to think about securing the information infrastructure to prevent attacks that could result in massive economic [disruption] and environmental damage.

        • I'm willing to bet that there's a computer hooked up to a thingy hooked up to another thingy you don't want to go crash boom on a boat or port somewhere.

          Is that computer hooked up to the internet? There's a good chance it is, but it's not like computer security ceases to be an issue when you disconnect from the internet.

          • I don't see how that is in conflict with what I said? That's probably not your point either? I think your point is exactly why the EU is pushing for more regulation and cooperation.

        • Ok, thank you for clarifying that. In retrospect my comment was pretty stupid, wasn't it.

      • A simple example from my field: Letter of Credit Fraud

        A letter of credit is advised, issued and liquidated based on documentation. A supplier is paid when an LC is liquidated. These documents and specifications within are listed on an LC and trade contract. Independent 3rd parties are involved in verifying cargo amount, quality, timeliness, etc specified on the LC. When all pieces of documentation checkmarks are ticked off, the LC is paid, liquidated.

        Now what if I could get into the systems, or disrupt

  • by Anonymous Coward
    It is more a lack of incentive.I work in assenger and air cargo, and rankly, most of our system are so old that it is hard to justify *any* security measure. Even if you were an uberloot hacker and even if you could do injection, there is too many check and balance in the code to go very far without tripping half a dozen red light (which are there to avoid COSTLY rerouting, not against hacker). As for getting root, I am not sure it is remotely useful as most of those system use abstruse system which are not
    • It is more a lack of incentive.I work in assenger and air cargo, and rankly, most of our system are so old that it is hard to justify *any* security measure.

      That's a new approach. Security through senescence.

  • The brits run their nukular submarines on windows for some years now. http://www.tomshardware.com/news/Submarines-Windows-Royal-Navy,6718.html [tomshardware.com]
    I wonder which would be worse, greenpeace rooting a tanker or a nukesub taking a core dump? The end is nigh, but then I guess this world has bigger problems to ignore right now. Lets just push that big red button to get it over with:)

  • by satuon (1822492) on Thursday December 22, 2011 @09:43AM (#38458640)

    Security is taken seriously only when threats start happening in practice, not just in theory. And for all the lack of security nothing has really happened so far. When and if ships start sinking and blowing because of viruses, security will be improved, but not until then. Same reason why people in India don't have winter coats just in case the temperatures drop to zero - which they did, once (and a lot of people died then).

    And ultimately, if it's so easy to do mischief, then why has nothing happened in practice so far?

In 1869 the waffle iron was invented for people who had wrinkled waffles.

Working...