EU Shipping Sector Cyber Security Awareness "Non-Existent" 55
twoheadedboy writes "The European maritime sector has next to no idea about cyber security, according to a report released by the European Network and Information Security Agency (ENISA). The shipping industry, which carried 52 per cent of goods traffic in Europe in 2010, has 'currently low to non-existent' awareness of cyber security needs and challenges, the report said. ENISA claimed the lack of understanding was evident at every layer of the industry, from government bodies to port authorities and maritime companies."
More specifically? (Score:2, Interesting)
Re: (Score:3, Insightful)
It being mainly Government agencies we're talking about here, they subcontract most everything out to the private sector, which is also where they lump the burden of securing the data. So, it's more complacency than anything; unfortunately, they almost always award the contracts to the lowest bidder, which means that the quality of the work is not always up to scratch.
Really? (Score:4, Interesting)
Do you have any actual experience or knowledge of European governments in this area? This doesn't seem like an accurate description of how things are done in my part of Europe at least. Are you American, European or something else?
I find it hard to believe the fact that you claim to know this is how it actually works, especially in all of the 27 different EU member countries. Never mind the 50 countries of Europe. Somehow I doubt you know them all.
The report however is specifically focused on creating frameworks for all of the nations involved in cooperation with the industry.
Re: (Score:2, Insightful)
"Somehow I doubt you know them all."
I can't even remember how old I am half the time let alone recollect the prefectures of my own country. Hell I can't even remember what countries surround German and I actually lived there for a while.
Anyway, cyber-security of shipping companies is the least of the EU's problems right now. How about you work on finding a way to get the Greeks to do more than 3 hours of work a day?
Multi-tasking (Score:3)
That's your contribution? The EU is a supra-national government, it is capable of handling any number of issues concurrently, like any other government. That's what all those employees are for. What you are "suggesting" is plainly absurd. What do you imagine the people working on food safety or road maintenance can do to fix a s
Re: (Score:2)
I'm betting your Greek.
Re: (Score:2)
*you're
It's All Greek To You (Score:3)
Yeah, that shows how little you know, fail to understand Europe and Europeans in general.
Actually I'm from a wealthy non-EU, Northern European country, one with low unemployment, no currency problems, no net national debt and a booming economy. The Eurozone crisis is not ours, and it has had no impact here. I do however work with clients in the EU, I know Europe quite well, and I don't approve of misinformation and lies.
The Greeks screwed themselves, with help from large international banks, and now everyon
Re: (Score:2)
The Eurozone crisis is not ours, and it has had no impact here.
Oh, ok. You have nothing to worry about.
So who are your major trading partners? In the EU? Or do these partners have the EU as a major trading partner?
Connected Economies (Score:2)
I'm referring to statistics from my government, the OECD and IMF (2008-2011).
Fortunately for us we have the cash to ward off the ill effects of the global downturn. Our internal economy is pretty insular and a lot of people work for state owned industries/public offices. Our banks were already well regulated because of a past housing boom and bust. So no collapsing banks or housing market here.
Our currency is solid and gaining due to the general European insecurity. Exports are getting more expensive of cou
Re: (Score:2)
It's not that I fail to it's that I don't care to. The stereotype of the Greek not working hard are from the international news, which continues to target that stereotype as a reason why Greece fell apart. The other faults that were pointed out were public employees with too many benefits and great pensions just as you mention, and fraudulent/unchecked government benefits. At least that I read about. That's all I know about the situation and seeing as to how so many news agencies were presenting the same in
Re: (Score:2)
Yes, the Greeks screwed everyone by fraudulently juggling their budgets and indulging in an oversized public sector but the deeper problem is that the Greeks are a nation of tax dodgers. Even now, many of the translated headlines i see from Greece are more about cutting the public sector than about getting people to actually pay the taxes they use to justify the budget. You cannot have a first world public sector on a third world tax base without a windfall like oil.
Re: (Score:1)
And to the rest of the world reading this, America is full of A-holes. It was not always like this but common decency among these people has gone right out the window. So, if you see an American and you're not in America. That American is probably rich and even more of an A-hole than the rest o
Re: (Score:3)
Funnily enough, the Greeks have about the largest merchant fleet in the EU. It is a major part of their problem because shipping is an area where you can get very creative as to where you make or lose money and avoiding inconvenient taxes.
Grimm IT Fairy Tales from Germany? (Score:2)
Sorry, that's just anecdotal "evidence" from one country. It proves nothing in general European terms of specifically for Germany.
Re: (Score:2)
And yet there have not been any major terror attacks on ports. The reason is that shipping containers are actually pretty robust and you would need a massive explosion to cause enough damage to sink a ship or badly damage the port. There are plenty of much easier targets that will cause a lot more deaths.
Most security is a waste of time because terrorists fit into one of two groups: the competent and the incompetent. The former group has proper training, picks realistic targets, has professionally made bomb
Re: (Score:2)
A terrorist would rather move a lot of bombs through a loophole in logistics than blow it up with one.
Physical and Digital (Score:5, Interesting)
After having read the full report [europa.eu] in question it becomes somewhat clearer, they didn't just fill out forms, they interviewed people and held workshops with the key players.
To quote the report:
"awareness regarding cyber security aspects is either at a very low level or even non-existent in the maritime sector, this observation being applicable at all layers, including government bodies, port authorities and maritime companies.".
My understanding is that this report is focused on what governments and the EU specifically can do to help, build and support for better security. In recent years the EU and other bodies have created and implemented security related regulation including provisions relating to safety and physical security concepts.
Now, it's time to look at what the EU and its members should and can do to secure related information systems. Self-regulatory and co-regulatory organisational models around maritime cyber security aspects are virtually non-existent within the EU Member States, according to the report (page 19).
Re: (Score:2)
Or that the don't really need it? So someone finds out I ordered something from Amazon... ok? I mean unless someone was trying to intercept a specific package or something? Maybe? The box has your name, address, and sometimes phone number and e-mail address written right on it!
Re:More specifically? (Score:5, Interesting)
They're talking about companies who run things like box carriers and the like, not couriers. A lot of ships have internet connections, via things like FleetBroadband from Inmarsat, so having an awareness of internet security, I would suggest, is actually pretty important.
They regularly take data sent to them via e-mail or direct internet connection and load it on to their ECDIS units (mostly that would be ENC updates or permit files). As to whether that's in some way exploitable, I couldn't say.
Re: (Score:3)
Aah, now I see - thank you for informing me. Now I feel stupid for making that comment.
Larger Issues (Score:4, Informative)
We're talking about larger issues such as preventing whole tankers filled with toxic materials, oil or gas from becoming terrorist targets/weapons. They're not focused on consumer data protection in this report.
We've recently improved our physical port security, now we need to think about securing the information infrastructure to prevent attacks that could result in massive economic [disruption] and environmental damage.
Re: (Score:2)
I'm willing to bet that there's a computer hooked up to a thingy hooked up to another thingy you don't want to go crash boom on a boat or port somewhere.
Is that computer hooked up to the internet? There's a good chance it is, but it's not like computer security ceases to be an issue when you disconnect from the internet.
Basic Premise (Score:2)
I don't see how that is in conflict with what I said? That's probably not your point either? I think your point is exactly why the EU is pushing for more regulation and cooperation.
Re: (Score:2)
My company manages IT on several hundred vessels, My experience is that navigation, engine and rudder control systems are not connected to the ship LAN and sat. uplink. Updates to these systems are done by cdrom or floppy disks. Most of our customers are very concerned about security, and they require frequent AV updates, firewalls and so on. https://www.palantir.no/ [palantir.no]
Didn't you see Jurassic Park II? If a T-rex can take over ship and ram it into a dock, certainly some 15 year old script kiddie in a cyber cafe somewhere in the third world could do horrible things!
Re: (Score:3)
Ok, thank you for clarifying that. In retrospect my comment was pretty stupid, wasn't it.
Minor Mistake (Score:2)
It did sort of miss the point :)
Re: (Score:2)
They're talking about dropping untraceable containers containing nuclear material into the shipping system and redirecting them to the relevant place on an ad hoc basis. Nobody gives a shit about your spanking schoolgirls DVDs.
If history is any guide, those spanking schoolgirls DVDs are what people (and government agencies) will get really excited about. Containers full of nuclear material, though? Hardly anyone wants to get involved with them. They're booooooriiiiiiing!
Also, the way most organizations work, if you are involved with inspecting packages for radioactive material, and you catch 999 out of 1000 of them, the one that you missed will get you fired (and possibly jailed). So you'd expect that people who value thei
Re: (Score:2)
A simple example from my field: Letter of Credit Fraud
A letter of credit is advised, issued and liquidated based on documentation. A supplier is paid when an LC is liquidated. These documents and specifications within are listed on an LC and trade contract. Independent 3rd parties are involved in verifying cargo amount, quality, timeliness, etc specified on the LC. When all pieces of documentation checkmarks are ticked off, the LC is paid, liquidated.
Now what if I could get into the systems, or disrupt
Re: (Score:2)
Yeah, who ever needed words like "is", "of", and "the" anyway?
Not a lack of understanding (Score:1)
Re: (Score:2)
It is more a lack of incentive.I work in assenger and air cargo, and rankly, most of our system are so old that it is hard to justify *any* security measure.
That's a new approach. Security through senescence.
Small change (Score:1)
The brits run their nukular submarines on windows for some years now. http://www.tomshardware.com/news/Submarines-Windows-Royal-Navy,6718.html [tomshardware.com]
I wonder which would be worse, greenpeace rooting a tanker or a nukesub taking a core dump? The end is nigh, but then I guess this world has bigger problems to ignore right now. Lets just push that big red button to get it over with:)
Re: (Score:2)
AFAIK it stopped in Finland to load few pieces of chain. Stopping in Finland if you are on the way from Germany to China makes very little sense (it's in the opposite direction), so maybe the whole stop was just to camouflage the ship's original route. However the ship got into a storm, called pilot for help and ended up being inspected.
It was found out that the freight was not correctly secured and had been thrown around duri
There's a reason why security is low (Score:3)
Security is taken seriously only when threats start happening in practice, not just in theory. And for all the lack of security nothing has really happened so far. When and if ships start sinking and blowing because of viruses, security will be improved, but not until then. Same reason why people in India don't have winter coats just in case the temperatures drop to zero - which they did, once (and a lot of people died then).
And ultimately, if it's so easy to do mischief, then why has nothing happened in practice so far?