The UK government has set out a new 5-year maritime security strategy with a particular emphasis on cyber security, as the country looks to update its capabilities in protecting the industry and responding to threats.
“Alongside the robust protection of our physical assets, government continues to support the maritime sector to build resilience against a range of cyber threats including cyber espionage, cyber-crime, hacktivism, and ransomware,” the document says.
“In some areas, the UK maritime sector is already making the most of technological advances. In the management of ports, logistics, supply chains, the rollout of 5G networks and the consideration of autonomous shipping, the UK has made great progress.”
“As a consequence of a spike in the volume of incidents globally, the maritime sector has experienced a growth in ransomware attacks. Improvements in understanding the threat and taking appropriate mitigations will reduce the impact of successful cyber-attacks.”
The UK has pledged to support maritime organisations to build their resilience by providing advice and guidance on cyber best practice, in line with its recently published National Cyber Strategy, which sets out broader plans to strengthen cyber security and resilience across the country.
The Department for Transport has adopted the National Cyber Security Centre’s (NCSC) Cyber Assessment Framework (CAF) to guide operators on how to manage the security of their network and information systems to ensure continuity of essential services, based on Network and Information Systems Regulations that came into effect in 2018.
The NCSC provides advice on risks through information sharing platforms and technical assistance in the event of a cyber incident. Organisations can access free cyber security tools and services from the Centre, including an ‘Early Warning’ system which helps to spot malicious activity on a network, ‘Logging Made Easy’ which helps organisations install basic logging capability, and ‘Exercise in a Box’ which helps users to test and practise their response to a cyber incident.
The UK government says it will also update its 2017 Cyber Security Code of Practice for Ships and work with the International Maritime Organization (IMO) to agree international standards and agreements.
The Cyber and Information Security section contained within the Port Facility Security Instructions in that Code of Practice document will additionally be updated and will include links to NCSC guidance, including how to report cyber incidents.