SECTION II:  CYBER TERRORISM AND SECURITY IMPLICATION FOR CRITICAL INFRASTRUCTURE PROTECTION

        of several existing EU instruments such as the Instrument contributing to Stability and Peace
        (IcSP) and the European Development Fund, as well as EU policies such as the Common
        Security and Defence Policy (CSDP).

        3.1 Regulation at International Level

        At the international level, the SOLAS Annex XI-2 was added in 2002 to the International
        Convention for the Safety of Life at Sea – SOLAS (IMO, 1974), resulting in the International
        Ship and Port Facility Security – ISPS (IMO, 2002), which introduces, in particular, measures
        aimed at enhancing the protection of merchant ships in international and inland liner shipping,
        as well as port security measures (including cyber security). The Code obliges Member States
        to prepare Port Facility Security Assessments (PFSA) for all their ports, which should take
        into account the specificities of the different port units (physical security, integrity structure,
        personnel protection systems, procedural policies, radio and telecommunications systems,
        computer systems and networks, and transport infrastructure), as well as containing a Port
        Facility Security Plan (PFSP) within the port boundaries (access, restricted areas, cargo han-
        dling, delivery of shipping, and security controls).

        The Convention on Facilitation of International Maritime Traffic (FAL) by the International
        Maritime Organization (IMO 2017) simplifies and harmonizes the procedures of maritime
        transport by standardizing the use of electronic information transmission (the “Single Win-
        dow” concept – SafeSeaNet), and streamlining reporting formalities for ships in the process
        of sailing in and out of the port.

        Cyber security in international maritime space is only specifically tackled by the Guidelines
        on Maritime Cyber Risk Management (IMO, 2017) which aim to raise awareness of the pro-
        tection and enhancement of the flexibility of cyber systems supporting the operation of ports,
        vessels, maritime facilities and other elements of the maritime transport system (IT, OT).

        3.2 Regulation at the Level of the European Union

        Legal acts and decisions concerning maritime safety improvement measures taken in an inter-
        national environment are directly or indirectly related to EU law:
        -  Certain chapters of the SOLAS Convention have been transposed into the EU by several
           regulations: Regulation (EC) 725/2004 relates to the enhancement of ship and port facil-
           ity security and the implementation of the International Ship and Port Facility Security
           Code (ISPS), while Directive 2005/65/EC focuses on enhancing port security. Regulation
           (EC) 336/2006 governs the implementation of the International Safety Management Code
           within the Community – ISM (IMO, 1995/2017) in the maritime sector of the Community,
           but does not apply to ports;
        -  Directive 2010/65/EU defines the formalities (FAL forms) of reporting ships arriving in
           and/or departing from ports of the Member States and dictates the introduction of the Safe-
           SeaNet system for the secure exchange of information between Member States’ maritime
           authorities and other authorities (e.g. customs systems).

        In 2014, in support of the protection of the interests of the EU and the protection of its Member
        States and citizens, the EU adopted the European Union Maritime Security Strategy (EUMSS,
        2014) and its Action Plan, which combines the internal and external aspects of EU maritime
        security. It tackles maritime risks and threats on a global scale, including cross-border and

       166