ANDREJ ANDROJNA, ELEN TWRDY:  CYBER THREATS TO MARITIME CRITICAL INFRASTRUCTURE

            organized crime, threats to freedom of navigation, critical maritime and energy infrastructure,
            cyber security, threats to biodiversity, illegal, unreported and unregulated fishing, and envi-
            ronmental degradation through illegal or unintentional releases.

            With the increasing digitalization of business and the rapid development of information and
            communications technology, the volume of personal data collection and the flow of informa-
            tion about users is increasing. This creates more and more opportunities for abuse and viola-
            tion of privacy rights. For this reason the EU adopted the General Data Protection Regulation
            – GDPR (2016) which aims to harmonize and raise the level of protection of personal data in
            various sectors of the EU, including the maritime sector.

            The European Union has developed a comprehensive cyber security policy to prevent and
            combat cybercrime. In May 2018, a new Cybersecurity Act came into force to strengthen Eu-
            rope’s cyber resilience. The European Union Agency for Cybersecurity (ENISA) was also set
            up to assist Member States in effectively preventing and responding to cyber-attacks.

            In connection with cyber security at the EU level, Directive 2016/1148 (NIS Directive) was
            adopted concerning measures for a high common level of security of network and information
            systems across the Union. The maritime sector is subject to the security requirements appli-
            cable to businesses, ships, port infrastructure, ports and shipping services, including radio and
            telecommunications systems, computer systems and networks. It was also defined that Mem-
            ber States should take into account the existing and future international codes and guidelines,
            especially those developed by the IMO, in order to ensure a coherent approach for individual
            operators in the maritime sector when designating operators in the Water Transport Sector.

            In addition to international and European legislative (including political) initiatives, several
            Member States have developed their own initiatives to improve cyber security at the national
            level and also with a focus on the maritime sector, such as national cyber security strategies,
            good practices or recommendations, for example, the French CIIP act, the British Code of
            Practice of Cyber Security for Ports and Port Systems, and the German “IT-Grundschutz,”
            (ENISA, 2019).


            4  Examples of Threats to Maritime Infrastructure


            According to the European Commission, the economic impact of cybercrime increased five-
            fold between 2013 and 2017 and could increase fourfold again by 2020. By 2016, 80% of
            European businesses suffered damage from attacks. Since the first known attack in Estonia in
            2007, both citizens and entire countries have been affected (SECNET, 2019).

            Today port authorities are, more than ever, facing increasing risks with ever-increasing re-
            sponsiveness, so the area of their responsibility is constantly broadening.

            4.1 Infection of Authentication Data for High-Value Cargo Theft or Illicit Trafficking in
               a Targeted Attack

            Among the more notable examples of an attack on port critical infrastructure is certainly the
            hacking attack in the Port of Antwerp in 2012, where computer hackers, in cooperation with
            drug cartels, invaded the computer system that monitors the movement of containers in the port

                                                                                    167