CESNI / EFIP press release
 
The European Committee for drawing up Standards in the field of Inland Navigation (CESNI) recently published a good practice guide on cybersecurity in inland navigation, focusing on ports. This good practice guide was developed in partnership with the European Federation of Inland Ports (EFIP) and aims to be an accessible framework for all inland ports, regardless of their size or location in Europe. Here is an insight into the new publication and its key takeaways.
 

 

“As the world continues to become more interconnected and more reliant on digital services, cybersecurity attacks are continually increasing. Several ports have been victims of cyberattacks in the past few years, demonstrating that this sector is not an exception to the rule “ CESNI good practice guide on cybersecurity in inland navigation, especially for ports

 
Indeed, one of the strategic subjects for the future of inland navigation is digitalisation. But this evolution is also accompanied by new challenges and risks such as cybersecurity.
 
The good practice guide is intended to provide an overview of cybersecurity risks, threats, and mitigation measures, primarily within the scope of inland navigation ports. The main objectives are for port stakeholders to understand the motivations and actors behind cyberattacks, as well as the assets of ports to be considered when evaluating cybersecurity threats and risks. This guide also gives an overview of good practices for the implementation of cybersecurity risk mitigation measures.
 

“Cybersecurity threats are becoming more and more common place, targeting essential infrastructure. Inland ports, as logistical and industrial hubs, have to ensure that they are prepared. This guide represents an important first step in that direction” Turi Fiorito, EFIP Director

 
The guide is divided into three parts:

1. Cybersecurity threat landscape of inland navigation ports: this part describes the port threat landscape, including threat actors, port assets, threat taxonomy, guide and attack scenarios.
2. Mitigating cybersecurity risks for inland navigation ports: this part details the portfolio of mitigation actions that should be taken to reduce cybersecurity risks for ports. It constitutes the core of this guide, with about 120 measures tailored to the inland navigation port situation.
3. Tips for the implementation of risk mitigation measures: this part outlines actionable security hygiene measures to be taken as a first step by IT and non-IT stakeholders.

 
Although this good practice guide is focused on inland ports, some aspects and mitigating measures are also relevant for other actors of inland navigation like waterway authorities or barge operators.
 

“This guide marks the beginning of a journey and a greater awareness of cybersecurity issues that will subsequently greatly facilitate a more formal cybersecurity certification procedure ” Marleen Coenen, Chair of CESNI

 
The good practice guide on cybersecurity in inland navigation is available on the CESNI website. It can be downloaded in PDF format in French, German, Dutch or English.