Denmark's Maritime Cybersecurity Plan Highlights Financial Threats

A new cybersecurity strategy for Denmark has classified financial threats to the maritime sector from cyber criminals and 'government-backed hackers' using ransomware as 'very high' but cyber terrorism threats as low. 

The Danish Maritime Authority (DMA) published its Cyber and Information Security Strategy for the Maritime Sector 2019-2022 following a threat assessment from Denmark's Centre for Cyber Security (CFCS).

CFCS' threat assessment concluded that "the general cyber threat against the maritime sector is directed against commercial businesses and does not currently pose a direct threat to maritime operations". The likelihood of 'destructive cyber attacks' and cyber terrorism in the maritime sector is low, it said, particularly outside of conflict areas. 

"Terrorist groups have only shown a limited interest in the maritime sector. Also, terrorist groups lack the capabilities and resources to launch spectacular cyber-attacks against the maritime sector," the CFCS assessment said.

Cyber criminals and state-backed actors bent on espionage and blackmail present a far greater risk.

"It is assessed that states systematically use cyber espionage as a means to achieve industrial and business advantages and promote political and economic interests... In particular, there is a considerable threat from cyber criminals aiming to blackmail public authorities, businesses and individuals (ransomware)," the assessment found. 

"Networks of cyber criminals exist that are organised and work towards long-term objectives, and cyber-crimes are probably also committed by government-backed hackers."

The DMA also commissioned a risk and vulnerability analysis as part of its preparation for the cyber security strategy. Prepared by external consultants, the analysis took in data and dialogue from Denmark's maritime sector, involving the NATO-formed Danish Shipping Board and other public authorities. 

Those interviewed for the risk analysis said increased use of information technology (IT) on board vessels had driven up dependency on the systems for core maritime activities and the analysis found private sector maritime players take a 'broad approach' to cybersecurity.

According to the analysis, the biggest risks to the sector stem from a slow response to technical vulnerabilities, a 'technology gap' between IT systems and operational technology (OT) systems such as propulsion, a lack of procedures for ensuring software upgrades and the vulnerability of critical systems to targeted attack.

Consequences from the threats include data loss, data integrity loss, reputational damage and a pronounced risk of financial loss. 

MarineMec.com

You Might Also Read:

Optimising Maritime Cybersecurity:


 

 

 

« Financial Executives Are Out Of Touch With Cyber Threats
US Intelligence Chief Warns Of ‘ever more diverse’ Threats »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

DoD Cyber Crime Center (DC3)

DoD Cyber Crime Center (DC3)

DC3 is a US Department of Defense (DoD) center of excellence for Digital and Multimedia forensics.

CANVAS Consortium

CANVAS Consortium

The CANVAS Consortium aims to unify technology developers with legal and ethical scholar and social scientists to approach the challenges of cybersecurity.

TCPWave

TCPWave

TCPWave IPAM is the world’s first acclaimed DNS/DHCP management software to pass the most stringent Information security tests.

Gospel Technology

Gospel Technology

Gospel presents a totally new way of accessing and controlling data which is enterprise grade scalable, highly resilient, and secure.

At-Bay

At-Bay

At-Bay offer an end-to-end solution to cyber risk with comprehensive risk assessment, a tailored cyber insurance policy and year-long, active, risk-management service.

BetaDen

BetaDen

BetaDen provides a revolutionary platform for businesses to develop next-generation technology, such as the internet of things and industry 4.0.

Labs/02

Labs/02

Labs/02 is a seed-stage incubator with a mission to advance cutting-edge technology in innovative areas including AI, deep learning, autonomous transportation, and smart cities.

Sectra Communications

Sectra Communications

Sectra successfully develops and sells cutting-edge solutions in the expanding niche segments of medical IT and cybersecurity.

Militus

Militus

Militus provides the only information security service available that learns and analyzes your network over time using a custom-built network-based toolset.

EYE Security

EYE Security

EYE provides enterprise-grade cyber security services and cyber insurance to SMEs in Europe, Cyber Incident Response and strategic advice in board rooms.

Responsive Technology Partners

Responsive Technology Partners

Responsive Technology Partners provides superior IT support services including cybersecurity and compliance, telephony, cloud services, cabling, access control, and camera systems.

Trojan Horse Security

Trojan Horse Security

Trojan Horse Security are specialists in corporate security. Our services include: Comprehensive Cyber Security Analysis, Penetration Testing, Network Security and Security Audits.

APIsentry

APIsentry

APIsentry is a leading provider of comprehensive API security solutions, specializing in protecting organizations from a wide range of cyber threats targeting their Application Programming Interfaces.

Ventum Consulting

Ventum Consulting

Ventum Consulting stands for digitalization, networking and agilization. We take this up on the strategic, professional and technical side and support our customers in the digital transformation.

Mantodea Security

Mantodea Security

Mantodea Security is an industry-agnostic powerhouse backed by extensive experience and expertise in the realm of IT security.

Sectricity

Sectricity

As independent ethical hackers, Sectricity go beyond traditional security, uncovering every vulnerability - testing both systems and employees to eliminate weak spots.