The penetration tests on the ICT infrastructures of ports and port facilities are useful for verifying and preventing cyber attacks on the port system and all the systems connected to it. Here are the international cooperation projects currently in place and the solutions to secure data and information
The penetration test is defensive cyber tools very useful to verify and prevent cyber attacks to systems increasingly connected and interconnected as they are now the ports and port facilities .
Penetration test in ports and port facilities: the regulatory scenario
The relationship between the so-called ISPS port facilities and cyber security cannot be separated from the consideration of Regulation (EC) no. 725/2004 which implements Chapter XI-2 of the SOLAS Convention and the ISPS Code (International Code for the Safety of Ships and Port Facilities) within the Community.
As seen in a previous contribution, the Regulation in question would not seem to provide binding provisions regarding the assessment and treatment of the so-called cyber threat scenarios within the two main management documents, namely the Port Facility Security Assessment and the Port facility Security Plan , relating to the IT security of data and information.
But if on the one hand Regulation (EC) no. 725/2004 represents a general reference basis, albeit prescriptive in the field of port security , on the other hand the absence of specific binding rules on cyber risk assessment , supplementing the European Regulation or the subsequent National Maritime Safety Program (PNSM ), has seen the enhancement of independent initiatives implemented by Bodies, international bodies and private associations, aimed at providing a contribution for the improvement of the level of security of networks and information systems in the port and maritime sector, both in terms of national and European.
Accelerator of this trend, in addition to the numerous recorded cases of cyber attacks, is the entry into force of dedicated regulations, which in their rapid succession, are marking the formation of a sector regulatory body , linked to the risk scenarios related to cyber security.
In this sense, we refer mainly to: Architecture engineer job description
● Directive (EU) 2016/1148 of the European Parliament and of the Council of 07.06.2016 ( cd . NIS Directive );
● Commission Regulation (EU) 2019/881 of the European Parliament and of the Council of 04.17.2019 ( cd . Cybersecurity Act ).
Furthermore, in the context of Directive 1148/2016, the maritime and port sector has seen the strategic role of its infrastructures reconfirmed, with respect to which, "... the security obligations ... concern all operations, including radio and telecommunication systems, IT systems and networks " [2] .
This role of centrality, already confirmed by ENISA in its report entitled, Analysis of Cyber Security Aspects in the Maritime Sector , of November 2011 [3] .
The SECNET institutional cooperation project
As part of the initiatives in the European context, the recent project " SECNET - Institutional cross-border cooperation for the strengthening of port security ", co-financed by the Interreg Cooperation Program VA Italy - Slovenia 2014-2020, takes on importance [4] .
The cooperation program, within which SECNET was born, includes a territorial area extending from the north, starting from the triple border Austria - Italy - Slovenia and branching south, beyond Trieste.
On the specific level of transport infrastructures, the port poles of Venice, Trieste and Koper (Capodistria) are altogether involved [5] .
WHITEPAPER
Security: why focus on a zero trust approach?
Safety
Data security
E-mail
Company email
Allows the sending of promotional communications concerning the products and services of third parties with respect to the Data Controllers with automated and traditional contact methods by the third parties themselves, to whom the data are communicated.
The SECNET project started in October 2017 and ended in March 2019, moves in the regulatory context indicated in the introduction and was born primarily, with the aim of:
strengthen the capacity for institutional cooperation between the ports of the program area;
create the foundations for coordinated and permanent port security governance at cross-border level;
employ the latest digital ICT solutions;
provide common specialist skills across borders .
All this, within a border territory, which brings with it specific risk factors on the geo-political level, accidents on the security of the various ports and consequently on their competitiveness [6] .
The above objectives were pursued through a preliminary analysis of the current state of affairs, which characterizes the ports of the Project and which focuses on the following aspects:
data and information security (or cyber security);
perimeter security (in the context of physical security);
best practices used in ICT systems used for port security.
On the basis of this study, a cross-border action plan was subsequently drawn up, tested and implemented by means of specific pilot actions, suitable to improve the perimeter protection systems (physically) and cyber security , on the ICT level.
The penetration test is defensive cyber tools very useful to verify and prevent cyber attacks to systems increasingly connected and interconnected as they are now the ports and port facilities .
Penetration test in ports and port facilities: the regulatory scenario
The relationship between the so-called ISPS port facilities and cyber security cannot be separated from the consideration of Regulation (EC) no. 725/2004 which implements Chapter XI-2 of the SOLAS Convention and the ISPS Code (International Code for the Safety of Ships and Port Facilities) within the Community.
As seen in a previous contribution, the Regulation in question would not seem to provide binding provisions regarding the assessment and treatment of the so-called cyber threat scenarios within the two main management documents, namely the Port Facility Security Assessment and the Port facility Security Plan , relating to the IT security of data and information.
But if on the one hand Regulation (EC) no. 725/2004 represents a general reference basis, albeit prescriptive in the field of port security , on the other hand the absence of specific binding rules on cyber risk assessment , supplementing the European Regulation or the subsequent National Maritime Safety Program (PNSM ), has seen the enhancement of independent initiatives implemented by Bodies, international bodies and private associations, aimed at providing a contribution for the improvement of the level of security of networks and information systems in the port and maritime sector, both in terms of national and European.
Accelerator of this trend, in addition to the numerous recorded cases of cyber attacks, is the entry into force of dedicated regulations, which in their rapid succession, are marking the formation of a sector regulatory body , linked to the risk scenarios related to cyber security.
In this sense, we refer mainly to: Architecture engineer job description
● Directive (EU) 2016/1148 of the European Parliament and of the Council of 07.06.2016 ( cd . NIS Directive );
● Commission Regulation (EU) 2019/881 of the European Parliament and of the Council of 04.17.2019 ( cd . Cybersecurity Act ).
Furthermore, in the context of Directive 1148/2016, the maritime and port sector has seen the strategic role of its infrastructures reconfirmed, with respect to which, "... the security obligations ... concern all operations, including radio and telecommunication systems, IT systems and networks " [2] .
This role of centrality, already confirmed by ENISA in its report entitled, Analysis of Cyber Security Aspects in the Maritime Sector , of November 2011 [3] .
The SECNET institutional cooperation project
As part of the initiatives in the European context, the recent project " SECNET - Institutional cross-border cooperation for the strengthening of port security ", co-financed by the Interreg Cooperation Program VA Italy - Slovenia 2014-2020, takes on importance [4] .
The cooperation program, within which SECNET was born, includes a territorial area extending from the north, starting from the triple border Austria - Italy - Slovenia and branching south, beyond Trieste.
On the specific level of transport infrastructures, the port poles of Venice, Trieste and Koper (Capodistria) are altogether involved [5] .
WHITEPAPER
Security: why focus on a zero trust approach?
Safety
Data security
Company email
Allows the sending of promotional communications concerning the products and services of third parties with respect to the Data Controllers with automated and traditional contact methods by the third parties themselves, to whom the data are communicated.
The SECNET project started in October 2017 and ended in March 2019, moves in the regulatory context indicated in the introduction and was born primarily, with the aim of:
strengthen the capacity for institutional cooperation between the ports of the program area;
create the foundations for coordinated and permanent port security governance at cross-border level;
employ the latest digital ICT solutions;
provide common specialist skills across borders .
All this, within a border territory, which brings with it specific risk factors on the geo-political level, accidents on the security of the various ports and consequently on their competitiveness [6] .
The above objectives were pursued through a preliminary analysis of the current state of affairs, which characterizes the ports of the Project and which focuses on the following aspects:
data and information security (or cyber security);
perimeter security (in the context of physical security);
best practices used in ICT systems used for port security.
On the basis of this study, a cross-border action plan was subsequently drawn up, tested and implemented by means of specific pilot actions, suitable to improve the perimeter protection systems (physically) and cyber security , on the ICT level.
No comments:
Post a Comment