The base goal of the directive is to extend and make uniform all EU-level security and incident reporting requirements , ( which at the moment only applies to electronic communication network and service providers ), to the broader universe of private sector companies . The NIS Directive applies to operators of “ essential services ” in “ critical sectors ” and covers Energy ( including oil and gas ), Transport including water transport and port authorities ), Banking , Financial market infrastructures , Health , Drinking water supply and distribution , as well as to “ digital service providers ” including Digital infrastructure , online marketplace , Online search engines and Cloud computing services .
Under the framework of NIS the cybersecurity operators of critical infrastructures , such as energy , transport , and key providers of information society services ( e . g e-commerce platforms , social networks , etc ), as well as public administrations , will be required to adopt appropriate steps to manage security risks and report serious incidents to the national competent authorities . This work will be coordinated by our office and will be relevant to the maritime and energy sectors , as well as the forthcoming development of oil and natural gas infrastructure in Cyprus .
Ladies and Gentlemen ,
Today ’ s cyber threats are persistent , well organized , constantly evolving and often successful . Many incidents appear within the information technology ( IT ) ecosystem in a manner that is all but impossible to distinguish them from legitimate activity .
Last year , one of the world ’ s largest oil and natural gas producers discovered that a virus had affected more than 30,000 of its computer workstations . The company ’ s immediate reaction was to isolate all of its computer systems from outside access . While the incident had no immediate impact on the company ’ s production operations , employees were cut off from e-mail and corporate servers for several days . Furthermore , the virus erased significant data , documents , and e-mail files on about 75 % of corporate computers . Another example is the “ stuxnet ” worm which affected nuclear plans in an Asian country with significant damage to the affected infrastructure . Considering that some of the infected systems were not even connected to the internet , makes the issue more alarming . It is estimated that there is 10 % probability of a major Critical information infrastructure breakdown , realistically possible in the next 10 years .
In the maritime sector , a recent ENISA analysis of cyber security aspects , highlighted several issues that should be addressed by the maritime industry and member states .
ICT systems supporting maritime operations including SCADA devices , from port management to ship communication , are generally highly complex and employ a variety of ICT technologies that also include very specific elements . The fast technology development and the struggle towards complete automation in the maritime sector have , in cases , reduced the focus on the security features . Therefore , it is a major challenge to ensure adequate maritime cybersecurity . A common strategy and development of good practices for the technology development and implementation of ICT systems would therefore ensure “ security by design ” for all critical maritime ICT components .
At the same time maritime cybersecurity awareness is currently low , to non-existent . Targeted maritime sector awareness , raising campaigns , and cyber security training of shipping companies , port authorities , national cyber security offices , etc ., are necessary . As current maritime regulations and policies consider only physical aspects of security and safety , policy makers should add cyber security aspects to them .
ENISA proposes a holistic , risk-based approach ; assessment of maritime specific cyber risks , as well as identification of all critical assets within this sector . Additionally ENISA identifies that maritime governance is fragmented between different levels ( international , European , national ), and proposes that the International Maritime Organisation together with the EU Commission and the Member States
2 / 3