Co-produced by M-CERT, the national center dedicated to monitoring, analyzing and sharing information relating to maritime and port cybersecurity, and OWN, an intelligence expert on cyber threats, the report is made public in the context of Cybermoi/s, the French version of European Cybersecurity Month, which aims to raise awareness of this issue within the European Union.
More than 600 incidents were therefore recorded across the world last year, specifically targeting the maritime sector, indicate the authors of the “Panorama of the maritime cyber threat 2023”. They were identified thanks to “daily monitoring of a set of specialized websites and dedicated information feeds on the various social networks, as well as the use of technical sensors to collect data to supplement the information available on the Internet », specifies the report.
Perpetrators of malicious actions have been classified into two categories: actors with political aims and actors acting for profit. Thus, “the hacktivist threat has seen its activity increase significantly with the continuation of the Russian-Ukrainian conflict and Israel’s intervention against Hamas”, indicates Xavier Rebour, director of France Cyber Maritime, an association created to contribute to strengthening the cybersecurity of the French maritime and port sector, and which operates M-CERT.
Directive NIS 2
For its part, the cybercriminal threat pursuing a financial objective “experienced an unprecedented level of activity in 2023”, and doubled compared to 2022. “The losses generated for maritime actors can reach several million dollars and be fatal to the victims the most vulnerable. The methods of extortion used have evolved, from encrypting the victim’s data to deny them access to it, to exfiltrating their data and blackmailing their resale or publication on the Internet.
Available online, the 77-page report provides valuable information on the targeted sectors, the geographic distribution of incidents, the types of attacks carried out, the vulnerabilities exploited or the profiles of hacker groups, in clear and accessible language. A resource all the more useful as the bill which must transpose the European directive NIS 2 into French law was presented to the Council of Ministers on Wednesday October 16, with the prospect of future adoption by Parliament.
This directive aims to strengthen the level of cybersecurity of the economic and administrative fabric of the member countries of the European Union. In France, it will concern more than 10,000 entities, divided into 18 sectors of activity, considered “critical” or “highly critical”, including transport, including by sea. Once transposed into national law, the text will impose obligations on the entities concerned regarding information sharing, cyber risk management and incident reporting.
© An article from the editorial staff of Mer et Marine. Reproduction prohibited without consent of the author(s).
Related News :