Boosting cybersecurity awareness in inland navigation and especially for ports - The International Institute of Marine Surveying (IIMS)

The European Committee for drawing up Standards in the field of Inland Navigation (CESNI) has published a good practice guide on cybersecurity in inland navigation, focusing on ports. The good practice guide was developed in partnership with the European Federation of Inland Ports (EFIP) and aims to be an accessible framework for all inland ports, regardless of their size or location in Europe. Here is an insight into the new publication and its key takeaways.

As the world continues to become more interconnected and more reliant on digital services, cybersecurity attacks are continually increasing. Several ports have been victims of cyberattacks in the past few years, demonstrating that this sector is not an exception to the rule. Indeed, one of the strategic subjects for the future of inland navigation is digitalisation. But this evolution is also accompanied by new challenges and risks such as cybersecurity.

The good practice guide is intended to provide an overview of cybersecurity risks, threats, and mitigation measures, primarily within the scope of inland navigation ports. The main objectives are for port stakeholders to understand the motivations and actors behind cyberattacks, as well as the assets of ports to be considered when evaluating cybersecurity threats and risks. This guide also gives an overview of good practices for the implementation of cybersecurity risk mitigation measures.

The guide is divided into three parts:

1. Cybersecurity threat landscape of inland navigation ports: this part describes the port threat landscape, including threat actors, port assets, threat taxonomy, guide and attack scenarios.
2. Mitigating cybersecurity risks for inland navigation ports: this part details the portfolio of mitigation actions that should be taken to reduce cybersecurity risks for ports. It constitutes the core of this guide, with about 120 measures tailored to the inland navigation port situation.
3. Tips for the implementation of risk mitigation measures: this part outlines actionable security hygiene measures to be taken as a first step by IT and non-IT stakeholders.

Although this good practice guide is focused on inland ports, some aspects and mitigating measures are also relevant for other actors of inland navigation like waterway authorities or barge operators.

Download the guide: Cyber Security in Inland Navigation

Name	Provider	Purpose	Expiration
wordpress_[hash]	WordPress	Used by WordPress to store your authentication details upon login and is limited to the admin area.	Just under 1 year
wordpress_logged_in_[hash]	WordPress	Used by WordPress to enable the interface to recognize you as a logged-in user and determine which account and preferences to use for various features.	Just under 1 year
wp-settings-{time}-[UID]	WordPress	Used by WordPress to facilitates customizing your view of the admin interface and the main site interface. The number UID is the individual user ID from the user database table.	1 year
wordpress_test_cookie	WordPress	Used by WordPress to probe the ability of WordPress to set cookies.	15 minutes
_grecaptcha	Google	This cookie is set by Google reCAPTCHA, which protects the site against spam enquiries on contact forms.	6 months
m	Stripe	Used by Stripe Payment Services for fraud prevention and detection.	400 days
__stripe_mid	Stripe	Stripe sets this cookie to process payments.	1 year
__stripe_sid	Stripe	Stripe sets this cookie to process payments.	1 year
wc_fragments_*	WooCommerce	Used by WooCommerce for eCommerce functionality.	1 year
wc_cart_hash_*	WooCommerce	Used by WooCommerce to save items in a shopping cart.	session
woocommerce_items_in_cart	WooCommerce	Used by WooCommerce to save items in a shopping cart.	session
wp_woocommerce_session_	WooCommerce	Used by WooCommerce for eCommerce functionality.	2 days

Name	Provider	Purpose	Expiration
_ga_*	Google Analytics	Contains a unique identifier used by Google Analytics 4 to determine that two distinct hits belong to the same user across browsing sessions. Accepting Marketing and Analytical Cookies allows us to use the data collected by this cookie for marketing and analytical purposes.	1 year
_ga	Google Analytics	Contains a unique identifier used by Google Analytics 4 to determine that two distinct hits belong to the same user across browsing sessions. Accepting Marketing and Analytical Cookies allows us to use the data collected by this cookie for marketing and analytical purposes.	2 years
_gid	Google Analytics	Contains a unique identifier used by Google Analytics to determine that two distinct hits belong to the same user across browsing sessions. Accepting Marketing and Analytical Cookies allows us to use the data collected by this cookie for marketing and analytical purposes.	1 day
_fbp	Facebook	Used by Facebook to deliver a series of advertisement products such as real time bidding from third party advertisers.	90 days