UK rolls out its National Strategy for Maritime Security to target physical and cyber threats
The U.K. government released Monday the National Strategy for Maritime Security which enhances capabilities in technology, innovation, and cybersecurity. Among other objectives, the five-year strategy seeks to support the maritime sector to be resilient against cyber attacks and other threats, with a focus on building resilient systems and networks to protect data.
The threat landscape and increase in malicious cyber activity in terms of intensity, complexity, and severity across international borders have contributed to the UK’s mitigation of risks against cyber threats within the maritime industry emerging more important than ever. Additionally, it will continue to be critical as the industry evolves with increasing automation.
Unveiled by Grant Shapps, Secretary of State for Transport, the National Strategy for Maritime Security identified that the government can support organizations to build their resilience by continuing to provide advice and guidance on cyber best practices and consider what further support can be made available. This can be done by seeking to understand the means by which efficient and effective screening measures can be made more agile to quickly meet the demand of any changes to emerging threats, it added.
“The Network and Information Systems (NIS) Regulations came into effect in 2018 to support organisations who provide a critical service, including those in the maritime sector, in building a stronger foundation of cyber security and resilience,” the document said. “The Department for Transport (DfT), as the competent authority for the regulation of the maritime sector, adopted the use of the National Cyber Security Centre’s (NCSC) Cyber Assessment Framework (CAF) to ensure operators manage the security of their network and information systems to ensure continuity of their essential services. DfT will continue to work with organisations to improve their cyber security post-CAF. Government will use the NIS Regulations 2018 to drive up standards of cyber security and help the sector become more resilient,” it added.
The U.K. government has recently published a new National Cyber Strategy, which sets out plans to cement the nation’s position as a responsible and democratic cyber power and strengthen cybersecurity and resilience across the country. A key objective of the strategy is to ensure that the government, critical national infrastructure (CNI), organizations, and citizens understand the cyber risks they face and their responsibilities to manage them. Increased understanding of cybersecurity risks should help the industry better assess and manage its own risk, and improve resilience and ability to prepare, respond and recover from cyber incidents.
The NCSC provides advice and guidance on risks through information sharing platforms and technical assistance in the event of a cyber incident. Organizations can access a range of free cybersecurity tools and services that NCSC provides as part of their ‘Active Cyber Defence’ program.
Resources include tools such as ‘Early Warning’ which helps organizations spot malicious activity on their network, ‘Logging Made Easy’ which helps organizations install basic logging capability on their IT estate, and ‘Exercise in a Box’ which helps organizations test and practice their response to a cyber incident. Many more tools and services are available through the NCSC.
The National Strategy for Maritime Security will also update the 2017 Cyber Security Code of Practice for Ships and work with the International Maritime Organization (IMO) to agree on international standards and agreements, in light of the changing threat landscape. The Cyber and Information Security section contained within the Port Facility Security Instructions will also be updated and will include links to NCSC guidance, including how to report cyber incidents.
“Increased cyber incident reporting by the maritime industry will help the NCSC and government advise the sector on how to mitigate against existing and new threats and improve their resilience,” the strategy said. “There must also be consideration on securing legacy-based systems and making new systems ‘secure by design’ by building cyber security and resilience at the start of the project. The challenges on the horizon are varied; rapid technological change and digital advances are reshaping the way we work and do business, with more and more organisations seeking to rely upon automated systems and network controls to complete the most complex of tasks,” it added.
The U.K. administration will also continue to exceed the NATO guideline of spending two percent of gross domestic product (GDP) on defense, and declare its nuclear and offensive cyber capabilities to allies’ defense under its Article 5 commitment. The government will also remain committed to developing excellence in its workforce, including specialist cyber skills and maritime thematic knowledge for those engaged in these programs of work. Furthermore, it will also implement the new National Cyber Strategy to ensure that the maritime industry is aware of the cyber risks it faces and its responsibilities in managing them.
Following the publication of the National Strategy for Maritime Security, the document outlines the different areas of government activity that are supported by the objectives set out in the strategy, within higher-level strategies, including the Integrated Review and Maritime 2050, and strategies of individual government departments. The strategy has also taken a whole of government approach to align activity.
Additionally, an implementation group will be formed as the vehicle for overseeing the activity set out in this strategy. The group will report to senior leaders and ministers on progress. The U.K. government will also publish regular reports on the implementation of the strategy, taking into account changes in the risks posed to the country’s maritime sector and the global threats.
In May, the U.K. rolled out a five-year roadmap of activities to manage and mitigate cyber risks in a collaborative and mature manner, while remaining resilient in responding to and recovering from incidents when they occur. The 2022 Civil Nuclear Cyber Security Strategy has been developed and endorsed jointly with U.K. civil nuclear organizations, the Office for Nuclear Regulation, and the NCSC, along with the U.K. Department for Business Energy and Industrial Strategy to strengthen the cybersecurity posture of the country’s civil nuclear sector.
The North Atlantic Treaty Organization (NATO) assessed last month the confrontation of cyber, space, hybrid, and other asymmetric threats, and the malicious use of emerging and disruptive technologies. It also evaluated systemic competition from those, including the People’s Republic of China, who challenge ‘our interests, security, and values and seek to undermine the rules-based international order.’
Related
