IT security the maritime sector in France
The French government's plan is to strengthen its cybersecurity in the maritime sector as much as possible.
The idea is to set up a CERT specific enough to protect ships and ports from computer attacks.
This article will also interest you: Cyberattacks: the International Maritime Organization has been the victim of a sophisticated computer attack
It should be remembered that it was in 2020 that the first association whose objective is to ensure it security in the maritime field was created in France in a fairly reasonable context. When we know that cyberattacks especially attacks the ransom program drilling more and more. All businesses are affected.
And the maritime sector is no exception. It is recalled that a few months ago, precisely during the month of September 2020, the shipowner CMA-CGM had been hit by a ransomware: Ragnar Locker. Several decisions and even situations led to the creation of this French maritime cybersecurity association known as France Cyber Maritime. Association that is attached to the interdepartmental committee of the sea, which was born 3 years ago to ensure the computer security of the maritime sector especially after the attack of the computer program usurping NotPetya. An attack that hit a famous group: Maersk.
The goal has always been to be able to set up a governance system for the IT security of the maritime sectors. Since November 2019, this system has been in constant deployment. Convincingly involving several government agencies, namely the General Secretariat of the Sea (SGMer), the National Agency for Security of Information Systems (Anssi) several operators of the sea sector and specialist in computer security. "Finally, the International Maritime Organization (IMO) has decreed that from 1 January 2021, operators and shipowners must have structures dedicated to the recovery of incidents, which is not the case at the moment," notes Guillaume Prigent, administrator of France Cyber Maritime.
It is certainly ambitious but totally achievable to put in place a structure that can work in line with the services of the State. A maritime Cert. The initiative was strongly supported by the National Information Systems Security Agency, especially in drafting the texts that define the latter's missions: "At first, this Maritime Cert will not be intended to be an incident response. The first steps are the management and centralization of events, for all our hexagonal and ultra-marine coasts, as requested by IMO," notes Guillaume Prigent.
The second objective that the association sets itself is to be able to gather and set up a special offer dedicated to the IT security of the maritime sector. It should be noted that this purchase will not be easy enough. Indeed, the maritime sector takes its time for its digitization. Its peculiarities on many. And several materials come into play in defining how it works. There is also a certain sophistication of these communication systems, notably the AIS (Automatic Identification System): "It identifies all boats of a certain size, which broadcast on the VHF a certain amount of information such as their route, their speed, their name, their position, their next port of call… It is a system that adds information to radar screens and enhances safety to avoid collisions. But it is a system that, if hacked, can give false information… Xavier Rebour, who is himself one of the directors of France Cyber Maritime. "In the event of a fault found in AIS, this is the type of information that the Maritime Cert will be able to provide," continues Guillaume Prigent.
Other large structures have offered their support to the association. These include:
– The Group of Shipbuilding and Activity Industries (Gican),
– Naval Group,
– Atlantic Shipyards,
– Thales
– Engineering schools in Brest and its region,
– IT security companies such as YesWeHack, Sekoia…
"We have one of the best cybersecurity agencies in the world with Anssi, a very dynamic maritime sector, big players, structures like Gican: why should we not try to develop this cybersecurity know-how for the maritime world, and also to see how we can adapt French solutions from the traditional IT world to this sector? guillaume Prigent notes.
Now access an unlimited number of passwords: