UK May Fine Ports $22 Million For Cyberattacks

 08 Aug 2017 11.30am

Britain has launched a consultation on implementing penalties of US$22 million for transport operators with weak cybersecurity falling victim to cyberattacks.

Operators in electricity, transport, water, energy, transport, health and digital infrastructure sectors could be affected by penalties being considered as part of a consultation.

Proposals would implement the Network and Information Systems (NIS) Directive adopted by the European Parliament, the legislative by body of the EU on 6 July 2016. 

This European directive intends to prevent cyber threats from stopping essential services.

If implemented, fines under the proposal would be in effect from May 2018, threatening operators with a penalty of either $22 million or 4% of global turnover.

Britain’s Department for Digital, Culture, Media and Sport, the UK government body presenting the proposal, stressed fines would be a last resort.

They would not apply to operators who had fallen victim to cyberattacks but had previously evaluated risks, taken appropriate security measures, and engaged with authorities.

They are intended to make sure UK operators in electricity, transport, water, energy, transport, health and digital infrastructure are prepared to deal with the increasing numbers of cyber threats, for example threats affecting IT such as power failures, hardware failures and environmental hazards.

Within the maritime industry, the rules would affect operators of Vessel Traffic Services as well as ports and that handle certain amounts of containerised freight, amounts of fuel, or numbers of passengers.

They entangle ports that account for 15% of UK total Roll on-Roll off (Ro-Ro) traffic, 15% of UK total Lift on-Lift off (Lo-Lo) traffic, 10% of UK total liquid bulk or 20% of UK biomass fuel.

Rules also impact operators handling more than 30% of the freight at any individual UK port that is in scope and more than 5 million tonnes of total annual freight at UK ports.

Additionally they will affect those that handlemore than 30% of passengers at any individual UK port that is in scope and more than 2 million total annual passengers.

Maritime bodies affected by the rule would include Harbour Authorities.

The closing date for responses to the current consultation is September 30, 2017.

Technical Paper: Detect and Control Cyber Risks

  Port & Maritime Training, Port Governance, Port Planning, Ports, Shipping