Cybercrime and cybersecurity in shipping: a legal framework in progress

Cybercrimes are among the most serious threats to maritime safety and security. The shipping sector is especially vulnerable, experiencing an increase of cyber-attacks against information and operational technologies. Maritime authorities and operators have become aware of cyber risks to ships, port infrastructures and other shipping facilities, which in the past had not been perceived. This lack of awareness has delayed the introduction of legal instruments in countering and minimising cybercrimes in maritime transport. The international measures related to cybersecurity and the management of cybercrime risk in this field are not binding. The cross-border dimension of cyber-attacks against the transport sector requires adoption of global preventive and repressive measures, or sanctions. The 2001 Budapest Convention on Cybercrime does not deal directly with cybercrimes in shipping. In light of the increase of malicious digital activities against critical infrastructures, companies and individuals, and the need to raise coordination and cooperation among States, the UN General Assembly has decided to establish an ad hoc intergovernmental committee of experts to draft a comprehensive treaty on cybercrime and cybersecurity. This treaty might be a model convention for the international transport organizations, including the International Maritime Organization, to introduce uniform rules according to their specific roles and competences. The current European legal framework on cybercrime and cybersecurity is fragmented. An adequate EU response on cyber-attacks should be ensured by progressively adopting a maximum harmonisation approach that would eliminate the negatives effects of divergences between national laws due to the current minimum harmonisation approach. EU rules in cybercrime and cybersecurity should be consistent with the legal instruments adopted at the international level in each sector, including maritime transport.