Operating & Environmental Standards

6/29/2017: Cargo disruption a reminder that cyber risks are real

From the desk of Rear Adm. Paul Thomas, assistant commandant for prevention policy

The Coast Guard is actively monitoring and helping to mitigate the consequences of recent ransom ware attacks that have impacted cargo movement through several U.S. port facilities. The Coast Guard is uniquely capable of coordinating preparedness and response to maritime transportation disruptions, especially when partnering with federal, state, and local agencies that share responsibility for mitigating cyber threats and addressing cyber vulnerabilities. Our local operational commanders continue to facilitate recovery efforts at port facilities in order to ensure safe and secure port operations.

We do not yet know the exact details about this cyber incident. While there is no reason at this time to suspect this was an intentional attack on the port facilities impacted, or on the Marine Transportation System (MTS) in general, there is no doubt that attacks against foreign business systems resulted in disruptions in business continuity, cargo operations and shipping at certain ports in the U.S., in ways that may not have been anticipated or understood previously. The outcomes are a reminder of the importance of cyber risk management (CRM) in the MTS globally. As such, the Coast Guard will continue to improve cyber awareness and address governance throughout the MTS.

Preparing for cyber incidents must continue to be a unified effort of the maritime industry and government agencies. We look now to the critical components of governance needed to mitigate cyber risk. This includes understanding the interconnectivity of systems, identifying personnel responsible for CRM, installing corporate structure to address CRM training requirements, and implementing corporate and shipboard procedures for operations and maintenance of critical cyber systems, particularly those in control of critical security, safety, environmental and business continuity functions. Wherever possible, such systems should have fail-safes and manual control options to limit the impacts of possible cyber disruptions. Maintaining current backups of critical data in a cyber isolated location can also reduce vulnerability.

The Coast Guard and our partners in the federal, state, and local government as well as maritime industry will continue to work together to mitigate the impacts of the current cyber attacks and reduce vulnerability to similar incidents in the future. I encourage you to work through your local Area Maritime Security Committees, which have proven to be an effective established channel of communication that ensure widest dissemination of critical information during an actual or potential disruption of port operations.

Coast Guard regulations require vessel and port facility operators to report any disruptions to cyber systems that control or influence functions regulated by the Maritime Transportation Security Act of 2002 to the National Response Center. Examples include access control, monitoring, and cargo handling. The National Response Center can be reached at 1-800-424-8802. 

Information sharing is a key part of the Department of Homeland Security’s mission to create shared situational awareness of cyber attacks. If you think you’ve been affected by a cyber incident, contact the National Cybersecurity and Communications Integration Center at NCCICCustomerService@hq.dhs.gov or 1-888- 282-0870 for help.


This blog is not a replacement or substitute for the formal posting of regulations and updates or existing processes for receiving formal feedback of the same. Links provided on this blog will direct the reader to official source documents, such as the Federal Register, Homeport and the Code of Federal Regulations. These documents remain the official source for regulatory information published by the Coast Guard.

Leave a Reply