October is National Cybersecurity Awareness Month and we’ll be bringing you information throughout the month that focuses on cybersecurity, cyber risk management, and common practices you can employ now to safeguard your operations. This week, we have a post from our Domestic Ports Division on a few types of cyber threats your organization may encounter.
Written by Charles Blackmore, cyber program specialist, Office of Port & Facility Compliance
Monday, October 1 marked the start of National Cybersecurity Awareness Month. Our Nation’s critical infrastructure and key resources are interlinked between physical and cyber security. This is especially true in the Marine Transportation System, as vessels and facilities increasingly rely on computer systems and networks to accomplish operations. Cyber threats require engagement from everyone – from local, state, and federal levels of government; private industry; and the public. Ensuring the cybersecurity of information systems, information technology, and operational technology requires constant vigilance and careful use both at an individual and organizational level.
Here are a few examples of cyber threats that can affect all industries and organizations, especially those in the maritime environment:
Phishing/Spear Phishing– Phishing is an attempt to induce individuals to reveal personal information such as passwords and credit card numbers. Spear phishing is a targeted attempt based on who the individual is (i.e. the company they work for). This is accomplished by trying to get an individual to download a file or click on a hyperlink. Users should be wary of emails received from people they do not know asking them to click on a link or download a file.
Malware – Similar to phishing/spear phishing, the intent of malware is to get individuals to download a file or click on a link. However, unlike phishing/spear phishing, such attempts do not try to garner information. The intent of malware is to gain access to a system or network with an end result of causing some sort of damage to the system or network. Terms you may hear in connection to malware are: computer virus, Trojan horse, spyware, and ransomware. A user must be wary of popups containing links or emails containing files from unrecognized sources.
Insider Threat – This is a malicious threat to an organization originating from a person within the organization itself. This could manifest itself in fraud, theft of information, or damage to internal systems. Individuals should make sure that they lock their workstations when they leave their desks and never share passwords with anyone.
Social Media Fraud – Nefarious characters increasingly use social media to engage in identity theft and entice individuals to download malicious code or reveal passwords. Users should take great care with the information they post online and avoid accepting “friend” requests from people they do not recognize. Additionally, it is a good practice to check social media settings to determine who can access your information and secure it to the greatest extent possible.
Maritime Transportation Security Act (MTSA) regulated facilities and vessels must report suspicious cyber activity or breaches of security to the Coast Guard. Cyber incidents that impact an MTSA regulated facility or vessel’s physical security or result in a pollution incident must be reported to the Coast Guard’s National Response Center (NRC) at 1-800-424-8802 or via their online reporting tool at www.nrc.uscg.mil.
For cyber incidents at a MTSA regulated facility or vessel that do not impact physical security or result in a pollution incident, the Coast Guard highly encourages reports be made to the National Cybersecurity and Communications Integration Center (NCCIC) at 1-888-282-0870 as the NCCIC may be able to provide technical assistance. Please note – when making a report to the NCCIC it is imperative that the reporting party inform the NCCIC a report is being made by a MTSA regulated facility or vessel. NCCIC will automatically forward the report to the NRC. This will meet the reporting requirements in 33 CFR 101.305.
For more information on reporting suspicious activity and breaches of security, including cyber incidents, please review CG-5P Policy Letter 08-16, Reporting Suspicious Activity & Breaches of Security.
This blog is not a replacement or substitute for the formal posting of regulations and updates or existing processes for receiving formal feedback of the same. Links provided on this blog will direct the reader to official source documents, such as the Federal Register, Homeport and the Code of Federal Regulations. These documents remain the official source for regulatory information published by the Coast Guard.