Site icon Maritime Commons

Marine Transportation System (MTS) cyber spotlight

Editors note: This is the second in a series of articles addressing cyber risk management and cybersecurity within the Marine Transportation System (MTS). The maritime community is facing daily threats to their information and operational technology systems, whether through malicious actors, antiquated systems, or lack of emphasis on securing the cyber landscape. Cyber threats are constantly evolving, and it is crucial that our stakeholders have the guidance, resources, and awareness to mitigate these risks.

Ransomware prevention, recovery and reporting requirements for MTSA regulated facilities

Among the many threats and vulnerabilities that come to mind when discussing cybersecurity and risk management, one that immediately comes to mind is ransomware. Recent events have highlighted the rapid and widespread impact that a ransomware attack can have on a company, industry, or even the national economy.

Ransomware is malicious software (malware) used by adversarial or criminal parties that encrypts data on a computer system, making it unusable for the end user. The parties encrypt, or hold the data hostage until a ransom is paid, in order to then receive decryption instructions. If not paid, data could remain unavailable indefinitely, or it could be released to the public at large.  Even if the ransom is paid, there are no guarantees that the data will be decrypted or released to the public, putting affected parties in extremely difficult situations in determining how to respond.

These type of attacks have already impacted maritime operations and facilities.  Some more recent attacks on Maritime Transportation Security Act (MTSA) Facilities include:

Below are some measures that can be taken to help mitigate the risk of and minimize the impact of a successful ransomware attack to your organizations:

For more information on ransomware-related best practices and other resources please visit the Cybersecurity and Infrastructure Security Agency (CISA) ransomware resource page at: https://www.uscert.gov/ransomware.

As a reminder, MTSA regulated facilities and vessels must report suspicious cyber activity or breaches of security to the Coast Guard. Cyber incidents that impact an MTSA regulated facility or vessel must be reported to the National Response Center (NRC) at 1-800-424-8802.

For more information on reporting suspicious activity and breaches of security, including cyber incidents, please review CG-5P Policy Letter 08-16, Reporting Suspicious Activity & Breaches of Security.

Additional Coast Guard Cybersecurity resources can be found at U.S. Coast Guard Cyber Command and also at Maritime Cyber Readiness Branch.

This blog is not a replacement or substitute for the formal posting of regulations and updates or existing processes for receiving formal feedback of the same. Links provided on this blog will direct the reader to official publications, such as the Federal Register, Homeport and the Code of Federal Regulations. These publications remain the official source for regulatory information published by the Coast Guard.

Exit mobile version