Adm. Thomas recently spoke at the American Association of Port Authorities Port Security Seminar and Expo in Chicago, Illinois. The expo brought members together to take a closer look at securing America’s ports from the inside out, with a special focus on supply chain security and their related cybersecurity and security related technology. This post provides a condensed version of Thomas’s remarks for our readers who were unable to attend the expo.
1/17/2017: Cyber reporting included in updated Coast Guard policy on Reporting Suspicious Activity and Breaches of Security
The Coast Guard recently published CG-5P Policy Letter 08-16: Reporting Suspicious Activity and Breaches of Security, which outlines the criteria and process for suspicious activity (SA) and breach of security (BoS) reporting.
The U.S. Coast Guard, the National Institute of Standards and Technology (NIST), and maritime industry stakeholders have developed a voluntary cybersecurity “Profile” for Maritime Bulk Liquid Transfer (MBLT) facilities. This Profile will be released Thursday at the American Petroleum Institute’s 11th Annual Cybersecurity Conference in Houston.
Last week’s blog continued the dialogue on cybersecurity awareness with a focused discussion on cybersecurity defense. This week, the focus is on the practical implementation of Cyber Risk Management (CRM) onboard commercial vessels.
Cyber attacks on critical infrastructure are a growing concern for many organizations across the globe. The Marine Transportation System is no different and has been a target of attacks, with recent network breaches, data thefts, and denial-of-service attacks. Exploited vulnerabilities can vary from the basic, such as the lack of passwords or use of default-only passwords, to configuration issues and software flaws. To achieve the level of protection and resilience needed for critical control system networks, security needs to mature from a piecemeal collection of technologies to effective cyber security governance. This includes the ability to detect abnormal behavior and prevent attacks while providing the organization with meaningful forensics to investigate breaches when they occur.