Adm. Thomas recently spoke at the American Association of Port Authorities Port Security Seminar and Expo in Chicago, Illinois. The expo brought members together to take a closer look at securing America’s ports from the inside out, with a special focus on supply chain security and their related cybersecurity and security related technology. This post provides a condensed version of Thomas’s remarks for our readers who were unable to attend the expo.
1/17/2017: Cyber reporting included in updated Coast Guard policy on Reporting Suspicious Activity and Breaches of Security
The Coast Guard recently published CG-5P Policy Letter 08-16: Reporting Suspicious Activity and Breaches of Security, which outlines the criteria and process for suspicious activity (SA) and breach of security (BoS) reporting.
The U.S. Coast Guard, the National Institute of Standards and Technology (NIST), and maritime industry stakeholders have developed a voluntary cybersecurity “Profile” for Maritime Bulk Liquid Transfer (MBLT) facilities. This Profile will be released Thursday at the American Petroleum Institute’s 11th Annual Cybersecurity Conference in Houston.
Last week’s blog continued the dialogue on cybersecurity awareness with a focused discussion on cybersecurity defense. This week, the focus is on the practical implementation of Cyber Risk Management (CRM) onboard commercial vessels.
Cyber attacks on critical infrastructure are a growing concern for many organizations across the globe. The Marine Transportation System is no different and has been a target of attacks, with recent network breaches, data thefts, and denial-of-service attacks. Exploited vulnerabilities can vary from the basic, such as the lack of passwords or use of default-only passwords, to configuration issues and software flaws. To achieve the level of protection and resilience needed for critical control system networks, security needs to mature from a piecemeal collection of technologies to effective cyber security governance. This includes the ability to detect abnormal behavior and prevent attacks while providing the organization with meaningful forensics to investigate breaches when they occur.
During last week’s cybersecurity awareness discussion, we addressed the importance of instilling a cyber security governance framework within your organization to better identify and mitigate cyber risk. We stated a cornerstone of the cyber security governance is building resilience. Considering the increased trend of cyber breaches and attacks, it is no surprise that companies are heavily focused on enhancing their resiliency posture. No amount of planning or investment can make an organization’s cyber defenses completely secure, but developing a vigorous resiliency plan may prevent outages of critical systems and functions by cyber incidents or unexpected failures of IT/OT systems. Read the full post to learn more!
Security governance is not an unfamiliar term within industry. Security risks have always been managed under various layers of oversight, and cyber governance is simply an extension of the risk evaluation process. Cybersecurity governance is a conceptual framework, with a practical methodology, which an organization can use to define and implement its strategy for addressing threats and vulnerabilities related to its cyber-dependent systems.
October is nationally recognized as Cyber Security Awareness Month, and there is no better time to discuss the importance of cybersecurity and the Coast Guard’s role in cyber risk management.
The International Maritime Organization approved the Interim Guidelines on Maritime Cyber Risk Management to provide high-level recommendations to safeguard shipping from current and emerging cyber-related threats and vulnerabilities.