The Coast Guard Assistant Commandant for Prevention Policy has published Marine Safety Information Bulletin 03-21 “Continued Awareness – Active Exploitation of SolarWinds Software”.
The Coast Guard Assistant Commandant for Prevention Policy has published MSIB 18-20 “Urgent Need to Protect Operational Technologies and Control Systems” to reiterate the need for vigilance against cyber threats to internet-accessible operational technology.
The Coast Guard has issued guidance to facility owners and operators on complying with the requirements to assess, document, and address computer system and network vulnerabilities.
Forensic analysis is currently ongoing but the virus, identified as “Ryuk” ransomware, may have entered the network of the MTSA facility via an email phishing campaign. Read on for more details.
The campaign focuses on personal accountability and positive behavior when it comes to cybersecurity. The Coast Guard’s goal is to provide the maritime community with information, resources, and best practices to help protect their environments.
This post provides a recap of the National Alternative Security Program Sponsoring Organizations workshop in Arlington, Virginia, May 2, 2019. Members met to discuss ongoing and emerging issues related to regulatory requirements of the Maritime Transportation Security Act (MTSA) of 2002.
10/24/2018: Coast Guard to present during ASTM International’s automation and cybersecurity workshop
The workshop provides a forum for the exchange of ideas related to the operation of autonomous vessels in the maritime sector, as well as ship automation and cyber risk management in the maritime domain. The objective is to identify potential opportunities for standards and related products applicable to advancements in automation, autonomous shipping, and maritime-specific cyber risk management issues.
Cyber attacks on critical infrastructure are a growing concern for many organizations across the globe. The Marine Transportation System is no different and has been a target of attacks, with recent network breaches, data thefts, and denial-of-service attacks. Exploited vulnerabilities can vary from the basic, such as the lack of passwords or use of default-only passwords, to configuration issues and software flaws. To achieve the level of protection and resilience needed for critical control system networks, security needs to mature from a piecemeal collection of technologies to effective cyber security governance. This includes the ability to detect abnormal behavior and prevent attacks while providing the organization with meaningful forensics to investigate breaches when they occur.
The International Maritime Organization approved the Interim Guidelines on Maritime Cyber Risk Management to provide high-level recommendations to safeguard shipping from current and emerging cyber-related threats and vulnerabilities.