The Coast Guard Assistant Commandant for Prevention Policy has published MSIB 18-20 “Urgent Need to Protect Operational Technologies and Control Systems” to reiterate the need for vigilance against cyber threats to internet-accessible operational technology.
NVIC 01-20, “Guidelines for Addressing Cyber Risks at MTSA Regulated Facilities”
The Coast Guard has issued guidance to facility owners and operators on complying with the requirements to assess, document, and address computer system and network vulnerabilities.
MSIB: Cyberattack impacts MTSA facility operations
Forensic analysis is currently ongoing but the virus, identified as “Ryuk” ransomware, may have entered the network of the MTSA facility via an email phishing campaign. Read on for more details.
October is National Cybersecurity Awareness Month: “Own IT. Secure IT. Protect IT”
The campaign focuses on personal accountability and positive behavior when it comes to cybersecurity. The Coast Guard’s goal is to provide the maritime community with information, resources, and best practices to help protect their environments.
5/15/2019: Recap of National Alternative Security Program Sponsoring Organization annual workshop
This post provides a recap of the National Alternative Security Program Sponsoring Organizations workshop in Arlington, Virginia, May 2, 2019. Members met to discuss ongoing and emerging issues related to regulatory requirements of the Maritime Transportation Security Act (MTSA) of 2002.
10/24/2018: Coast Guard to present during ASTM International’s automation and cybersecurity workshop
The workshop provides a forum for the exchange of ideas related to the operation of autonomous vessels in the maritime sector, as well as ship automation and cyber risk management in the maritime domain. The objective is to identify potential opportunities for standards and related products applicable to advancements in automation, autonomous shipping, and maritime-specific cyber risk management issues.
10/25/2016: Why cyber defense matters
Cyber attacks on critical infrastructure are a growing concern for many organizations across the globe. The Marine Transportation System is no different and has been a target of attacks, with recent network breaches, data thefts, and denial-of-service attacks. Exploited vulnerabilities can vary from the basic, such as the lack of passwords or use of default-only passwords, to configuration issues and software flaws. To achieve the level of protection and resilience needed for critical control system networks, security needs to mature from a piecemeal collection of technologies to effective cyber security governance. This includes the ability to detect abnormal behavior and prevent attacks while providing the organization with meaningful forensics to investigate breaches when they occur.
6/10/2016: IMO Approves Interim Guidelines on Maritime Cyber Risk Management
The International Maritime Organization approved the Interim Guidelines on Maritime Cyber Risk Management to provide high-level recommendations to safeguard shipping from current and emerging cyber-related threats and vulnerabilities.
4/15/2014: NIST Cybersecurity Framework Shop
The director of Coast Guard inspections and compliance provides a summary of remarks made, and questions asked, at the recent cybersecurity workshop, hosted by the National Institute for Standards and Technology. His remarks focused on work done by the Coast Guard and partner organizations to building security profiles, using the NIST Framework, to secure the bulk liquid transport sector.
