New Guidelines For Maritime Cyber Security

Cyber attacks on maritime freight may result in severe operational, safety and security failures as a consequence of information or systems being corrupted, lost or compromised.

The latest US guidelines for maritime cyber risk aim to measure the extent a technology asset could be threatened by a phishing mails and malware and all maritime operations should review the cyber security comprehension  of cyber security training shipping that employees receive.

A few months after a ransomware attack at a Maritime Transportation Security Act-regulated facility shut down operations for 30 hours, the US Coast Guard (USCG) has issued  new guidelines for confronting cyber risks at MTSA-regulated facilities.
“Cybersecurity, safety, and risk management are of utmost importance as computer systems and technology play an increasing role in systems and equipment throughout the maritime environment.” The USCG said it “worked closely with industry and other government agencies to provide guidance on complying with cybersecurity requirements”. 

The guidance intended to assist regulated facility owners and operators in updating compliance with the existing MTSA regulations and is intended to assist owners and operators in identifying computer systems and networks vulnerabilities which could cause or contribute to a breach of security and  the identification of Suspicious Activity. 

The statement noted that “it is up to each facility to determine how to identify, assess, and address the vulnerabilities of their computer systems and networks.”“Facility owners and operators do not have to identify specific technology or a business model, but should provide documentation on how they are addressing their facility-specific cybersecurity vulnerabilities.”

The USCG said in a Marine Safety Information Bulletin issued in December that Ryuk ransomware, which was the subject of a 2019 advisory from the British National Cyber Security Centre (NCSC) may have entered the system of the unnamed facility through an email phishing campaign. The NCSC said in its original alert that Ryuk was first seen in August 2018 and was “responsible for multiple attacks globally” as a “persistent infection.”

Measures should include up-to-date antivirus software, real-time intrusion detection, monitored host and server logging, network segmentation to prevent IT systems from accessing operational technology, file and software backups, and up-to-date IT network diagrams. 

The bulletin warns that people in the maritime sector must take caution opening emails from unfamiliar senders and they should be trained to understand, adapt and work cyber securely. 

Doing what you can to secure your networks and taking the time to integrate cyber-security into your risk management and crisis communications procedure, are strategic things you can do to ensure you can respond effectively to maritime cyber-security threats and in doing so, protect your reputation as a secure service provider.

Most, importantly training employees on how to recognise cyber-attacks and implementing policies on computer hard-ware usage, particularly the use of USB memory sticks, are important steps that a company must consider.

MTINetwork:     Cyberscoop:     IMO:     Homeland SecurityToday

You Might Also Read: 


Maritime Shipping Is Badly Exposed:

 

 

 

« Rapid Deployment Of 5G Is A Headache
Hackers Are Exploiting Remote Workers »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of completely automatic, fully encrypted online, cloud backup.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

SnoopWall

SnoopWall

SnoopWall is a revolutionary spyware blocking technology that defends against cyber spying, snooping, and stealing.

Jumpsec

Jumpsec

Jumpsec provides penetration testing, security assessments, social engineering testing, cyber incident response, training and consultancy services.

Allegro Software

Allegro Software

Allegro provide secure software for the Internet of Things.

Adroit Technologies

Adroit Technologies

Adroit Technologies has been developing award winning real-time software for the industrial automation markets for over 25 years.

Global Forum on Cyber Expertise (GFCE)

Global Forum on Cyber Expertise (GFCE)

GFCE is a global platform for countries, international organizations and private companies to exchange best practices and expertise on cyber capacity building.

National Cyber Exchange (NCX)

National Cyber Exchange (NCX)

NCX is a non-profit, member organization dedicated to improving cybersecurity and protecting critical infrastructure.

NRD Cyber Security

NRD Cyber Security

NRD Cyber Security is a cyber security technology consulting, incident response and applied research company.

OnSystem Logic

OnSystem Logic

OnSystem Logic has developed a unique, patent-pending solution to solve the problem of the exploitation of flaws in application software as a technique for cyber attacks.

Cyverse

Cyverse

Cyverse is a cyber-security firm which provides corporations with state-of-the-art cyber-security service-based and technological solutions made in Israel.

Uppsala Security

Uppsala Security

Uppsala Security built the first crowdsourced Threat Intelligence platform known as the Sentinel Protocol, which is powered by blockchain technology.

Snode Technologies

Snode Technologies

Snode's Guardian cybersecurity platform uses AI and machine learning to monitor, detect and proactively respond to all threats on every device within your network.

SilverSky

SilverSky

SilverSky offers a comprehensive suite of products and services that deliver unprecedented simplicity and expertise for compliance and cybersecurity programs.

Data Storage Corp (DSC)

Data Storage Corp (DSC)

Data Storage Corporation is a provider of data recovery and business continuity services that help organizations protect their data, minimize downtime and recover and restore data.

CICRA Consultancies

CICRA Consultancies

Cicra Consultancies is a company that specializes in cyber security. Our major activities are guided by three main principles: Prevent, Investigate, Prosecute.

Fortify 24/7

Fortify 24/7

Fortify 24×7 provides a robust portfolio of managed cybersecurity solutions to help you identify and prevent attacks.

Protectt.ai Labs

Protectt.ai Labs

Protectt.ai Labs is India’s first mobile security start up building awareness & providing solutions for mobile app, device & transaction security.