New Guidelines For Maritime Cyber Security

Uploaded on 2020-03-28 in FREE TO VIEW, BUSINESS-Services-Transport & Travel, BUSINESS-Services-Law

Cyber attacks on maritime freight may result in severe operational, safety and security failures as a consequence of information or systems being corrupted, lost or compromised.

The latest US guidelines for maritime cyber risk aim to measure the extent a technology asset could be threatened by a phishing mails and malware and all maritime operations should review the cyber security comprehension  of cyber security training shipping that employees receive.

A few months after a ransomware attack at a Maritime Transportation Security Act-regulated facility shut down operations for 30 hours, the US Coast Guard (USCG) has issued  new guidelines for confronting cyber risks at MTSA-regulated facilities.
“Cybersecurity, safety, and risk management are of utmost importance as computer systems and technology play an increasing role in systems and equipment throughout the maritime environment.” The USCG said it “worked closely with industry and other government agencies to provide guidance on complying with cybersecurity requirements”. 

The guidance intended to assist regulated facility owners and operators in updating compliance with the existing MTSA regulations and is intended to assist owners and operators in identifying computer systems and networks vulnerabilities which could cause or contribute to a breach of security and  the identification of Suspicious Activity. 

The statement noted that “it is up to each facility to determine how to identify, assess, and address the vulnerabilities of their computer systems and networks.”“Facility owners and operators do not have to identify specific technology or a business model, but should provide documentation on how they are addressing their facility-specific cybersecurity vulnerabilities.”

The USCG said in a Marine Safety Information Bulletin issued in December that Ryuk ransomware, which was the subject of a 2019 advisory from the British National Cyber Security Centre (NCSC) may have entered the system of the unnamed facility through an email phishing campaign. The NCSC said in its original alert that Ryuk was first seen in August 2018 and was “responsible for multiple attacks globally” as a “persistent infection.”

Measures should include up-to-date antivirus software, real-time intrusion detection, monitored host and server logging, network segmentation to prevent IT systems from accessing operational technology, file and software backups, and up-to-date IT network diagrams. 

The bulletin warns that people in the maritime sector must take caution opening emails from unfamiliar senders and they should be trained to understand, adapt and work cyber securely. 

Doing what you can to secure your networks and taking the time to integrate cyber-security into your risk management and crisis communications procedure, are strategic things you can do to ensure you can respond effectively to maritime cyber-security threats and in doing so, protect your reputation as a secure service provider.

Most, importantly training employees on how to recognise cyber-attacks and implementing policies on computer hard-ware usage, particularly the use of USB memory sticks, are important steps that a company must consider.

MTINetwork:     Cyberscoop:     IMO:     Homeland SecurityToday

You Might Also Read: 


Maritime Shipping Is Badly Exposed:

 

 

 

« Rapid Deployment Of 5G Is A Headache
Hackers Are Exploiting Remote Workers »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

FireEye

FireEye

FireEye delivers unmatched detection, protection and response technology through an extensible and flexible cloud-based XDR platform.

NAVEX Global

NAVEX Global

NAVEX Global’s compliance management system consolidates your entire GRC program onto a scalable cloud-based platform.

Grupo CFI

Grupo CFI

Grupo CFI is the largest Spanish network of data protection and cybersecurity professionals.

Cynterra

Cynterra

Cynterra is a next generation cloud cyber security and data analytical service provider offering cloud security compliance, data protection, visibility and threat protection services.

Advisera 27001Academy

Advisera 27001Academy

Advisera is a market leader in providing documentation and online support for the implementation of business standards including ISO 27001, ISO 22301 and EU GDPR.

Cyber Struggle

Cyber Struggle

At Cyber Struggle, our aim is training and certifying the special forces of the cyber world.

Cybersecure Policy Exchange (CPX)

Cybersecure Policy Exchange (CPX)

Cybersecure Policy Exchange is a new initiative dedicated to advancing effective and innovative public policy in cybersecurity and digital privacy.

Cypherix

Cypherix

Cypherix is tightly focused on cryptography and data security. We leverage our expertise to deliver state-of-the-art, world-class encryption software packages.

InterGuard

InterGuard

As the pioneer for Unified Insider Threat Prevention and productivity monitoring tools, InterGuard offers on premise and SaaS-based services that are easily available and affordable.

Thoma Bravo

Thoma Bravo

Thoma Bravo is a leading private equity firm with a 40+ year history and a focus on investing in software and technology companies.

Infopercept Consulting

Infopercept Consulting

Infopercept is a leading cybersecurity company in India, providing a critical layer of security to protect business information, infrastructure & assets across the organization.

Saepio Solutions

Saepio Solutions

Saepio promote an all-encompassing approach to cybersecurity, ensuring the appropriate balance of budget and resource across Policy, Product and People.

ENSCO

ENSCO

The ENSCO group of companies provides engineering, science and advanced technology solutions that guarantee mission success, safety and security to governments and private industries worldwide.

Digital Edge

Digital Edge

Digital Edge provides unparalleled Managed Cloud Solutions, as well as superior Information Technology Support Services.

ThrottleNet

ThrottleNet

ThrottleNet provides world-class managed IT services and cybersecurity to organizations in St. Louis and throughout Missouri.

Eventus Security

Eventus Security

Eventus, are a team of highly skilled professionals who are committed to deliver excellence in next generation cyber security services and customized solutions for your enterprise.