New Guidelines For Maritime Cyber Security

Cyber attacks on maritime freight may result in severe operational, safety and security failures as a consequence of information or systems being corrupted, lost or compromised.

The latest US guidelines for maritime cyber risk aim to measure the extent a technology asset could be threatened by a phishing mails and malware and all maritime operations should review the cyber security comprehension  of cyber security training shipping that employees receive.

A few months after a ransomware attack at a Maritime Transportation Security Act-regulated facility shut down operations for 30 hours, the US Coast Guard (USCG) has issued  new guidelines for confronting cyber risks at MTSA-regulated facilities.
“Cybersecurity, safety, and risk management are of utmost importance as computer systems and technology play an increasing role in systems and equipment throughout the maritime environment.” The USCG said it “worked closely with industry and other government agencies to provide guidance on complying with cybersecurity requirements”. 

The guidance intended to assist regulated facility owners and operators in updating compliance with the existing MTSA regulations and is intended to assist owners and operators in identifying computer systems and networks vulnerabilities which could cause or contribute to a breach of security and  the identification of Suspicious Activity. 

The statement noted that “it is up to each facility to determine how to identify, assess, and address the vulnerabilities of their computer systems and networks.”“Facility owners and operators do not have to identify specific technology or a business model, but should provide documentation on how they are addressing their facility-specific cybersecurity vulnerabilities.”

The USCG said in a Marine Safety Information Bulletin issued in December that Ryuk ransomware, which was the subject of a 2019 advisory from the British National Cyber Security Centre (NCSC) may have entered the system of the unnamed facility through an email phishing campaign. The NCSC said in its original alert that Ryuk was first seen in August 2018 and was “responsible for multiple attacks globally” as a “persistent infection.”

Measures should include up-to-date antivirus software, real-time intrusion detection, monitored host and server logging, network segmentation to prevent IT systems from accessing operational technology, file and software backups, and up-to-date IT network diagrams. 

The bulletin warns that people in the maritime sector must take caution opening emails from unfamiliar senders and they should be trained to understand, adapt and work cyber securely. 

Doing what you can to secure your networks and taking the time to integrate cyber-security into your risk management and crisis communications procedure, are strategic things you can do to ensure you can respond effectively to maritime cyber-security threats and in doing so, protect your reputation as a secure service provider.

Most, importantly training employees on how to recognise cyber-attacks and implementing policies on computer hard-ware usage, particularly the use of USB memory sticks, are important steps that a company must consider.

MTINetwork:     Cyberscoop:     IMO:     Homeland SecurityToday

You Might Also Read: 


Maritime Shipping Is Badly Exposed:

 

 

 

« Rapid Deployment Of 5G Is A Headache
Hackers Are Exploiting Remote Workers »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Mellanox Technologies

Mellanox Technologies

Mellanox Technologies is a leading supplier of end-to-end Ethernet and InfiniBand intelligent interconnect solutions and services for servers, storage, and hyper-converged infrastructure.

Cryptosense

Cryptosense

Cryptosense provides the first application security software dedicated to the detection and remediation of crypto vulnerabilities.

Nexis

Nexis

Nexis GmbH is a German IT security company specializing in IAM, access control, and risk management.

Center for Analysis & Investigation of Cyber-Attacks (CAICA)

Center for Analysis & Investigation of Cyber-Attacks (CAICA)

The Center for Analysis & Investigation of Cyber-Attacks is one of the leading Kazakhstan organisations in the field of information and computer security.

PT Netmarks Indonesia

PT Netmarks Indonesia

PT Netmarks Indonesia is an IT solutions provider offering services related to ICT infrastructure, digital transformation and cyber security.

National Initiative for Cybersecurity Education (NICE)

National Initiative for Cybersecurity Education (NICE)

NICE is a partnership between government, academia, and the private sector focused on cybersecurity education, training, and workforce development.

Symantec

Symantec

Symantec delivers data-centric hybrid security for the largest, most complex organizations in the world – on devices, in private data centers, and in the cloud.

White Bullet

White Bullet

White Bullet’s risk profiling AI detects, dynamically scores and flags unsafe domains, apps and advertising.

Authomize

Authomize

Authomize aggregates identities and authorization mechanisms from any applications around your hybrid environment into one unified platform so you can easily and rapidly manage and secure all users.

Billington CyberSecurity

Billington CyberSecurity

Billington CyberSecurity is a leading, independent education company with an exclusive focus on cybersecurity.

Tactical Network Systems (TNS)

Tactical Network Systems (TNS)

Tactical Network Solutions helps you discover hidden attack vectors in IoT and connected devices before someone else does.

Aware

Aware

Aware is the only comprehensive AI solution for governance, risk, compliance and insights for leading collaboration platforms.

Trusted Technologies and Solutions (TTS)

Trusted Technologies and Solutions (TTS)

TTS is a security consulting company specialised on business continuity and crisis management, information security management, information risk management and identity and access management.

Flexxon

Flexxon

Flexxon is the industry leader to develop NAND flash storage devices. Our key focus is to innovate memory devices ensuring data security and reliability.

Harbottle & Lewis

Harbottle & Lewis

Harbottle & Lewis is a leading UK-based law firm focused on the Private Client and Technology, Media and Entertainment sectors.

Eviden

Eviden

Eviden is an Atos business that brings together its digital, big data and security business lines. It will be a global leader in data-driven, trusted and sustainable digital transformation.