New Guidelines For Maritime Cyber Security

Cyber attacks on maritime freight may result in severe operational, safety and security failures as a consequence of information or systems being corrupted, lost or compromised.

The latest US guidelines for maritime cyber risk aim to measure the extent a technology asset could be threatened by a phishing mails and malware and all maritime operations should review the cyber security comprehension  of cyber security training shipping that employees receive.

A few months after a ransomware attack at a Maritime Transportation Security Act-regulated facility shut down operations for 30 hours, the US Coast Guard (USCG) has issued  new guidelines for confronting cyber risks at MTSA-regulated facilities.
“Cybersecurity, safety, and risk management are of utmost importance as computer systems and technology play an increasing role in systems and equipment throughout the maritime environment.” The USCG said it “worked closely with industry and other government agencies to provide guidance on complying with cybersecurity requirements”. 

The guidance intended to assist regulated facility owners and operators in updating compliance with the existing MTSA regulations and is intended to assist owners and operators in identifying computer systems and networks vulnerabilities which could cause or contribute to a breach of security and  the identification of Suspicious Activity. 

The statement noted that “it is up to each facility to determine how to identify, assess, and address the vulnerabilities of their computer systems and networks.”“Facility owners and operators do not have to identify specific technology or a business model, but should provide documentation on how they are addressing their facility-specific cybersecurity vulnerabilities.”

The USCG said in a Marine Safety Information Bulletin issued in December that Ryuk ransomware, which was the subject of a 2019 advisory from the British National Cyber Security Centre (NCSC) may have entered the system of the unnamed facility through an email phishing campaign. The NCSC said in its original alert that Ryuk was first seen in August 2018 and was “responsible for multiple attacks globally” as a “persistent infection.”

Measures should include up-to-date antivirus software, real-time intrusion detection, monitored host and server logging, network segmentation to prevent IT systems from accessing operational technology, file and software backups, and up-to-date IT network diagrams. 

The bulletin warns that people in the maritime sector must take caution opening emails from unfamiliar senders and they should be trained to understand, adapt and work cyber securely. 

Doing what you can to secure your networks and taking the time to integrate cyber-security into your risk management and crisis communications procedure, are strategic things you can do to ensure you can respond effectively to maritime cyber-security threats and in doing so, protect your reputation as a secure service provider.

Most, importantly training employees on how to recognise cyber-attacks and implementing policies on computer hard-ware usage, particularly the use of USB memory sticks, are important steps that a company must consider.

MTINetwork:     Cyberscoop:     IMO:     Homeland SecurityToday

You Might Also Read: 


Maritime Shipping Is Badly Exposed:

 

 

 

« Rapid Deployment Of 5G Is A Headache
Hackers Are Exploiting Remote Workers »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Steptoe & Johnson

Steptoe & Johnson

Steptoe is an international law firm with offices in the USA, Europe and China. Practice areas include Cybersecurity, Privacy & National Security.

Wallarm

Wallarm

Wallarm is the only unified, best-in-class API Security and WAAP (Web App and API Protection) platform to protect your entire API and web application portfolio.

Online Business Systems

Online Business Systems

Online Business Systems is an information technology and business consultancy. We design improved business processes enabled with robust and secure information systems.

Cybercrime Support Network (CSN)

Cybercrime Support Network (CSN)

CSN is a public-private, nonprofit collaboration created to meet the challenges facing millions of individuals and businesses affected each and every day by cybercrime.

CMMI Institute

CMMI Institute

CMMI Institute enables organizations to elevate and benchmark performance across a range of critical business capabilities, including product development, data management and cybersecurity.

CybeReady

CybeReady

CybeReady’s Autonomous Platform offers continuous adaptive training to all employees and guarantees significant reduction in organizational risk of phishing attacks.

ALTR

ALTR

ALTR provide software-embedded solutions for data security and privacy.

Cyber Threat Defense (CT Defense)

Cyber Threat Defense (CT Defense)

CT Defense specialize in penetration testing and security assessments.

cleverDome

cleverDome

cleverDome has created the first community built and proven model that redefines the standards for protecting the most confidential data and information of consumers in the cloud.

Sontiq

Sontiq

Sontiq is committed to providing best-in-class, highly scalable, award-winning identity security solutions to consumers, businesses and government agencies.

Tide Foundation

Tide Foundation

Tide's breakthrough multi-party-cryptography enables TRUE-zero-trust technology that unlocks cyber-herd immunity.

11:11 Systems

11:11 Systems

11:11 Systems synchronizes every aspect of network services for your business. Build your network with the industry’s most trusted expert skills.

Legit Security

Legit Security

Legit Security's mission is to secure every organization's software factory by protecting the pipelines, infrastructure, code and people for faster and more secure software releases.

DynTek

DynTek

DynTek delivers exceptional, cost-effective professional IT consulting services, end-to-end IT solutions and managed IT services.

SalvageData Recovery Services

SalvageData Recovery Services

Since 2003, SalvageData has been providing high-quality data recovery with the certifications needed to work with any storage media manufacturer.

JustunSecure

JustunSecure

JustunSecure is dedicated to promoting information technology and cybersecurity in Africa.