New Guidelines For Maritime Cyber Security

Cyber attacks on maritime freight may result in severe operational, safety and security failures as a consequence of information or systems being corrupted, lost or compromised.

The latest US guidelines for maritime cyber risk aim to measure the extent a technology asset could be threatened by a phishing mails and malware and all maritime operations should review the cyber security comprehension  of cyber security training shipping that employees receive.

A few months after a ransomware attack at a Maritime Transportation Security Act-regulated facility shut down operations for 30 hours, the US Coast Guard (USCG) has issued  new guidelines for confronting cyber risks at MTSA-regulated facilities.
“Cybersecurity, safety, and risk management are of utmost importance as computer systems and technology play an increasing role in systems and equipment throughout the maritime environment.” The USCG said it “worked closely with industry and other government agencies to provide guidance on complying with cybersecurity requirements”. 

The guidance intended to assist regulated facility owners and operators in updating compliance with the existing MTSA regulations and is intended to assist owners and operators in identifying computer systems and networks vulnerabilities which could cause or contribute to a breach of security and  the identification of Suspicious Activity. 

The statement noted that “it is up to each facility to determine how to identify, assess, and address the vulnerabilities of their computer systems and networks.”“Facility owners and operators do not have to identify specific technology or a business model, but should provide documentation on how they are addressing their facility-specific cybersecurity vulnerabilities.”

The USCG said in a Marine Safety Information Bulletin issued in December that Ryuk ransomware, which was the subject of a 2019 advisory from the British National Cyber Security Centre (NCSC) may have entered the system of the unnamed facility through an email phishing campaign. The NCSC said in its original alert that Ryuk was first seen in August 2018 and was “responsible for multiple attacks globally” as a “persistent infection.”

Measures should include up-to-date antivirus software, real-time intrusion detection, monitored host and server logging, network segmentation to prevent IT systems from accessing operational technology, file and software backups, and up-to-date IT network diagrams. 

The bulletin warns that people in the maritime sector must take caution opening emails from unfamiliar senders and they should be trained to understand, adapt and work cyber securely. 

Doing what you can to secure your networks and taking the time to integrate cyber-security into your risk management and crisis communications procedure, are strategic things you can do to ensure you can respond effectively to maritime cyber-security threats and in doing so, protect your reputation as a secure service provider.

Most, importantly training employees on how to recognise cyber-attacks and implementing policies on computer hard-ware usage, particularly the use of USB memory sticks, are important steps that a company must consider.

MTINetwork:     Cyberscoop:     IMO:     Homeland SecurityToday

You Might Also Read: 


Maritime Shipping Is Badly Exposed:

 

 

 

« Rapid Deployment Of 5G Is A Headache
Hackers Are Exploiting Remote Workers »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Gatewatcher

Gatewatcher

Gatewatcher is a digital breach detection platform targeting crafted attacks and protecting organizations against advanced cyber threats.

CyberScout

CyberScout

Cyberscout delivers the latest cybersecurity education, protection and resolutions services. We also provide swift incident response services around the world.

PhishLabs

PhishLabs

PhishLabs provides 24/7 services that help organizations protect against the cyberattacks targeting their employees, their customers and their brands.

Computer & Communications Industry Association (CCIA)

Computer & Communications Industry Association (CCIA)

CCIA supports efforts to facilitate and streamline information sharing on cyber threats between the private sector and the Federal Government.

Rippleshot

Rippleshot

Rippleshot is a fraud analytics firm that detects mass card compromises faster, allowing issuers to execute more proactive fraud detection strategies.

Deceptive Bytes

Deceptive Bytes

Deceptive Bytes provides an Active Endpoint Deception platform that dynamically responds to attacks as they evolve and changes their outcome.

Jobsora

Jobsora

Jobsora is an innovative job search platform in the UK and more than 35 other countries around the world. Sectors covered include IT and cybersecurity.

National Cybersecurity Competence Centre (NC3)

National Cybersecurity Competence Centre (NC3)

NC3 has been established in response to growing demands for practically applicable products and solutions for ensuring cybersecurity of critical and non-critical information infrastructures.

Cloudsine

Cloudsine

Cloudsine (formerly Banff Cyber Technologies) is a cloud technology company specializing in cloud adoption, security and innovation.

GateKeeper Enterprise

GateKeeper Enterprise

The GateKeeper Enterprise software is an identity access management solution. Automated proximity-based authentication into computers and websites. Passwordless login and auto-lock PCs.

Real Protect

Real Protect

Real Protect is a Brazilian provider of managed security (MSS) and cyber defense services.

Alethea

Alethea

Alethea is a technology company helping companies, nonprofits, and democracies protect themselves from harms stemming from disinformation and social media manipulation.

NexGen Cyber

NexGen Cyber

NexGen Cyber helps customers in commercial SMB markets with IT security, security integration, service management, outsourced service transition, and transformative security solutions.

SecureTeam

SecureTeam

SecureTeam are a UK-based information security practice, specialising in all areas of cybersecurity.

appNovi

appNovi

appNovi inventories everything to map the attack surface, identify missing security agents, and prioritize vulnerabilities based on exposure.

Panasonic Automotive Systems

Panasonic Automotive Systems

Panasonic Automotive Systems brings together security technologies and human resources cultivated across an extensive range of businesses into the automotive field.