The Coast Guard has released a new guide to help marine transportation system stakeholders establish baseline cybersecurity assessments and develop cybersecurity plans and responses to meet the challenges posed by evolving threats. bottom.
of Maritime Cybersecurity Assessment and Annex Guide The USCG will assist facilities regulated under the Maritime Transportation Security Act (MTSA) to meet MTSA-required Facility Security Assessments (FSAs) and Facility Security Plans (FSPs), the USCG said.
As the FSA and FSP requirements went into effect last year, “stakeholder feedback reflected a desire for continued development of guidance and support from the Coast Guard,” the USCG said. “MCAAG will provide additional resources to strengthen and expand current efforts as MTSA regulated facilities continuously assess cyber risks and vulnerabilities.”
Developed in collaboration with the shipping industry, the guide “could also be a resource for the Area Maritime Security Committee in assessing cybersecurity risks for the entire port area and developing a cyber annex to the Area Maritime Security Plan.” It is also useful to other MTS stakeholders who are interested in conducting baseline cybersecurity risk assessments, developing plans, and continuously improving existing plans.”
Cyberattacks on port environments compromise physical facility access control systems, exfiltrate sensitive supply chain data, and manipulate terminal and gate operating systems to facilitate smuggling and cargo theft. , compromise terminal headquarters to bring port operations to a halt, or compromise operational technology systems. Using cranes in a manner that leads to loss of life or property, tampering with PNTs to prevent a vessel from safely navigating a port, or compromising onboard systems affecting safety or cargo .
US Coast Guard Cyber Command report A report released in August on cybersecurity trends in the marine environment found that 2021 will see an “exponential increase” in the importance of cyber hygiene, detection, and response. This is due to a 68% increase in reported maritime cyber incidents and the USCG’s efforts to ensure that maritime facilities comply with cyber regulations. .
Marine environmental incidents reported to the Coast Guard in 2021 include: Guam, Columbia River, Los Angeles/Long Beach, Corpus Christi, Houston/Galveston, Mobile, Charleston, Maryland/NCR, New York and New England sectors. included phishing. MSU Port Arthur. Ransomware was reported in the Columbia River, Los Angeles/Long Beach, New Orleans, Virginia, Delaware Bay, Maryland/NCR, Long Island Sound, and New England sectors. Sector Puget Sound reported an incident related to authorized access, and Columbia River reported a suspected snitch device. Sector Delaware Bay reported AIS spoofing.
The three most popular ransomware-as-a-service variants targeting maritime transportation systems in 2021 are Maze, Sodinokibi, and Ryuk.
The goal stated in the new guidance is to provide facility security officers (FSOs) with a cyber annex that “provides assurance,” is “achievable in the smallest facility,” and “scalable to the largest and most complex facilities.” It’s about providing a spontaneous framework for creating. The facility’s cybersecurity protection and mitigation efforts are adequate and adequate with respect to the physical security and safety of the facility. “
“To achieve this goal, we need to address three challenges,” said the guide. “What can be done to foster effective collaboration between FSOs (who may be less experienced in cybersecurity) and the information technology (IT) and cybersecurity subject matter experts who support them? How should cybersecurity vulnerabilities and protections be defined? The physical vulnerabilities identified in the Facility Security Assessment (FSA) and the cybersecurity vulnerabilities and protections listed in the Cyber Annex What is the relationship between
This guide centers around three key recommendations for addressing these challenges. The first is to identify a Cyber Security Officer (CySO) within your organization. Create a cyber annex.
“The CySO may be a single person or a group of people in the facility’s information technology or cybersecurity organization,” the guide adds. There is nothing to stop you from doing so, provided you have adequate cybersecurity training and knowledge.”
The second is to “define cybersecurity vulnerabilities and protections based on the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF).”
“The concepts of ‘cybersecurity vulnerability’ and ‘cybersecurity protection’ are flexible and can be applied at the level of cybersecurity programs and policies, the level of system design and configuration, and the level of individual exploitable software flaws. You can understand everything from operating system or application patches,” says the guide. “The Cyber Annex recommends addressing vulnerabilities and protections primarily at the program and policy level. Specific vulnerabilities and protections require the more specific language used in the Cyber Annex. However, the NIST CSF subcategories provide standardized vocabularies that are easily aligned with a facility’s cybersecurity programs and policies.”
A final recommendation is for maritime entities to “map physical security vulnerabilities to relevant cybersecurity vulnerabilities, and then map identified cybersecurity vulnerabilities to cybersecurity protections.” .
“Two things are true at the same time. On the one hand, the Cyber Annex is not intended to address all possible cybersecurity vulnerabilities within a facility. Cybersecurity vulnerabilities related to physical vulnerabilities identified by the FSA must be addressed in accordance with the guidelines,” said the guide. On the other hand, a typical way for a cyber attacker to subvert systems that directly impact physical security and safety is to first gain access to her IT systems at a facility and then move across the network to reach her desired target. is to access. Therefore, reliable protection against relevant cybersecurity vulnerabilities can only be achieved if the facility’s network meets or exceeds a minimum level of cyber hygiene. “
“To achieve the correct coverage of cybersecurity vulnerabilities addressed in the Cyber Annex, CySO ensures that all cybersecurity vulnerabilities necessary to address physical vulnerabilities are identified and addressed. The FSO will need to determine or establish whether each cybersecurity vulnerability is relevant to the Cyber Annex to the FSA’s physical vulnerabilities.”