The Coast Guard has published Marine Safety Information Bulletin 02-22 “Cybersecurity Awareness and Action.”
The Coast Guard continues to monitor world events and their potential impact on the Marine Transportation System (MTS). The Coast Guard remains engaged with its interagency partners and industry stakeholders to share information and coordinate the federal government’s preparedness and response efforts to minimize disruptions to the MTS, including disruptions due to cyberthreats.
The Cybersecurity and Infrastructure Security Agency's (CISA) “Shields Up” website remains the primary location for information and recommendations for adapting a heightened cybersecurity posture. The Coast Guard encourages all MTS stakeholders to visit the site regularly for updates and reminders. MTS stakeholders can also receive CISA’s subscription service for timely updates/bulletins. The Coast Guard continues to monitor guidance and products from CISA and partner agencies and will distribute these materials to stakeholders, along with maritime-specific context, as appropriate.
Per CISA’s “Shields Up” guidance, “Every organization should have documented thresholds for reporting potential cyber incidents to senior management and to the U.S. government. In this heightened threat environment, these thresholds should be significantly lower than normal.” The Coast Guard fully supports this guidance and, with our partner agencies, is ready to respond to these reports. Considering the heightened risk, stakeholders should closely monitor their computer systems, telecommunications systems, and networks for suspicious activity and breaches of security and, when in doubt, report to the National Response Center (NRC).
Maritime Transportation Security Act (MTSA) regulated vessels and facilities are required, and other MTS stakeholders are encouraged, to report breaches of security or suspicious activity to the NRC at 1-800-424-8802. The CG-5P Policy Letter 08-16, Reporting Suspicious Activity and Breaches of Security provides additional guidance on the reporting of cyberincidents.
The Coast Guard continues to review policies, procedures, and guidance to address the evolving nature of cyber risk management. The Coast Guard published Navigation and Vessel Inspection Circular (NVIC) 01-20: Guidelines for Addressing Cyber Risks at Maritime Transportation Security Act (MTSA) Regulated Facilities, as well as a Vessel Cyber Risk Management Work Instruction, to assist stakeholders in incorporating cybersecurity into facility and vessel security assessments and plans. Additionally, U.S. ports and Area Maritime Security Committees (AMSC) serve as a key resource for local, state, federal and private entities to engage on information sharing, best practices, and port safety and security.
While breaches of security and suspicious activity are required to be reported to the NRC, the Coast Guard’s Cyber Command is available to provide technical support to help MTS stakeholders prepare for or respond to a cyber-incident. Their 24×7 watch can be reached at: 202-372-2904 or [email protected].