The Coast Guard recently received a report from a Maritime Transportation Security Act (MTSA) regulated facility in Texas regarding an attack on an internet public facing server.
Fortunately, the facility had a cyberincident response plan. The facility's familiarity with and use of the plan by its cyberincident response team allowed for quick containment and mitigation of the threat to prevent any impacts to the facility’s operations, the Coast Guard said.
The cyber landscape in the Marine Transportation System (MTS) is continually changing, with increased potential for cybersecurity events. Computer systems and technology are becoming integral parts of equipment and operations. While increased reliance and application advances efficiency and capability of operations in the MTS, they also create new threat vectors and vulnerabilities. Cyber-attackers have demonstrated the ability to exploit vulnerabilities to conduct malevolent activity against maritime critical infrastructure. These attacks, similar to physical breaches of security, have the potential to create disastrous transportation security incidents.
One method of attack is through the manipulation of operational technology (OT) assets or IT assets relied upon for critical port operations. Many times, the gateway to compromise OT is by first gaining access to IT assets. No matter the entry point, facilities must pursue software accountability and vulnerability management to include minimizing public facing services and enforcing security controls such as multifactor authentication (MFA).
Additionally, the Cybersecurity and Infrastructure Security Agency (CISA) has released an alert entitled, NSA and CISA Recommend Immediate Actions to Reduce Exposure Across Operational Technologies and Control Systems | CISA, which is directly relevant to the MTS. The maritime sector heavily utilizes the technologies discussed in this alert and the recommendations in it can help reduce cyber risk. All potential threats to the cybersecurity of a facility need to be taken seriously and all security breaches or suspicious activities resulting from cyberincidents should be reported to the National Response Center at 1-800- 424-8802, the Coast Guard said.
Further information regarding reporting thresholds and reporting information can be found in CG-5P Policy Letter No. 08-16. Additional technical support can also be provided by the Coast Guard Cyber Command’s (CGCYBER) 24x7 watch at 202-372-2904 or by email at [email protected].
Commitment to reporting cyberincidents in a timely manner and maximizing use of CGCYBER’s trained and certified cybersecurity professionals will help the Coast Guard ensure the safety of the overall maritime infrastructure. Please reference the U.S. Coast Guard’s Marine Safety Information Bulletin, Urgent Needs to Protect Operational Technologies and Control Systems, for more information on cybersecurity. For specific questions or comments for USCG Sector Houston-Galveston, contact the Coast Guard's Facilities Branch at 281-464-4767.