October 26, 2021

Cyber hygiene: The first line of defense

Guest Author

Coast Guard Office of Commercial Vessel Compliance
A team from the U.S. Coast Guard Academy participated in the National Security Agency’s 20th annual National Cyber Exercise (NCX) April 8-10, 2021, a three-day cyber competition that tests the offensive and defensive cybersecurity skills virtually. (U.S. Coast Guard photo by Petty Officer 2nd Class Hunter Medley)

This article is the third in a series that the Coast Guard will be publishing in recognition of Cybersecurity Awareness Month. Now in its 18th year, Cybersecurity Awareness Month emphasizes the importance of cybersecurity and cyber risk management across all critical infrastructure, especially the Marine Transportation System (MTS).

Cybersecurity incidents are becoming an increasingly frequent occurrence and can have significant impacts, as evidenced by the recent Solar Winds incident and the attack on Colonial Pipeline.

The maritime community is not immune from cybersecurity incidents with several events resulting in reduced operations and financial losses for maritime businesses. Cyber hygiene is the first line of defense in a cyber risk management plan and involves the processes one uses to protect access to an information network.  

The first step for good cyber hygiene is password management. This includes:

  • changing a password frequently
  • ensuring that the password is complex
  • and limiting users who have administrative level access

Recent Coast Guard inspections revealed cybersecurity risks from poor cyber hygiene. Examples include:

  • passwords semi-permanently attached to the equipment they are used on
  • printed emails noting that a password has changed lying in plain view
  • and sharing user accounts to display electronic vessel certificates or reference Safety Management System documents

The maritime transportation industry must proactively take steps to harden company and vessel cybersecurity. The IMO published MSC Resolution 428(98), Maritime Cyber Risk Management in Safety Management Systems requiring cyber risks be addressed in the vessel’s Safety Management System at the first annual verification of a company’s document of compliance after Jan. 1, 2021. Coast Guard marine inspectors and Port State Control officers will verify this during regularly scheduled inspections to ensure compliance with this requirement. The marine inspector and Port State Control officer Vessel Cyber Risk Management Work Instruction is available on the Office of Commercial Vessel Compliance website.

Office of Commercial Vessel Compliance

Port State Control Division

U.S. Coast Guard

Washington, D.C.

Guest Author

A collection of stories from guest authors.

Related

Read Next

U.S. Secretary of the Interior Deb Haaland announced new rules and a five-year planning framework that could bring 12 new offshore wind lease sales by 2028. Oceantic Network photo.
April 24, 2024

New BOEM five-year plan could offer 12 offshore wind leases

The Joanne Marie listing at the shipyard on the morning of June 25, 2023. Coast Guard photo.
April 24, 2024

NTSB: Obstructed valve led to towing vessel flooding, partial sinking

GLDD's Cape Hatteras, a Damen 3013 Multi Cats built by Conrad Shipyard, Morgan City, La., was delivered in 2023. Great Lakes Dredge & Dock photo
April 24, 2024

Conrad Industries announces 2023 results and backlog

Diversified Communications
© 2024 Diversified Communications. All rights reserved.