This article is the third in a series that the Coast Guard will be publishing in recognition of Cybersecurity Awareness Month. Now in its 18th year, Cybersecurity Awareness Month emphasizes the importance of cybersecurity and cyber risk management across all critical infrastructure, especially the Marine Transportation System (MTS).
Cybersecurity incidents are becoming an increasingly frequent occurrence and can have significant impacts, as evidenced by the recent Solar Winds incident and the attack on Colonial Pipeline.
The maritime community is not immune from cybersecurity incidents with several events resulting in reduced operations and financial losses for maritime businesses. Cyber hygiene is the first line of defense in a cyber risk management plan and involves the processes one uses to protect access to an information network.
The first step for good cyber hygiene is password management. This includes:
- changing a password frequently
- ensuring that the password is complex
- and limiting users who have administrative level access
Recent Coast Guard inspections revealed cybersecurity risks from poor cyber hygiene. Examples include:
- passwords semi-permanently attached to the equipment they are used on
- printed emails noting that a password has changed lying in plain view
- and sharing user accounts to display electronic vessel certificates or reference Safety Management System documents
The maritime transportation industry must proactively take steps to harden company and vessel cybersecurity. The IMO published MSC Resolution 428(98), Maritime Cyber Risk Management in Safety Management Systems requiring cyber risks be addressed in the vessel’s Safety Management System at the first annual verification of a company’s document of compliance after Jan. 1, 2021. Coast Guard marine inspectors and Port State Control officers will verify this during regularly scheduled inspections to ensure compliance with this requirement. The marine inspector and Port State Control officer Vessel Cyber Risk Management Work Instruction is available on the Office of Commercial Vessel Compliance website.
Office of Commercial Vessel Compliance
Port State Control Division
U.S. Coast Guard